Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojans, Adware, Browser Hijack, "Television Fanatic" "Waj

Started by kepayne228 , Sep 14 2014 10:25 PM

  • This topic is locked This topic is locked

#31
kepayne228
Posted 17 September 2014 - 05:04 PM

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

As far as computer issues, there was a Windows error message that came up a few times that the service processes stopped working. But overall the computer is moving much faster. No pop up. No browswer hijack.


  • 0

Advertisements

#32
LiquidTension
Posted 17 September 2014 - 05:27 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Keisha, 
 
Don't worry, you did fine. Lets check for any remnants of the programmes you removed. 
 
Please reboot your computer, and do the following. 
 
YjhLJro.png SystemLook

  • Please download SystemLook (x32) and save the file to your Desktop.
  • Right-Click SystemLook.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Copy the entire contents of the codebox below and paste into the textfield.
    :filefind
*PCHeathBoost*
*Boost Software*
*Search Protect*
*ShopAtHome*
*ShoppingDeal*
*TelevisionFanatic*
*Mindspark*
*WeatherBug*
*Yahoo*
*04db920b-6fa4-db47-4ffb-55416ab0330d*

:folderfind
*PCHeathBoost*
*Boost Software*
*Search Protect*
*ShopAtHome*
*ShoppingDeal*
*TelevisionFanatic*
*Mindspark*
*WeatherBug*
*Yahoo*
*04db920b-6fa4-db47-4ffb-55416ab0330d*

:regfind
PCHeathBoost
Boost Software
Search Protect
ShopAtHome
ShoppingDeal
TelevisionFanatic
Mindspark
WeatherBug
Yahoo 
04db920b-6fa4-db47-4ffb-55416ab0330d
  • Click the Ji0XpU4.png button to start the scan.
  • Upon completion, a log (SystemLook.txt) will open. Attach the log in your next reply.
  • Click the OCFv7xc.png button. 

  • 0

#33
kepayne228
Posted 17 September 2014 - 06:10 PM

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Here is the log. There is a PC Health Boost icon on the desktop and two Television Fanatic icons

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 16:59 on 17/09/2014 by Pat
Administrator - Elevation successful

========== filefind ==========

Searching for "*PCHeathBoost*"
No files found.

Searching for "*Boost Software*"
No files found.

Searching for "*Search Protect*"
No files found.

Searching for "*ShopAtHome*"
C:\FRST\Quarantine\C\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeAppInstallerdownload[1].exe --a---- 2053664 bytes [15:42 18/10/2013] [15:42 18/10/2013] D3361F8D679F1B98181747D6D1252171
C:\FRST\Quarantine\C\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe --a---- 1334928 bytes [21:57 20/08/2013] [21:57 20/08/2013] F08A8C93C4D2E1C16B0F643D9BB9293D
C:\FRST\Quarantine\C\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelperPS.dll --a---- 50832 bytes [21:57 20/08/2013] [21:57 20/08/2013] 485008A534ED8F2D07271BF647890E67
C:\FRST\Quarantine\C\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe --a---- 179856 bytes [21:57 20/08/2013] [21:57 20/08/2013] 1C6453503866A380B2AF4BC36E18B770
C:\FRST\Quarantine\C\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe --a---- 140944 bytes [21:57 20/08/2013] [21:57 20/08/2013] 2AF4776B132C0ECA65CDCB633B484D96
C:\Users\Pat\AppData\LocalLow\ShopAtHome\Temp\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ShopAtHomeUninstall.exe --a---- 174801 bytes [15:43 18/10/2013] [15:43 18/10/2013] 933B087A7B8C1299E72C7C51D486B452
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\pat@shopathome[2].txt --a---- 623 bytes [22:36 17/09/2014] [22:36 17/09/2014] 9CF1C926AC4D894C5FE3C1E65C9CF51E
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\pat@shopathome[1].txt --a---- 326 bytes [22:37 17/09/2014] [22:37 17/09/2014] 0F29BB296A8D3541E4D4B519B22C0835
C:\Windows\Prefetch\SHOPATHOMEHELPER.EXE-22B1A485.pf --a---- 58334 bytes [16:20 29/01/2014] [22:40 17/09/2014] 1C67969D68D833E38AB7C955589D3029

Searching for "*ShoppingDeal*"
C:\FRST\Quarantine\C\ProgramData\ShoppingDealFactory\ShoppingDealFactory.exe --a---- 381799 bytes [16:30 13/09/2014] [16:30 13/09/2014] 79F9311AC6A5009FEF1A5756A0A529D3

Searching for "*TelevisionFanatic*"
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt --a---- 280 bytes [20:39 14/09/2014] [20:39 14/09/2014] F95540E9DF720C47C9BEAB510607C128
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt --a---- 196 bytes [01:29 07/06/2014] [01:29 07/06/2014] E9997B3E30999B5560BE4C8DE5C5BCEE
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt --a---- 282 bytes [23:42 16/09/2014] [23:42 16/09/2014] E7BDCE57C2F3591EADF629372B13BE78
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt --a---- 282 bytes [16:54 11/06/2014] [16:54 11/06/2014] A672E5771B7ED1C5F559CBF312DE8B8F
C:\Users\Pat\Desktop\TelevisionFanatic.exe --a---- 215696 bytes [02:19 22/02/2013] [02:20 22/02/2013] 328226E05A863B8A0833E6026E762C55
C:\Users\Pat\Desktop\TelevisionFanaticSetup2.5.14.84.^XP^man000^YYA^.exe --a---- 6199696 bytes [16:22 18/03/2014] [16:22 18/03/2014] C43B55B9807023CE4CD74FD68B56C680

Searching for "*Mindspark*"
No files found.

Searching for "*WeatherBug*"
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\weatherbug.js -ra---- 16890 bytes [02:04 27/04/2007] [02:04 27/04/2007] EDE1D8BA503C0961632F22020CC0631F
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\EN\weatherbug.css -ra---- 4872 bytes [22:47 27/04/2007] [22:47 27/04/2007] 0F1912DC2D32A9586E1C04E33E2DEF1D
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\EN\weatherbug.html -ra---- 11842 bytes [18:55 27/04/2007] [18:55 27/04/2007] 975FED5E93B1AF27D953AFA6C4DC0C6C
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\FR\weatherbug.css -ra---- 4870 bytes [22:47 27/04/2007] [22:47 27/04/2007] 434867ED320E70C1C3F3133F38DC5ED2
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\FR\weatherbug.html -ra---- 11842 bytes [18:20 27/04/2007] [18:20 27/04/2007] 975FED5E93B1AF27D953AFA6C4DC0C6C
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\JA\weatherbug.css -ra---- 4872 bytes [22:47 27/04/2007] [22:47 27/04/2007] 0F1912DC2D32A9586E1C04E33E2DEF1D
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\JA\weatherbug.html -ra---- 11842 bytes [19:17 27/04/2007] [19:17 27/04/2007] 975FED5E93B1AF27D953AFA6C4DC0C6C
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\KO\weatherbug.css -ra---- 4872 bytes [22:47 27/04/2007] [22:47 27/04/2007] 0F1912DC2D32A9586E1C04E33E2DEF1D
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\KO\weatherbug.html -ra---- 11842 bytes [19:17 27/04/2007] [19:17 27/04/2007] 975FED5E93B1AF27D953AFA6C4DC0C6C
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\ZH\weatherbug.css -ra---- 4872 bytes [22:47 27/04/2007] [22:47 27/04/2007] 0F1912DC2D32A9586E1C04E33E2DEF1D
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\ZH\weatherbug.html -ra---- 11842 bytes [19:17 27/04/2007] [19:17 27/04/2007] 975FED5E93B1AF27D953AFA6C4DC0C6C
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\ZH-sg\weatherbug.css -ra---- 4872 bytes [22:47 27/04/2007] [22:47 27/04/2007] 0F1912DC2D32A9586E1C04E33E2DEF1D
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\ZH-sg\weatherbug.html -ra---- 11842 bytes [19:18 27/04/2007] [19:18 27/04/2007] 975FED5E93B1AF27D953AFA6C4DC0C6C

Searching for "*Yahoo*"
C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam\Explore Social Search\Yahoo!.lnk.vir --a---- 1082 bytes [20:17 14/09/2014] [20:17 14/09/2014] 22D3EB80D3DB737EA28A0E34D43DA118
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooEventTipManager.js.vir --a---- 20881 bytes [20:41 14/09/2014] [20:41 14/09/2014] 62F1EDE2ACED5BA58E3AFADB965369B5
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooEventTipManager.xpt.vir --a---- 353 bytes [20:41 14/09/2014] [20:41 14/09/2014] A43BEFB889EA8C913657475CCE92AFA6
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooInjectoManager.js.vir --a---- 9938 bytes [20:41 14/09/2014] [20:41 14/09/2014] AC5AD81A36149B9BDF0B0BBA740BDA2F
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooInjectoManager.xpt.vir --a---- 574 bytes [20:41 14/09/2014] [20:41 14/09/2014] DB14CD58DFE82B97BFF7D1EF13688F65
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooUrlProbe.js.vir --a---- 1216 bytes [20:41 14/09/2014] [20:41 14/09/2014] 89A5EE3C358AEBD769C61EFE4CEDC13D
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsIYahooUrlProbe.xpt.vir --a---- 209 bytes [20:41 14/09/2014] [20:41 14/09/2014] 1B282D6FF0DD3C66A996915C961B854F
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahoo404NavAssist.js.vir --a---- 6030 bytes [20:41 14/09/2014] [20:41 14/09/2014] 1DB1811EE6A6EDECB842FA0F9B1A2958
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahoo404NavAssist.xpt.vir --a---- 211 bytes [20:41 14/09/2014] [20:41 14/09/2014] 78E977D6536054F5EB17AD8F8573B565
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooAlertManager.js.vir --a---- 32328 bytes [20:41 14/09/2014] [20:41 14/09/2014] 3582D130973004B2670703F5D9B44952
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooAlertManager.xpt.vir --a---- 584 bytes [20:41 14/09/2014] [20:41 14/09/2014] 8A66E6B24396A6E2E3D4C47704AC1983
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooBookmarkManager.js.vir --a---- 15250 bytes [20:41 14/09/2014] [20:41 14/09/2014] ADD27590DF6A77777DF614C3C930E9B2
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooBookmarkManager.xpt.vir --a---- 584 bytes [20:41 14/09/2014] [20:41 14/09/2014] F3E6D3A3CA5A3B05DF7DC570FFEB9942
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooCache.js.vir --a---- 11410 bytes [20:41 14/09/2014] [20:41 14/09/2014] FD171800DC6B46EEE51BF6B13707931B
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooCache.xpt.vir --a---- 433 bytes [20:41 14/09/2014] [20:41 14/09/2014] EF836BFD6E53C5C88179595ED0ADC143
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooConfigManager.js.vir --a---- 22884 bytes [20:41 14/09/2014] [20:41 14/09/2014] 3051B17DE256D3BFBF48E9EDD29DEC81
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooConfigManager.xpt.vir --a---- 622 bytes [20:41 14/09/2014] [20:41 14/09/2014] 0AAB7909605543746F9DC815B96089FE
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooDomBuilder.js.vir --a---- 52174 bytes [20:41 14/09/2014] [20:41 14/09/2014] D791D1B4BDE80384AC9FEA19A307C9FA
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooDomBuilder.xpt.vir --a---- 1321 bytes [20:41 14/09/2014] [20:41 14/09/2014] B470E4D97F71DB85E7E7063410061878
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedFetcher.js.vir --a---- 14178 bytes [20:41 14/09/2014] [20:41 14/09/2014] F429429DDB2B8BAF4E97917811DA97AB
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedFetcher.xpt.vir --a---- 343 bytes [20:41 14/09/2014] [20:41 14/09/2014] 73EBF8627B0D69746D678C2A30ADC79D
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedNode.js.vir --a---- 2109 bytes [20:41 14/09/2014] [20:41 14/09/2014] 84A1F55810C74E3F72D886F4AF29F5F6
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedNode.xpt.vir --a---- 1260 bytes [20:41 14/09/2014] [20:41 14/09/2014] B318F7EDD287870DEDE5B71327934055
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedProcessor.js.vir --a---- 30470 bytes [20:41 14/09/2014] [20:41 14/09/2014] 3EF38367FE85EAC8837EE4756B21273B
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFeedProcessor.xpt.vir --a---- 671 bytes [20:41 14/09/2014] [20:41 14/09/2014] D536596870062A06EE6045F6C4747F9A
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFileIO.js.vir --a---- 18341 bytes [20:41 14/09/2014] [20:41 14/09/2014] 42DAF514F3B83AF1054C81DC55BAC602
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooFileIO.xpt.vir --a---- 1018 bytes [20:41 14/09/2014] [20:41 14/09/2014] 22AA337474887DDC73D994102788D586
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooLocalButtonProcessor.js.vir --a---- 8468 bytes [20:41 14/09/2014] [20:41 14/09/2014] 3ACEFAF5BE80DA459A2E935811A1301C
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooLocalButtonProcessor.xpt.vir --a---- 721 bytes [20:41 14/09/2014] [20:41 14/09/2014] D5B1249473C22F258D816C6D54026B5C
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooLocalStorage.js.vir --a---- 3362 bytes [20:41 14/09/2014] [20:41 14/09/2014] 952CE4EABD2F48360C4B055CCD268003
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooLocalStorage.xpt.vir --a---- 284 bytes [20:41 14/09/2014] [20:41 14/09/2014] E985DF4F774A6D5593C2FB978DB379F0
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooMailSingleInstance.js.vir --a---- 7784 bytes [20:41 14/09/2014] [20:41 14/09/2014] 6832D23E747A0B21EB9C91AFE7ED8122
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooMailSingleInstance.xpt.vir --a---- 175 bytes [20:41 14/09/2014] [20:41 14/09/2014] 16499AEE9470E08D93779AF7200943A2
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPartnerManager.js.vir --a---- 3415 bytes [20:41 14/09/2014] [20:41 14/09/2014] 4AB94D079A09BE29234E7E5B0DE8E427
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPartnerManager.xpt.vir --a---- 144 bytes [20:41 14/09/2014] [20:41 14/09/2014] E9E42A69A500E49119A0DBD9EE01EE04
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPluginCallBack.js.vir --a---- 6651 bytes [20:41 14/09/2014] [20:41 14/09/2014] 7C11845564A9F87F3E75970C15801F46
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPluginCallBack.xpt.vir --a---- 511 bytes [20:41 14/09/2014] [20:41 14/09/2014] B272D52E892C361BE96D660BF1C5B47D
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPluginManager.js.vir --a---- 25273 bytes [20:41 14/09/2014] [20:41 14/09/2014] C9729DFC3A9E06EEB2BFBA27593801C2
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooPluginManager.xpt.vir --a---- 582 bytes [20:41 14/09/2014] [20:41 14/09/2014] 1A353693CF7CE4D86A1B80AE231F56F5
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooSearchIndexer.js.vir --a---- 36662 bytes [20:41 14/09/2014] [20:41 14/09/2014] EFF624E8A306D3A23C6CBFC9136C4DFF
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooSearchIndexer.xpt.vir --a---- 2145 bytes [20:41 14/09/2014] [20:41 14/09/2014] A35AD6F39AC929F2B0F5523BB55F4DC7
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooTickerManager.js.vir --a---- 5707 bytes [20:41 14/09/2014] [20:41 14/09/2014] F135771A23FD425ED2C72261ECDEAF5D
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooTickerManager.xpt.vir --a---- 330 bytes [20:41 14/09/2014] [20:41 14/09/2014] 38E8024ED1960CE8F82EA876D1D35AD1
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooToolbarManager.js.vir --a---- 18022 bytes [20:41 14/09/2014] [20:41 14/09/2014] A4C57494D29633A4FA64698989EAF9EA
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\nsYahooToolbarManager.xpt.vir --a---- 1331 bytes [20:41 14/09/2014] [20:41 14/09/2014] 6F1F2B9DF0B6A95F9DEE8CC1953582D6
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences\yahoo.js.vir --a---- 568 bytes [20:41 14/09/2014] [20:41 14/09/2014] A2CC824517F1BB02AFF76FAE6A3B99FA
C:\Program Files\ATT-SST\OCB\f1b88320-f350-470e-a425-d58542259267\ConnectivityFlow\Flow\images\iconYahoo.gif --a---- 1336 bytes [00:23 27/10/2011] [14:02 09/09/2011] 1735A322DCC326BB9EA3050B617B2649
C:\Program Files\ATT-SST\OCB\f1b88320-f350-470e-a425-d58542259267\images\iconYahoo.gif --a---- 1336 bytes [00:23 27/10/2011] [14:02 09/09/2011] 1735A322DCC326BB9EA3050B617B2649
C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml --a---- 29701 bytes [20:30 14/09/2014] [00:06 12/09/2014] 35A8A96EC05B501FE6B24A84D4A5585E
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_att.yahoo.com_0.localstorage --a---- 3072 bytes [20:07 20/03/2014] [22:06 28/03/2014] 9085A6FE28B9E42514A7A1082DE59117
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_att.yahoo.com_0.localstorage-journal --a---- 3608 bytes [20:07 20/03/2014] [22:06 28/03/2014] F885DC116676FDFAECB0D8FC09580D07
C:\Users\Pat\AppData\Local\Microsoft\Internet Explorer\DOMStore\9YKCFFIR\ads.yahoo[1].xml --a---- 13 bytes [23:11 17/09/2014] [23:11 17/09/2014] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Pat\AppData\Local\Temp\Cookies\[email protected][1].txt --a---- 537 bytes [23:37 17/09/2014] [23:38 17/09/2014] 083E462F6C6EFAECB266DBC632711D43
C:\Users\Pat\AppData\Local\Temp\Cookies\pat@yahoo[1].txt --a---- 89 bytes [22:53 17/09/2014] [22:53 17/09/2014] 2090B9D01E8BDF808BFFA56989724CA4
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt --a---- 1186 bytes [22:38 17/09/2014] [22:38 17/09/2014] CF90FE259F76AF994DE6602BB36ED859
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt --a---- 343 bytes [08:01 25/08/2014] [08:01 25/08/2014] 0A04AEF43AC48326393757D9D9041B78
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt --a---- 105 bytes [07:58 25/08/2014] [07:58 25/08/2014] CD2EE09D093F387956F68522387990EC
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\pat@yahoo[1].txt --a---- 542 bytes [05:41 06/03/2014] [08:01 25/08/2014] 60A76CCFCAD6343479C8A66AE2245832
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt --a---- 1927 bytes [03:35 15/06/2014] [03:35 15/06/2014] BCAFB02865A4A3C4897DDB6498DEC69F
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt --a---- 1837 bytes [23:57 17/09/2014] [23:57 17/09/2014] D4457AA0A0CD75AAAB16CC5EBBEB67BD
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt --a---- 1275 bytes [20:33 07/08/2014] [20:33 07/08/2014] 05C52BF795F05E4954D3E134EEB5E213
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt --a---- 237 bytes [20:34 10/08/2014] [20:34 10/08/2014] 68B3BD6CC6DE343E70D26F9EC6DE1B04
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt --a---- 151 bytes [01:20 07/06/2014] [01:20 07/06/2014] 8FE66594D8DAFBDD5861528BA56C88DC
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt --a---- 96 bytes [01:19 07/06/2014] [01:19 07/06/2014] 1650B558E9C0F06A49127DFEC08D629C
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt --a---- 450 bytes [01:19 07/06/2014] [01:20 07/06/2014] 3FE8FA009DE15777C5B9EA5FBB45858F
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt --a---- 105 bytes [21:25 22/07/2014] [16:13 13/09/2014] 3EC60D858FA383C285345B438134CC9D
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt --a---- 154 bytes [17:13 10/02/2014] [17:13 10/02/2014] 8D982A667CA737271421EE2BCF17CACA
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt --a---- 465 bytes [20:31 18/05/2014] [20:51 28/05/2014] 5E7797F3D2EC96821DADFEEC2B015935
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\pat@yahoo[1].txt --a---- 659 bytes [01:37 09/08/2014] [01:37 09/08/2014] 8B8C534B5EAFB25EFA17D018168FC022
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\pat@yahoo[2].txt --a---- 90 bytes [01:45 21/04/2014] [03:52 24/04/2014] 020C25833627343550CC77077031B0A4
C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies\Low\pat@yahoo[3].txt --a---- 1167 bytes [00:49 12/06/2014] [00:49 12/06/2014] D53F1B912576BA6BDDCC777A2C9C9319
C:\Users\Pat\Documents\Electronic Arts\The Sims 3\Downloads\[email protected] --a---- 1246 bytes [07:05 09/06/2013] [03:21 11/06/2013] 81AD0D24AE9497939D80977C868EC80F
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt --a---- 102 bytes [01:06 13/04/2014] [01:06 13/04/2014] 61F8C0E8482492ECC1A8C570FAE42C06
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yahoo[1].txt --a---- 91 bytes [00:45 12/04/2014] [00:45 12/04/2014] D7455EC061374E2984235766B57293DD
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yahoo[2].txt --a---- 81 bytes [20:18 14/09/2014] [20:18 14/09/2014] A0A2B4B575B1B49D23C46152528CDA9F

Searching for "*04db920b-6fa4-db47-4ffb-55416ab0330d*"
C:\FRST\Quarantine\C\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe.xBAD --a---- 184876 bytes [21:42 16/09/2014] [21:42 16/09/2014] 8F43247EC11FE237471020BF65BD00AA

========== folderfind ==========

Searching for "*PCHeathBoost*"
No folders found.

Searching for "*Boost Software*"
No folders found.

Searching for "*Search Protect*"
C:\FRST\Quarantine\C\Users\Pat\AppData\Local\Search Protect d------ [02:18 19/06/2014]

Searching for "*ShopAtHome*"
C:\FRST\Quarantine\C\Users\Pat\AppData\Roaming\ShopAtHome d------ [15:42 18/10/2013]
C:\FRST\Quarantine\C\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper d------ [15:43 18/10/2013]
C:\Users\Pat\AppData\LocalLow\ShopAtHome d------ [15:43 18/10/2013]

Searching for "*ShoppingDeal*"
C:\FRST\Quarantine\C\ProgramData\ShoppingDealFactory d------ [16:30 13/09/2014]

Searching for "*TelevisionFanatic*"
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanatic d------ [00:00 17/09/2014]
C:\AdwCleaner\Quarantine\C\Program Files\TelevisionFanaticEI d------ [00:00 17/09/2014]
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Local\TelevisionFanatic d------ [00:00 17/09/2014]
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\LocalLow\TelevisionFanatic d------ [00:00 17/09/2014]
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\LocalLow\TelevisionFanaticEI d------ [00:00 17/09/2014]
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\TelevisionFanatic d------ [00:00 17/09/2014]
C:\AdwCleaner\Quarantine\C\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\[email protected] d------ [00:00 17/09/2014]
C:\Program Files\NpackdDetected\TelevisionFanaticbar_Uninstall_Firefox d------ [02:17 19/06/2014]
C:\Program Files\NpackdDetected\TelevisionFanatic_Internet_Explorer_Toolbar_ d------ [02:17 19/06/2014]

Searching for "*Mindspark*"
No folders found.

Searching for "*WeatherBug*"
C:\hp\HPQWare\WC\content\weatherbug d------ [04:33 29/05/2008]
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget d------ [20:38 24/02/2008]

Searching for "*Yahoo*"
C:\hp\HPQWare\yahoo_customize d------ [20:42 24/02/2008]
C:\Program Files\Yahoo! d------ [20:42 24/02/2008]
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\N65HVMHK\us.mg205.mail.yahoo.com d------ [19:14 30/08/2012]
C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#us.mg205.mail.yahoo.com d------ [19:14 30/08/2012]
C:\Users\Pat\AppData\Roaming\Yahoo! d------ [06:20 06/06/2008]
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Yahoo! Inc d------ [00:46 25/11/2011]

Searching for "*04db920b-6fa4-db47-4ffb-55416ab0330d*"
C:\FRST\Quarantine\C\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d} d------ [22:41 17/09/2014]
C:\FRST\Quarantine\C\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe d------ [21:42 16/09/2014]

========== regfind ==========

Searching for "PCHeathBoost"
No data found.

Searching for "Boost Software"
No data found.

Searching for "Search Protect"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protect]
[HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel.Search_Protect-1]
"DetectionInfo"="control-panel:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Protect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel.Search_Protect-1]
"Path"="c:\users\pat\appdata\local\search protect"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protect]

Searching for "ShopAtHome"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar]
"toolbar_name"="ShopAtHome.com Toolbar"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar]
"DisableInjectUrl"="http://tbws64.shopat...r=%ver&cid=%cid"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar]
"tbcookie"="tb=cid=100948785&owner=dlnopop&refer=92273&source=AFSPRX&subid=302201SMARTCOUPON&dsp=1&bitiid=&finst=true&postinstall=http%3a%2f%2fwww.shopathome.com%2fToolbarPostInstall.aspx%3foldsessionid%3d2426e8a8-ccd6-4f4e-95ff-fd4daf1a6802%26pixelparamId%3d52869531%26bitiid%3d%26finst%3dtrue%26refsrc%3dafsprx%26batid%3d10%26A%3dSuccessPI%26ErrorLevel%3d1%26source%3d92273%26subsource%3d302201SMARTCOUPON%26cid%3d100948785%26owner%3ddlnopop%26ver%3d%25ver%26guid%3d%25guid&httpagent=Mozilla%2f4.0+(compatible%3b+MSIE+8.0%3b+Windows+NT+6.0%3b+Trident%2f4.0%3b+GTB7.5%3b+SLCC1%3b+.NET+CLR+2.0.50727%3b+Media+Center+PC+5.0%3b+.NET+CLR+3.5.30729%3b+.NET+CLR+3.0.30618%3b+.NET4.0C)"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar]
"Toolbar Path"="C:\Users\Pat\AppData\LocalLow\ShopAtHome\Temp\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar]
"SearchScopeURL"="http://isearch.shopa...&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Core\PrefsFile]
"Path"="http://www.shopathom...prefs/prefs.xml"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\AboutBlankPage]
"URL"="http://isearch.shopa...10-DADDE8AC82EE}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\AboutTabsPage]
"URL"="http://isearch.shopa...10-DADDE8AC82EE}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\CUP]
"v"="shopathome.com/frameset"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\CUS]
"v"="*.shopathome*.com,shopathome*.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\DSPSettings]
"url"="http://isearch.shopa...&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\InjectFileForRedirectSlider]
"Path"="https://secure.shopa...&domain=%domain"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\InjectNonSecureFileForRedirectSlider]
"Path"="http://www.shopathom...&domain=%domain"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\RedirectTo]
"URL"="http://www.shopathom...ubsource=%subid"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\set\sk_blank_banner]
"tooltip"="Click here to see all your past text alerts from shopathome.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\set\sk_blank_banner]
"url"="http://www.shopathome.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\set\sk_blank_grocery_coupon]
"url"="http://www.shopathom....com&src=TOOLXX"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopAtHome.com Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ShopAtHomeHelper.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{062D6B05-B83A-46DE-81AD-1750FB7C8DE5}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{067ECE13-6DD2-47C7-8EFE-24DA8BC1D8DA}\InProcServer32]
@="C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelperPS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}\ProgID]
@="ShopAtHomeHelper.CookiesManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}\VersionIndependentProgID]
@="ShopAtHomeHelper.CookiesManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}\ProgID]
@="ShopAtHomeHelper.PostUrlWorker.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}\VersionIndependentProgID]
@="ShopAtHomeHelper.PostUrlWorker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E65CDDB-BB80-4C5D-8B07-5E280CCABC15}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92B0265C-B929-4D42-BA54-75AA39C99198}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9912DD71-1FDF-455B-99D3-D690A1C607D8}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}\ProgID]
@="ShopAtHomeHelper.HttpHandle302.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}\VersionIndependentProgID]
@="ShopAtHomeHelper.HttpHandle302"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}\LocalServer32]
@=""C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopAtHomeHelper.CookiesManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopAtHomeHelper.CookiesManager\CurVer]
@="ShopAtHomeHelper.CookiesManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopAtHomeHelper.CookiesManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopAtHomeHelper.HttpHandle302]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopAtHomeHelper.HttpHandle302\CurVer]
@="ShopAtHomeHelper.HttpHandle302.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopAtHomeHelper.HttpHandle302.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopAtHomeHelper.PostUrlWorker]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopAtHomeHelper.PostUrlWorker\CurVer]
@="ShopAtHomeHelper.PostUrlWorker.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopAtHomeHelper.PostUrlWorker.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar3.ShopAtHome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar3.ShopAtHome]
@="ShopAtHome.com Cash Back Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar3.ShopAtHome\CurVer]
@="Toolbar3.ShopAtHome.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar3.ShopAtHome.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar3.ShopAtHome.1]
@="ShopAtHome.com Cash Back Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}\1.0\0\win32]
@="C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}\1.0\HELPDIR]
@="C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF10C1C0-B598-4adb-B353-42C991C99A2E}]
"AppPath"="C:\Users\Pat\AppData\Roaming\ShopAtHome\ShopAtHomeHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF10C1C0-B598-4adb-B353-42C991C99A2E}]
"AppName"="ShopAtHomeHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHome.com Helper]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHome.com Helper]
"DisplayName"="ShopAtHome.com Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHome.com Helper]
"URLInfoAbout"="http://www.shopathome.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHome.com Helper]
"Publisher"="ShopAtHome.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel.ShopAtHome_com_Toolbar-7.0.3.15]
[HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel.ShopAtHome_com_Toolbar-7.0.3.15]
"DetectionInfo"="control-panel:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHome.com Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel.ShopAtHome_com_Toolbar-7.0.3.15]
"Path"="c:\users\pat\appdata\roaming\shopathome\shopathometoolbar"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome]
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar]
"toolbar_name"="ShopAtHome.com Toolbar"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar]
"DisableInjectUrl"="http://tbws64.shopat...r=%ver&cid=%cid"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar]
"tbcookie"="tb=cid=100948785&owner=dlnopop&refer=92273&source=AFSPRX&subid=302201SMARTCOUPON&dsp=1&bitiid=&finst=true&postinstall=http%3a%2f%2fwww.shopathome.com%2fToolbarPostInstall.aspx%3foldsessionid%3d2426e8a8-ccd6-4f4e-95ff-fd4daf1a6802%26pixelparamId%3d52869531%26bitiid%3d%26finst%3dtrue%26refsrc%3dafsprx%26batid%3d10%26A%3dSuccessPI%26ErrorLevel%3d1%26source%3d92273%26subsource%3d302201SMARTCOUPON%26cid%3d100948785%26owner%3ddlnopop%26ver%3d%25ver%26guid%3d%25guid&httpagent=Mozilla%2f4.0+(compatible%3b+MSIE+8.0%3b+Windows+NT+6.0%3b+Trident%2f4.0%3b+GTB7.5%3b+SLCC1%3b+.NET+CLR+2.0.50727%3b+Media+Center+PC+5.0%3b+.NET+CLR+3.5.30729%3b+.NET+CLR+3.0.30618%3b+.NET4.0C)"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar]
"Toolbar Path"="C:\Users\Pat\AppData\LocalLow\ShopAtHome\Temp\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar]
"SearchScopeURL"="http://isearch.shopa...&q={searchTerms}"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Core\PrefsFile]
"Path"="http://www.shopathom...prefs/prefs.xml"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\AboutBlankPage]
"URL"="http://isearch.shopa...10-DADDE8AC82EE}"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\AboutTabsPage]
"URL"="http://isearch.shopa...10-DADDE8AC82EE}"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\CUP]
"v"="shopathome.com/frameset"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\CUS]
"v"="*.shopathome*.com,shopathome*.com"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\DSPSettings]
"url"="http://isearch.shopa...&q={searchTerms}"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\InjectFileForRedirectSlider]
"Path"="https://secure.shopa...&domain=%domain"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\InjectNonSecureFileForRedirectSlider]
"Path"="http://www.shopathom...&domain=%domain"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\RedirectTo]
"URL"="http://www.shopathom...ubsource=%subid"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\set\sk_blank_banner]
"tooltip"="Click here to see all your past text alerts from shopathome.com"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\set\sk_blank_banner]
"url"="http://www.shopathome.com/"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome\Toolbar\Config\Prefs\set\sk_blank_grocery_coupon]
"url"="http://www.shopathom....com&src=TOOLXX"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopAtHome.com Toolbar]

Searching for "ShoppingDeal"
[HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel._37476589-E48E-439E-A706-56189E2ED4C4__is1-1]
"Path"="c:\programdata\shoppingdealfactory"

Searching for "TelevisionFanatic"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TelevisionFanaticbar Uninstall Internet Explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02515cef-2063-4d64-b87a-d504c99d40dd}\InprocServer32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\64httpct.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07494721-dfcf-41c1-8a03-b3fffb0f8409}\InprocServer32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\64skin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72}\InprocServer32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\64skin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72}\ProgID]
@="TelevisionFanatic.PseudoTransparentPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72}\VersionIndependentProgID]
@="TelevisionFanatic.PseudoTransparentPlugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24}]
@="TelevisionFanatic HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24}\InprocServer32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\64htmlmu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24}\ProgID]
@="TelevisionFanatic.HTMLMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24}\VersionIndependentProgID]
@="TelevisionFanatic.HTMLMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ff49ed5-a3ef-410b-918e-97deceb5996d}\InprocServer32]
@="C:\Program Files\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ff49ed5-a3ef-410b-918e-97deceb5996d}\ProgID]
@="TelevisionFanaticInstaller.Start.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ff49ed5-a3ef-410b-918e-97deceb5996d}\VersionIndependentProgID]
@="TelevisionFanaticInstaller.Start"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{387dface-9e46-415f-8c86-18083b7d6ead}\InprocServer32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\64datact.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2}\InprocServer32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\64mlbtn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2}\ProgID]
@="TelevisionFanatic.MultipleButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2}\VersionIndependentProgID]
@="TelevisionFanatic.MultipleButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef}\InprocServer32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\64script.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef}\ProgID]
@="TelevisionFanatic.ScriptButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef}\VersionIndependentProgID]
@="TelevisionFanatic.ScriptButton"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0}\InprocServer32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\64feedmg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0}\ProgID]
@="TelevisionFanatic.FeedManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0}\VersionIndependentProgID]
@="TelevisionFanatic.FeedManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92}]
@="TelevisionFanatic Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92}\InprocServer32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\64tpinst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92}\ProgID]
@="TelevisionFanatic.ThirdPartyInstaller.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92}\VersionIndependentProgID]
@="TelevisionFanatic.ThirdPartyInstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf}\InprocServer32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\64radio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf}\ProgID]
@="TelevisionFanatic.Radio.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf}\VersionIndependentProgID]
@="TelevisionFanatic.Radio"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8efa027d-55cb-4c9b-9a1d-42f27bd3d017}\InprocServer32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\64bprtct.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8efa027d-55cb-4c9b-9a1d-42f27bd3d017}\ProgID]
@="TelevisionFanatic.ToolbarProtector.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8efa027d-55cb-4c9b-9a1d-42f27bd3d017}\VersionIndependentProgID]
@="TelevisionFanatic.ToolbarProtector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a}\InprocServer32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\64radio.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a}\ProgID]
@="TelevisionFanatic.RadioSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a}\VersionIndependentProgID]
@="TelevisionFanatic.RadioSettings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d09094b3-b426-4f16-a6d9-e211fe222127}\InprocServer32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\64skin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fba7cbb1-fc93-4149-8862-d94451a7d167}\InprocServer32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\64dlghk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.FeedManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.FeedManager\CurVer]
@="TelevisionFanatic.FeedManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.FeedManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.HTMLMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.HTMLMenu]
@="TelevisionFanatic HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.HTMLMenu\CurVer]
@="TelevisionFanatic.HTMLMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.HTMLMenu.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.HTMLMenu.1]
@="TelevisionFanatic HTML Menu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.HTMLPanel]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.HTMLPanel]
@="TelevisionFanatic HTML Panel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.HTMLPanel\CurVer]
@="TelevisionFanatic.HTMLPanel.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.HTMLPanel.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.HTMLPanel.1]
@="TelevisionFanatic HTML Panel"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.MultipleButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.MultipleButton\CurVer]
@="TelevisionFanatic.MultipleButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.MultipleButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.PseudoTransparentPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.PseudoTransparentPlugin\CurVer]
@="TelevisionFanatic.PseudoTransparentPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.PseudoTransparentPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.Radio]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.Radio\CurVer]
@="TelevisionFanatic.Radio.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.Radio.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.RadioSettings]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.RadioSettings\CurVer]
@="TelevisionFanatic.RadioSettings.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.RadioSettings.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ScriptButton]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ScriptButton\CurVer]
@="TelevisionFanatic.ScriptButton.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ScriptButton.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.SettingsPlugin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.SettingsPlugin\CurVer]
@="TelevisionFanatic.SettingsPlugin.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.SettingsPlugin.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ThirdPartyInstaller]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ThirdPartyInstaller]
@="TelevisionFanatic Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ThirdPartyInstaller\CurVer]
@="TelevisionFanatic.ThirdPartyInstaller.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ThirdPartyInstaller.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ThirdPartyInstaller.1]
@="TelevisionFanatic Third Party Installer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ToolbarProtector]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ToolbarProtector\CurVer]
@="TelevisionFanatic.ToolbarProtector.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ToolbarProtector.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanaticInstaller.Start]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanaticInstaller.Start\CurVer]
@="TelevisionFanaticInstaller.Start.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanaticInstaller.Start.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{03F59B4B-09D9-40F0-A01A-6E895023F2F0}\1.0\0\win32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\t8res.dll\1003"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{03F59B4B-09D9-40F0-A01A-6E895023F2F0}\1.0\HELPDIR]
@="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0597D3BE-9A4D-4426-A8A7-572AD299852E}\1.0\0\win32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\t8res.dll\626"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0597D3BE-9A4D-4426-A8A7-572AD299852E}\1.0\HELPDIR]
@="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{20739FAD-6CC8-49BC-94CB-A322D2C99390}\1.0\0\win32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\t8res.dll\1807"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{20739FAD-6CC8-49BC-94CB-A322D2C99390}\1.0\HELPDIR]
@="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{34979CB5-728D-4727-81BF-01850A3BB89B}\1.0\0\win32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\t8res.dll\100"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{34979CB5-728D-4727-81BF-01850A3BB89B}\1.0\HELPDIR]
@="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{608F7340-E221-4AFB-A848-C4DAD297CD58}\1.0\0\win32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\t8res.dll\625"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{608F7340-E221-4AFB-A848-C4DAD297CD58}\1.0\HELPDIR]
@="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6784D08D-CDC3-419D-9B97-744A351ED908}\1.0\0\win32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\t8res.dll\1506"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6784D08D-CDC3-419D-9B97-744A351ED908}\1.0\HELPDIR]
@="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{73CADBBD-4DC5-419D-84F1-E7BF4C3B20C4}\1.0\0\win32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\t8res.dll\1406"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{73CADBBD-4DC5-419D-84F1-E7BF4C3B20C4}\1.0\HELPDIR]
@="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{952C6F00-CBA7-47BE-BAF3-CFC5808E6C7B}\1.0\0\win32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\t8res.dll\405"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{952C6F00-CBA7-47BE-BAF3-CFC5808E6C7B}\1.0\HELPDIR]
@="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A378FD9D-B406-44BB-96D2-8CDAA668713F}\1.0\0\win32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\t8res.dll\1104"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A378FD9D-B406-44BB-96D2-8CDAA668713F}\1.0\HELPDIR]
@="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A3866408-A46D-4421-816F-F34D7247A046}\1.0\0\win32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\t8res.dll\1604"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A3866408-A46D-4421-816F-F34D7247A046}\1.0\HELPDIR]
@="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AED3B1E0-FABB-4C27-A2DA-EC8352EE7E30}\1.0\0\win32]
@="C:\Program Files\TelevisionFanatic\bar\1.bin\t8res.dll\905"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AED3B1E0-FABB-4C27-A2DA-EC8352EE7E30}\1.0\HELPDIR]
@="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22714877-95e3-480e-a313-4ec440965e4f}]
"AppPath"="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a}]
"AppPath"="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89cc5a31-b592-4bb3-82f5-bd8aca3e0bf0}]
"AppPath"="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9dffaa5f-44c6-4ff2-80ee-76368d0a2e75}]
"AppPath"="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d09094b3-b426-4f16-a6d9-e211fe222127}]
"AppPath"="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e017ef59-8c1e-4124-bf6d-6d647d01e352}]
"AppPath"="C:\Program Files\TelevisionFanatic\bar\1.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall Firefox]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall Firefox]
"UninstallString"="rundll32 "C:\Program Files\TelevisionFanatic\bar\1.bin\64Bar.dll",O mindsparktoolbarkey="TelevisionFanatic" uninstalltype=FF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel.TelevisionFanaticbar_Uninstall_Firefox-1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel.TelevisionFanaticbar_Uninstall_Firefox-1]
"DetectionInfo"="control-panel:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel.TelevisionFanaticbar_Uninstall_Firefox-1]
"Path"="c:\program files\NpackdDetected\TelevisionFanaticbar_Uninstall_Firefox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel.TelevisionFanaticbar_Uninstall_Internet_Explorer-1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel.TelevisionFanaticbar_Uninstall_Internet_Explorer-1]
"DetectionInfo"="control-panel:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall Internet Explorer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel.TelevisionFanaticbar_Uninstall_Internet_Explorer-1]
"Path"="c:\program files\NpackdDetected\TelevisionFanatic_Internet_Explorer_Toolbar_"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TelevisionFanaticbar Uninstall Internet Explorer]

Searching for "Mindspark"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall Firefox]
"UninstallString"="rundll32 "C:\Program Files\TelevisionFanatic\bar\1.bin\64Bar.dll",O mindsparktoolbarkey="TelevisionFanatic" uninstalltype=FF"

Searching for "WeatherBug"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\other\tabs\expand (new)\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\other\tabs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\other\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\other\forecasticons\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\navigation\left\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\navigation\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\backgrounds\more\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\backgrounds\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\backgrounds\mini\night\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\backgrounds\mini\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\backgrounds\current\day\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\backgrounds\current\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\AwsClasses\Interface\Interfaces\Callback\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\AwsClasses\Interface\Interfaces\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\AwsClasses\Interface\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\AwsClasses\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\AwsClasses\Interface\Animation\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\ZH-sg\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\ZH\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\KO\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\other\expand\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\navigation\right\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\backgrounds\mini\day\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\FR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\AwsClasses\Interface\Interfaces\Full\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\small\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\other\tabs\live\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\other\tabs\collapse (old)\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\EN\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\AwsClasses\Data\Other\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\AwsClasses\Data\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\other\collapse\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\other\alerts\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\AwsClasses\Events\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\JA\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\AwsClasses\Data\RequestTypes\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\loader\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\backgrounds\cams\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\AwsClasses\Data\Common\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\update\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\backgrounds\current\night\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\backgrounds\radar\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\backgrounds\forecast\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\AwsClasses\Common\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget\images\backgrounds\other\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{209CDA54-D390-46A2-A97C-7BF61734418D}]
"DisplayName"="WeatherBug Gadget"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFiles]
"File1"="C:\Program Files\AWS\WEATHERBUG\GadgetInstaller\WeatherBugGadgetSidebarInstaller.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder0"="C:\Program Files\AWS\WEATHERBUG\GadgetInstaller"
[HKEY_LOCAL_MACHINE\SOFTWARE\SUPERAntiSpyware.com\SUPERAntiSpyware\InUseFolders]
"Folder1"="C:\Program Files\AWS\WEATHERBUG"

Searching for "Yahoo "
No data found.

Searching for "04db920b-6fa4-db47-4ffb-55416ab0330d"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"{04db920b-6fa4-db47-4ffb-55416ab0330d}"=""C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\79D76919]
"1"="C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe"
[HKEY_USERS\.DEFAULT\Software\79D76919]
"1"="C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe"
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"{04db920b-6fa4-db47-4ffb-55416ab0330d}"=""C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe""
[HKEY_USERS\S-1-5-18\Software\79D76919]
"1"="C:\Users\Pat\AppData\Local\Microsoft\{04db920b-6fa4-db47-4ffb-55416ab0330d}\{04db920b-6fa4-db47-4ffb-55416ab0330d}.exe"

-= EOF =-


  • 0

#34
LiquidTension
Posted 17 September 2014 - 06:55 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello,
 

There is a PC Health Boost icon on the desktop

You can delete this. 
 
STEP 1
EtQetiM.png Uninstall Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • If any of the programmes listed previously are present, right-click and click Uninstall.
  • Follow the prompts.
  • Reboot if necessary.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
C:\Users\Pat\AppData\LocalLow\ShopAtHome\Temp\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ShopAtHomeUninstall.exe
C:\Windows\Prefetch\SHOPATHOMEHELPER.EXE-22B1A485.pf
C:\Users\Pat\Desktop\TelevisionFanatic.exe
C:\Users\Pat\Desktop\TelevisionFanaticSetup2.5.14.84.^XP^man000^YYA^.exe
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget
C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml
C:\Users\Pat\AppData\Local\Microsoft\Internet Explorer\DOMStore\9YKCFFIR\ads.yahoo[1].xml 
C:\Program Files\NpackdDetected\TelevisionFanaticbar_Uninstall_Firefox
C:\Program Files\NpackdDetected\TelevisionFanatic_Internet_Explorer_Toolbar_ 
C:\Program Files\Yahoo!
C:\Users\Pat\AppData\Roaming\Yahoo!
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Yahoo! Inc 
EmptyTemp:
end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 3
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Remove the checkmark next to the following items:
    • Remove disinfection tools
  • Place a checkmark next to the following items:
    • Create registry backup
  • Click the Run button.
     

STEP 4
GIRjHjL.png Reg Fix 

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel.Search_Protect-1]
[-HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protect]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopAtHome.com Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ShopAtHomeHelper.EXE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{062D6B05-B83A-46DE-81AD-1750FB7C8DE5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{067ECE13-6DD2-47C7-8EFE-24DA8BC1D8DA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E65CDDB-BB80-4C5D-8B07-5E280CCABC15}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92B0265C-B929-4D42-BA54-75AA39C99198}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9912DD71-1FDF-455B-99D3-D690A1C607D8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopAtHomeHelper.CookiesManager]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopAtHomeHelper.CookiesManager.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopAtHomeHelper.HttpHandle302]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopAtHomeHelper.HttpHandle302.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopAtHomeHelper.PostUrlWorker]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ShopAtHomeHelper.PostUrlWorker.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar3.ShopAtHome]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Toolbar3.ShopAtHome.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CF10C1C0-B598-4adb-B353-42C991C99A2E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopAtHome.com Helper]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel.ShopAtHome_com_Toolbar-7.0.3.15]
[-HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3011026113-540398884-3869173323-1000\Software\ShopAtHome]
[-HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShopAtHome.com Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel._37476589-E48E-439E-A706-56189E2ED4C4__is1-1]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TelevisionFanaticbar Uninstall Internet Explorer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02515cef-2063-4d64-b87a-d504c99d40dd}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07494721-dfcf-41c1-8a03-b3fffb0f8409}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ff49ed5-a3ef-410b-918e-97deceb5996d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{387dface-9e46-415f-8c86-18083b7d6ead}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8efa027d-55cb-4c9b-9a1d-42f27bd3d017}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d09094b3-b426-4f16-a6d9-e211fe222127}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fba7cbb1-fc93-4149-8862-d94451a7d167}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.FeedManager]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.FeedManager.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.HTMLMenu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.HTMLMenu.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.HTMLPanel]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.HTMLPanel.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.MultipleButton]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.MultipleButton.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.PseudoTransparentPlugin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.PseudoTransparentPlugin.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.Radio]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.Radio.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.RadioSettings]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.RadioSettings.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ScriptButton]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ScriptButton.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.SettingsPlugin]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.SettingsPlugin.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ThirdPartyInstaller]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ThirdPartyInstaller.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ToolbarProtector]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanatic.ToolbarProtector.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanaticInstaller.Start]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TelevisionFanaticInstaller.Start.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{03F59B4B-09D9-40F0-A01A-6E895023F2F0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0597D3BE-9A4D-4426-A8A7-572AD299852E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{20739FAD-6CC8-49BC-94CB-A322D2C99390}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{34979CB5-728D-4727-81BF-01850A3BB89B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{608F7340-E221-4AFB-A848-C4DAD297CD58}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6784D08D-CDC3-419D-9B97-744A351ED908}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{73CADBBD-4DC5-419D-84F1-E7BF4C3B20C4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{952C6F00-CBA7-47BE-BAF3-CFC5808E6C7B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A378FD9D-B406-44BB-96D2-8CDAA668713F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A3866408-A46D-4421-816F-F34D7247A046}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{AED3B1E0-FABB-4C27-A2DA-EC8352EE7E30}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{22714877-95e3-480e-a313-4ec440965e4f}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89cc5a31-b592-4bb3-82f5-bd8aca3e0bf0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9dffaa5f-44c6-4ff2-80ee-76368d0a2e75}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d09094b3-b426-4f16-a6d9-e211fe222127}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e017ef59-8c1e-4124-bf6d-6d647d01e352}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall Firefox]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel.TelevisionFanaticbar_Uninstall_Firefox-1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Npackd\Npackd\Packages\control-panel.TelevisionFanaticbar_Uninstall_Internet_Explorer-1]
[-HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\TelevisionFanaticbar Uninstall Internet Explorer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall Firefox]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"{04db920b-6fa4-db47-4ffb-55416ab0330d}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\79D76919]
[HKEY_USERS\S-1-5-21-3011026113-540398884-3869173323-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"{04db920b-6fa4-db47-4ffb-55416ab0330d}"=-
[-HKEY_USERS\S-1-5-18\Software\79D76919]
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file regfix.reg.
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate regfix.reg GIRjHjL.png on your Desktop. Right-click the file and click Merge with the Registry
  • Accept any prompts. 
  • Reboot your computer for the changes to take effect.
     

STEP 5
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • Did the reg fix merge successfully?
  • FRST.txt
  • Addition.txt

  • 0

#35
kepayne228
Posted 17 September 2014 - 07:20 PM

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

The FRST scan stops working. It closes without producing a log.


  • 0

#36
LiquidTension
Posted 17 September 2014 - 07:30 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Please close the FRST window. Delete FRST.exe (right-click + Delete) and download a fresh copy.

Try the scan again, and let me know what happens. 

 

Don't forget to include the contents of Fixlog.txt and let me know if the reg fix merged successfully. 


  • 0

#37
kepayne228
Posted 17 September 2014 - 08:02 PM

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Adam have I told you how incredible you are lately? This fix furely muxt be one of your masterpieces.

 

So before when I said the FRST stopped working, That was during the fix from step 2. Turns out it was producing a Fix Log, just not popping it up, I had to go look for it.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Pat at 2014-09-17 18:41:00 Run:8
Running from C:\Users\Pat\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Users\Pat\AppData\LocalLow\ShopAtHome\Temp\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ShopAtHomeUninstall.exe
C:\Windows\Prefetch\SHOPATHOMEHELPER.EXE-22B1A485.pf
C:\Users\Pat\Desktop\TelevisionFanatic.exe
C:\Users\Pat\Desktop\TelevisionFanaticSetup2.5.14.84.^XP^man000^YYA^.exe
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget
C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml
C:\Users\Pat\AppData\Local\Microsoft\Internet Explorer\DOMStore\9YKCFFIR\ads.yahoo[1].xml
C:\Program Files\NpackdDetected\TelevisionFanaticbar_Uninstall_Firefox
C:\Program Files\NpackdDetected\TelevisionFanatic_Internet_Explorer_Toolbar_
C:\Program Files\Yahoo!
C:\Users\Pat\AppData\Roaming\Yahoo!
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Yahoo! Inc
EmptyTemp:
end
*****************

"C:\Users\Pat\AppData\LocalLow\ShopAtHome\Temp\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ShopAtHomeUninstall.exe" => File/Directory not found.
"C:\Windows\Prefetch\SHOPATHOMEHELPER.EXE-22B1A485.pf" => File/Directory not found.
"C:\Users\Pat\Desktop\TelevisionFanatic.exe" => File/Directory not found.
"C:\Users\Pat\Desktop\TelevisionFanaticSetup2.5.14.84.^XP^man000^YYA^.exe" => File/Directory not found.
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget" => File/Directory not found.
"C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml" => File/Directory not found.
"C:\Users\Pat\AppData\Local\Microsoft\Internet Explorer\DOMStore\9YKCFFIR\ads.yahoo[1].xml" => File/Directory not found.
"C:\Program Files\NpackdDetected\TelevisionFanaticbar_Uninstall_Firefox" => File/Directory not found.
"C:\Program Files\NpackdDetected\TelevisionFanatic_Internet_Explorer_Toolbar_" => File/Directory not found.
"C:\Program Files\Yahoo!" => File/Directory not found.
"C:\Users\Pat\AppData\Roaming\Yahoo!" => File/Directory not found.
"C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Yahoo! Inc" => File/Directory not found.


  • 0

#38
kepayne228
Posted 17 September 2014 - 08:02 PM

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

why is the font so small?

 

here is the fix log again

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Pat at 2014-09-17 18:41:00 Run:8
Running from C:\Users\Pat\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
C:\Users\Pat\AppData\LocalLow\ShopAtHome\Temp\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ShopAtHomeUninstall.exe
C:\Windows\Prefetch\SHOPATHOMEHELPER.EXE-22B1A485.pf
C:\Users\Pat\Desktop\TelevisionFanatic.exe
C:\Users\Pat\Desktop\TelevisionFanaticSetup2.5.14.84.^XP^man000^YYA^.exe
C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget
C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml
C:\Users\Pat\AppData\Local\Microsoft\Internet Explorer\DOMStore\9YKCFFIR\ads.yahoo[1].xml
C:\Program Files\NpackdDetected\TelevisionFanaticbar_Uninstall_Firefox
C:\Program Files\NpackdDetected\TelevisionFanatic_Internet_Explorer_Toolbar_
C:\Program Files\Yahoo!
C:\Users\Pat\AppData\Roaming\Yahoo!
C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Yahoo! Inc
EmptyTemp:
end
*****************

"C:\Users\Pat\AppData\LocalLow\ShopAtHome\Temp\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ShopAtHomeUninstall.exe" => File/Directory not found.
"C:\Windows\Prefetch\SHOPATHOMEHELPER.EXE-22B1A485.pf" => File/Directory not found.
"C:\Users\Pat\Desktop\TelevisionFanatic.exe" => File/Directory not found.
"C:\Users\Pat\Desktop\TelevisionFanaticSetup2.5.14.84.^XP^man000^YYA^.exe" => File/Directory not found.
"C:\Program Files\Windows Sidebar\Gadgets\WeatherBug.Gadget" => File/Directory not found.
"C:\Program Files\Mozilla Firefox\browser\searchplugins\yahoo.xml" => File/Directory not found.
"C:\Users\Pat\AppData\Local\Microsoft\Internet Explorer\DOMStore\9YKCFFIR\ads.yahoo[1].xml" => File/Directory not found.
"C:\Program Files\NpackdDetected\TelevisionFanaticbar_Uninstall_Firefox" => File/Directory not found.
"C:\Program Files\NpackdDetected\TelevisionFanatic_Internet_Explorer_Toolbar_" => File/Directory not found.
"C:\Program Files\Yahoo!" => File/Directory not found.
"C:\Users\Pat\AppData\Roaming\Yahoo!" => File/Directory not found.
"C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Yahoo! Inc" => File/Directory not found.


  • 0

#39
kepayne228
Posted 17 September 2014 - 08:04 PM

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

The reg fix merged successfully

 

 

FRST Scan

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Pat (administrator) on PAT-PC on 17-09-2014 18:53:05
Running from C:\Users\Pat\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcServiceHost.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
(Nuance Communications, Inc.) C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
(Visual Networks) C:\Program Files\earthlink totalaccess\FastLane2\ipmon32.exe
(Visual Networks) C:\Program Files\earthlink totalaccess\FastLane2\IPClient.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Alcatel-Lucent) C:\Program Files\ATT-SST\McciTrayApp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Akamai Technologies, Inc.) C:\Users\Pat\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Alcatel-Lucent) C:\Program Files\ATT-SST\McciBrowser.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Dropbox, Inc.) C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Users\Pat\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_152_ActiveX.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [132760 2007-04-07] (Sun Microsystems, Inc.)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM\...\Run: [IPInSightMonitor 01] => C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe [122880 2005-08-10] (Visual Networks)
HKLM\...\Run: [IPInSightLAN 01] => C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe [380928 2005-08-10] (Visual Networks)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\McciTrayApp.exe [1573888 2010-07-27] (Alcatel-Lucent)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [1090952 2010-04-29] (Malwarebytes Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [942080 2008-01-18] (Hewlett-Packard)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [Google Update] => "C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Pat\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [EA Core] => "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3588952 2014-04-04] (Electronic Arts)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-12] (Google Inc.)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [ATT-SST] => C:\Program Files\ATT-SST\McciBrowser.exe [1057792 2011-09-09] (Alcatel-Lucent)
HKU\S-1-5-21-3011026113-540398884-3869173323-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6690072 2014-09-09] (SUPERAntiSpyware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
ShortcutTarget: Snapfish Media Detector.lnk -> C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe ()
Startup: C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9E0B8B28CAD2CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll (EarthLink, Inc.)
BHO: ElnkBhoGuard Class -> {00000000-0000-0000-0000-000000000002} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\EScamBlk.dll (EarthLink, Inc.)
BHO: ElnkScamBHO Class -> {15F4D456-5BAA-4076-8486-EECB38CD3E57} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\EScamBlk.dll (EarthLink, Inc.)
BHO: ElnkPubBHO Class -> {512ACF1B-64D9-4928-B382-A80556F28DB4} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\ElnkPub.dll (EarthLink, Inc.)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Simple -> {886bf106-6ebf-4ef4-8676-6663caabbda4} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: ElnkProtectionBHO Class -> {9579D574-D4D8-4335-9560-FE8641A013BD} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\ProtctIE.dll (EarthLink, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: ElnkLegacyUninstBHO Class -> {E713904C-DF05-4C79-BBAD-02DB923253BE} -> C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\uninsttb.dll (EarthLink, Inc.)
Toolbar: HKLM - EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\Toolbar.dll (EarthLink, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar\Toolbar.dll (EarthLink, Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pat\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Pat\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Pat\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Pat\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pat\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-06-01]
FF Extension: Motive Extension - C:\Program Files\Mozilla Firefox\extensions\[email protected] [2014-07-17]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]
FF Extension: No Name - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\jid0-w1UVmoLd6VGudaIERuRJCPQx1dQ@jetpack [Not Found]
FF Extension: No Name - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\{c4080853-c699-4120-b8e0-618bff8a4474} [Not Found]
FF Extension: No Name - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\[email protected] [Not Found]
FF Extension: No Name - C:\Users\Pat\AppData\Roaming\Mozilla\Firefox\Profiles\er31eg4t.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.safesear.ch/?type=20140917-zv-ch
CHR RestoreOnStartup: Default -> "hxxp://torcho.com/?channel=7777-2081&v1=home"
CHR StartupUrls: Default -> "hxxp://www.safesear.ch/?type=20140917-zv-ch"
CHR DefaultSearchProvider: Default -> Trovi search
CHR DefaultSearchURL: Default -> http://www.trovi.com...archTerms}=
CHR DefaultSuggestURL: Default -> http://suggest.secci...ix={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Pat\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Pat\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Pat\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR CustomProfile: C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Facebook Messenger Platinum) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimnghcocaaocjcffibpccpldmabjigb [2014-08-31]
CHR Extension: (Google Search) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (Facebook Image Zoom and Downloader) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\edefbbbcggajdncnoingicdckbhngpcj [2014-08-31]
CHR Extension: (QR Code Maker and Decoder) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkkpjnnhmokcnfdllcgldppopnneooi [2014-09-13]
CHR Extension: (Cloudy for Gmail) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfnjfpcmnoabmbhponbioedjceaddaa [2014-09-13]
CHR Extension: (Dropmark sidebar) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\foiapgoppijipmmgkaibacckkhbngfhp [2014-08-25]
CHR Extension: (Menu button) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\goblmaagcgfbjlaahdohiomenekdpnci [2014-08-25]
CHR Extension: (Google Wallet) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05]
CHR Extension: (HoofSounds) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pakhjhphleppgakhlffhlfhbekfnobbk [2014-08-25]
CHR Extension: (Gmail) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2014-07-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
S3 GamesAppIntegrationService; C:\Program Files\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [65536 2007-09-19] (Hewlett-Packard) [File not signed]
S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
S2 McciServiceHost; C:\Program Files\Common Files\Motive\McciServiceHost.exe [315392 2011-09-09] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [361472 2012-03-13] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files\Common Files\Motive\pcServiceHost.exe [342528 2013-04-01] (Alcatel-Lucent) [File not signed]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-03-13] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-03-13] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U0 IPVNMon; No ImagePath
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 18:46 - 2014-09-17 18:46 - 00009518 _____ () C:\Users\Pat\Desktop\regfix.reg
2014-09-17 18:44 - 2014-09-17 18:44 - 00000265 _____ () C:\DelFix.txt
2014-09-17 18:43 - 2014-09-17 18:44 - 00709564 _____ () C:\Users\Pat\Desktop\delfix_10.8.exe
2014-09-17 18:36 - 2014-09-17 18:36 - 01097728 _____ (Farbar) C:\Users\Pat\Desktop\FRST.exe
2014-09-17 16:59 - 2014-09-17 17:08 - 00143196 _____ () C:\Users\Pat\Desktop\SystemLook.txt
2014-09-17 15:41 - 2014-09-17 18:09 - 00000819 _____ () C:\Users\Pat\Desktop\fixlist.txt
2014-09-17 15:02 - 2014-09-17 15:02 - 00001059 _____ () C:\Users\Pat\Desktop\Revo Uninstaller.lnk
2014-09-17 15:02 - 2014-09-17 15:02 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-17 14:28 - 2014-09-17 14:28 - 00000761 _____ () C:\Users\Pat\Desktop\virustotal.txt
2014-09-17 11:46 - 2014-09-17 11:46 - 00001861 _____ () C:\Users\Pat\Desktop\JRT.txt
2014-09-17 11:43 - 2014-09-17 11:43 - 00004282 _____ () C:\Users\Pat\Desktop\AdwCleaner[S1].txt
2014-09-17 11:42 - 2014-09-17 18:44 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 11:29 - 2014-09-16 16:53 - 01016035 _____ (Thisisu) C:\Users\Pat\Desktop\JRT.exe
2014-09-17 11:23 - 2009-03-02 21:32 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-09-16 16:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-16 16:56 - 2014-09-17 11:32 - 00000000 ____D () C:\AdwCleaner
2014-09-16 16:56 - 2014-09-16 16:52 - 01373475 _____ () C:\Users\Pat\Desktop\AdwCleaner.exe
2014-09-16 14:28 - 2014-09-16 14:30 - 00001899 _____ () C:\Users\Pat\Desktop\Search.txt
2014-09-16 13:33 - 2014-09-16 13:33 - 00050615 _____ () C:\Users\Pat\Desktop\FRST 9-14 132.txt
2014-09-16 13:32 - 2014-09-16 13:32 - 00053589 _____ () C:\Users\Pat\Desktop\Addition 9-14 132.txt
2014-09-16 13:31 - 2014-09-16 13:31 - 00054835 _____ () C:\Users\Pat\Desktop\Addition 9-14 131.txt
2014-09-16 13:31 - 2014-09-16 13:31 - 00051102 _____ () C:\Users\Pat\Desktop\FRST 9-16 131.txt
2014-09-16 13:27 - 2014-09-17 11:54 - 00033287 _____ () C:\Users\Pat\Desktop\Addition.txt
2014-09-16 13:23 - 2014-09-17 18:54 - 00021681 _____ () C:\Users\Pat\Desktop\FRST.txt
2014-09-16 13:23 - 2014-09-17 18:53 - 00000000 ____D () C:\FRST
2014-09-16 13:21 - 2014-09-15 10:47 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pat\Desktop\tdsskiller.exe
2014-09-16 13:21 - 2014-09-15 10:46 - 02105856 _____ (Farbar) C:\Users\Pat\Desktop\FRST64.exe
2014-09-14 21:37 - 2014-09-14 21:37 - 00042262 _____ () C:\Users\Pat\Desktop\otl extra.txt
2014-09-14 21:31 - 2014-09-14 21:31 - 01109072 _____ () C:\Users\Pat\Desktop\OTL.Txt
2014-09-14 19:45 - 2014-09-14 19:45 - 00000000 ____D () C:\SUPERDelete
2014-09-14 19:44 - 2014-09-17 11:44 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 77b4f18a-f7f7-4e07-9b1a-542711c3e133.job
2014-09-14 19:44 - 2014-09-17 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-09-14 19:44 - 2014-09-14 19:54 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e99602dd-52ac-43be-8720-d14e3ce604fe.job
2014-09-14 19:44 - 2014-09-14 19:44 - 00001802 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-09-14 19:44 - 2014-09-14 19:44 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\SUPERAntiSpyware.com
2014-09-14 19:43 - 2014-09-17 18:51 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-14 19:43 - 2014-09-14 19:43 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-09-14 14:45 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2014-09-14 14:45 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2014-09-14 14:44 - 2014-09-14 18:25 - 00000000 ____D () C:\VIPRERESCUE
2014-09-14 13:53 - 2014-09-14 14:26 - 168402944 _____ () C:\Users\Pat\Downloads\VIPRERescue33104.exe
2014-09-14 13:41 - 2014-09-14 13:41 - 00000000 _____ () C:\Users\Pat\Downloads\OTL.scr
2014-09-14 13:41 - 2014-09-14 13:41 - 00000000 _____ () C:\Users\Pat\Downloads\OTL.com
2014-09-13 09:23 - 2014-09-13 09:23 - 00000000 ____D () C:\Windows\system32\EventProviders

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 18:55 - 2008-05-28 21:26 - 01905831 _____ () C:\Windows\WindowsUpdate.log
2014-09-17 18:54 - 2014-09-16 13:23 - 00021681 _____ () C:\Users\Pat\Desktop\FRST.txt
2014-09-17 18:54 - 2006-11-02 03:33 - 00703388 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-17 18:53 - 2014-09-16 13:23 - 00000000 ____D () C:\FRST
2014-09-17 18:51 - 2014-09-14 19:43 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-17 18:50 - 2014-03-31 15:29 - 00000000 ___RD () C:\Users\Pat\Dropbox
2014-09-17 18:50 - 2014-03-31 15:26 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Dropbox
2014-09-17 18:48 - 2010-03-13 20:45 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-17 18:48 - 2008-01-20 19:47 - 00510300 _____ () C:\Windows\PFRO.log
2014-09-17 18:48 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-17 18:48 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 18:48 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-17 18:47 - 2006-11-02 06:01 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-17 18:46 - 2014-09-17 18:46 - 00009518 _____ () C:\Users\Pat\Desktop\regfix.reg
2014-09-17 18:44 - 2014-09-17 18:44 - 00000265 _____ () C:\DelFix.txt
2014-09-17 18:44 - 2014-09-17 18:43 - 00709564 _____ () C:\Users\Pat\Desktop\delfix_10.8.exe
2014-09-17 18:44 - 2014-09-17 11:42 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 18:36 - 2014-09-17 18:36 - 01097728 _____ (Farbar) C:\Users\Pat\Desktop\FRST.exe
2014-09-17 18:29 - 2011-07-04 12:52 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000UA.job
2014-09-17 18:10 - 2014-05-04 08:46 - 00000000 ____D () C:\Program Files\NpackdDetected
2014-09-17 18:09 - 2014-09-17 15:41 - 00000819 _____ () C:\Users\Pat\Desktop\fixlist.txt
2014-09-17 18:09 - 2013-08-24 15:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-17 18:04 - 2010-03-13 20:45 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 17:31 - 2008-06-05 22:39 - 00000414 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{2EF81A9E-8FE5-492E-BE2B-AC24305B427B}.job
2014-09-17 17:08 - 2014-09-17 16:59 - 00143196 _____ () C:\Users\Pat\Desktop\SystemLook.txt
2014-09-17 16:52 - 2014-08-12 00:04 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-17 16:52 - 2014-04-08 18:09 - 00000008 __RSH () C:\Users\Pat\ntuser.pol
2014-09-17 16:52 - 2008-05-28 21:33 - 00000000 ____D () C:\Users\Pat
2014-09-17 16:52 - 2006-11-02 05:47 - 00286720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-17 15:42 - 2006-11-02 04:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-17 15:22 - 2014-08-12 00:03 - 00000000 ____D () C:\Users\Pat\AppData\Local\searcharmor
2014-09-17 15:22 - 2010-04-03 12:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-17 15:20 - 2014-05-18 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost
2014-09-17 15:06 - 2014-04-08 18:13 - 00000000 ____D () C:\Users\Pat\AppData\Local\Fast Browser
2014-09-17 15:02 - 2014-09-17 15:02 - 00001059 _____ () C:\Users\Pat\Desktop\Revo Uninstaller.lnk
2014-09-17 15:02 - 2014-09-17 15:02 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-17 14:28 - 2014-09-17 14:28 - 00000761 _____ () C:\Users\Pat\Desktop\virustotal.txt
2014-09-17 11:54 - 2014-09-16 13:27 - 00033287 _____ () C:\Users\Pat\Desktop\Addition.txt
2014-09-17 11:46 - 2014-09-17 11:46 - 00001861 _____ () C:\Users\Pat\Desktop\JRT.txt
2014-09-17 11:44 - 2014-09-14 19:44 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 77b4f18a-f7f7-4e07-9b1a-542711c3e133.job
2014-09-17 11:43 - 2014-09-17 11:43 - 00004282 _____ () C:\Users\Pat\Desktop\AdwCleaner[S1].txt
2014-09-17 11:38 - 2014-04-08 18:17 - 00000000 ____D () C:\ProgramData\Npackd
2014-09-17 11:32 - 2014-09-16 16:56 - 00000000 ____D () C:\AdwCleaner
2014-09-17 10:28 - 2014-09-14 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-09-16 16:53 - 2014-09-17 11:29 - 01016035 _____ (Thisisu) C:\Users\Pat\Desktop\JRT.exe
2014-09-16 16:52 - 2014-09-16 16:56 - 01373475 _____ () C:\Users\Pat\Desktop\AdwCleaner.exe
2014-09-16 14:30 - 2014-09-16 14:28 - 00001899 _____ () C:\Users\Pat\Desktop\Search.txt
2014-09-16 13:45 - 2013-06-07 16:00 - 00000000 ____D () C:\ProgramData\Origin
2014-09-16 13:33 - 2014-09-16 13:33 - 00050615 _____ () C:\Users\Pat\Desktop\FRST 9-14 132.txt
2014-09-16 13:32 - 2014-09-16 13:32 - 00053589 _____ () C:\Users\Pat\Desktop\Addition 9-14 132.txt
2014-09-16 13:31 - 2014-09-16 13:31 - 00054835 _____ () C:\Users\Pat\Desktop\Addition 9-14 131.txt
2014-09-16 13:31 - 2014-09-16 13:31 - 00051102 _____ () C:\Users\Pat\Desktop\FRST 9-16 131.txt
2014-09-16 13:26 - 2013-02-15 15:57 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-16 13:25 - 2008-02-24 13:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-15 10:47 - 2014-09-16 13:21 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Pat\Desktop\tdsskiller.exe
2014-09-15 10:46 - 2014-09-16 13:21 - 02105856 _____ (Farbar) C:\Users\Pat\Desktop\FRST64.exe
2014-09-14 21:37 - 2014-09-14 21:37 - 00042262 _____ () C:\Users\Pat\Desktop\otl extra.txt
2014-09-14 21:31 - 2014-09-14 21:31 - 01109072 _____ () C:\Users\Pat\Desktop\OTL.Txt
2014-09-14 19:54 - 2014-09-14 19:44 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e99602dd-52ac-43be-8720-d14e3ce604fe.job
2014-09-14 19:45 - 2014-09-14 19:45 - 00000000 ____D () C:\SUPERDelete
2014-09-14 19:44 - 2014-09-14 19:44 - 00001802 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-09-14 19:44 - 2014-09-14 19:44 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\SUPERAntiSpyware.com
2014-09-14 19:43 - 2014-09-14 19:43 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-09-14 19:40 - 2006-11-02 05:52 - 00045552 _____ () C:\Windows\setupact.log
2014-09-14 19:27 - 2013-05-18 13:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-14 18:36 - 2011-10-26 17:23 - 00000000 ____D () C:\Program Files\ATT-SST
2014-09-14 18:25 - 2014-09-14 14:44 - 00000000 ____D () C:\VIPRERESCUE
2014-09-14 16:14 - 2011-03-23 17:31 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\HpUpdate
2014-09-14 14:28 - 2014-01-29 10:33 - 00000087 _____ () C:\Windows\system32\osgyyfu.ijm
2014-09-14 14:26 - 2014-09-14 13:53 - 168402944 _____ () C:\Users\Pat\Downloads\VIPRERescue33104.exe
2014-09-14 13:41 - 2014-09-14 13:41 - 00000000 _____ () C:\Users\Pat\Downloads\OTL.scr
2014-09-14 13:41 - 2014-09-14 13:41 - 00000000 _____ () C:\Users\Pat\Downloads\OTL.com
2014-09-14 13:30 - 2013-05-18 13:32 - 00000860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-14 13:30 - 2010-04-03 12:33 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-14 13:21 - 2014-08-12 00:04 - 00000000 ____D () C:\ProgramData\19e8f4e397351af7
2014-09-14 04:29 - 2011-07-04 12:52 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000Core.job
2014-09-14 03:11 - 2013-08-14 03:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-14 03:02 - 2006-11-02 03:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-14 03:01 - 2013-05-18 13:54 - 00002155 _____ () C:\Windows\epplauncher.mif
2014-09-14 03:01 - 2013-05-18 13:53 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-14 03:01 - 2013-05-18 13:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-13 23:43 - 2014-04-08 18:14 - 00000436 ____H () C:\Windows\Tasks\Norton Security Scan for Pat.job
2014-09-13 10:11 - 2013-08-24 15:07 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-13 10:11 - 2012-03-24 09:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-13 09:45 - 2010-03-12 19:00 - 00000000 ____D () C:\Users\Pat\AppData\Local\Google
2014-09-13 09:23 - 2014-09-13 09:23 - 00000000 ____D () C:\Windows\system32\EventProviders
2014-09-01 11:55 - 2014-08-08 08:50 - 00039936 _____ () C:\Windows\system32\btlcp.cpo
2014-09-01 11:55 - 2014-01-27 08:52 - 00000291 _____ () C:\Windows\system32\hirh.dnc
2014-08-25 01:00 - 2014-03-31 15:27 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-25 00:48 - 2012-07-13 21:20 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-25 00:48 - 2010-03-12 19:00 - 00000000 ____D () C:\Program Files\Google

Some content of TEMP:
====================
C:\Users\Pat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl30lg1.dll
C:\Users\Pat\AppData\Local\Temp\ERUNT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-17 18:59

==================== End Of Log ============================

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Pat at 2014-09-17 18:55:59
Running from C:\Users\Pat\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AT&T Portal (HKLM\...\ATT-SST-UversePortal) (Version:  - )
AT&T Troubleshoot & Resolve Tool (HKLM\...\ATT-SST) (Version:  - )
att.net Internet Mail (HKLM\...\Yahoo! Mail) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version:  - )
Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version:  - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canon MX340 series User Registration (HKLM\...\Canon MX340 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Cards_Calendar_OrderGift_DoMorePlugout (Version: 1.00.0000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1126 - CyberLink Corp.)
Deal Info (Version: 2008.1.22.0 - EarthLink, Inc) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
EarthLink Common Authentication (Version: 1.0.87.0 - ) Hidden
EarthLink FastLane (HKLM\...\{BD33CD92-3A42-4CE1-ADDE-A9B64CFFF24D}) (Version: 5.8.0.13 - EarthLink, Inc)
EarthLink Software (HKLM\...\EarthLink TotalAccess 2004) (Version: 2008.1.22.0 - )
EarthLink Toolbar (HKLM\...\{B8C2A83F-20B0-49D9-BA2B-6495DD8639ED}) (Version:  - EarthLink, Inc.)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4708.19 - PC-Doctor, Inc.)
Hewlett-Packard Active Check (Version: 1.1.11.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (Version: 2.0.62.5 - HP) Hidden
HP Customer Experience Enhancements (HKLM\...\{C8D47273-7A1A-4614-A3D8-263632D8A5ED}) (Version: 5.6.0.2499 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Demo (HKLM\...\{9A379E7A-22ED-44FF-9293-E393D704505D}) (Version: 4.1.0 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}) (Version: 5.6.0.2542 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Photosmart Essential 2.5 (Version: 1.02.0000 - Hewlett-Packard) Hidden
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Total Care Advisor (HKLM\...\{fef8097e-662d-49b3-aa77-2919db3746d7}) (Version: 1.6.12.2542 - Hewlett-Packard)
HP Update (HKLM\...\{612F4E20-3661-4D44-AD79-823F1B613FB3}) (Version: 5.002.008.001 - Hewlett-Packard)
HPPhotoSmartPhotobookWebPack1 (Version: 1.00.0000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Java™ SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2329 - CyberLink Corp.)
LightScribe System Software  1.10.23.1 (HKLM\...\{0E19A83E-F53B-40CF-8C91-96F32D955E6A}) (Version: 1.10.23.1 - http://www.lightscribe.com)
LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XML Parser (Version: 8.20.8730.4 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.1 (x86 en-US)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{5115C036-C0D5-4E1B-81C9-542CA967478A}) (Version: 6.10.050 - muvee Technologies)
My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: HPCMPQ1902 - WildTangent)
Norton Security Scan (HKLM\...\NSS) (Version: 4.0.3.27 - Symantec Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Open Freely (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66C3}_is1) (Version: 1.0 - Download Freely, LLC)
Origin (HKLM\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Pet Show Craze (Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3610 - CyberLink Corp.)
PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2420 - CyberLink Corp.)
PowerDirector (Version: 6.5.2420 - CyberLink Corp.) Hidden
PSSWCORE (Version: 2.02.0000 - Hewlett-Packard) Hidden
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Redistributed Files (Version: 2.0.46.0 - EarthLink, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
ScanSoft OmniPage SE 4 (HKLM\...\{DEE88727-779B-47A9-ACEF-F87CA5F92A65}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Snapfish Picture Mover (HKLM\...\{029B5901-1F27-4347-9923-E8ACC8F54E15}) (Version: 1.9.0.16 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
The Sims™ 3 Generations (HKLM\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 Seasons (HKLM\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
TotalAccess Core Applications (Version: 2008.1.22.0 - EarthLink, Inc.) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
VideoToolkit01 (Version: 100.0.128.000 - Hewlett-Packard) Hidden
WeatherBug Gadget (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
WildTangent Games (HKLM\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (Version: 4.0.11.2 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Pat\AppData\Local\Google\Chrome\Application\36.0.1985.125\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Pat\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3011026113-540398884-3869173323-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Pat\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

03-08-2014 05:15:52 Windows Update
04-08-2014 05:15:38 Windows Update
05-08-2014 05:15:43 Windows Update
06-08-2014 05:15:25 Windows Update
07-08-2014 05:18:23 Windows Update
08-08-2014 05:15:14 Windows Update
09-08-2014 05:16:24 Windows Update
10-08-2014 05:17:06 Windows Update
11-08-2014 05:16:36 Windows Update
12-08-2014 05:16:04 Windows Update
13-08-2014 05:15:48 Windows Update
14-08-2014 05:16:51 Windows Update
15-08-2014 05:16:48 Windows Update
15-08-2014 10:00:14 Windows Update
16-08-2014 05:16:18 Windows Update
26-08-2014 07:59:54 Windows Update
27-08-2014 07:59:53 Windows Update
28-08-2014 07:59:57 Windows Update
29-08-2014 08:00:09 Windows Update
30-08-2014 07:59:39 Windows Update
31-08-2014 07:59:35 Windows Update
13-09-2014 16:23:23 Windows Update
14-09-2014 10:00:14 Windows Update
15-09-2014 02:47:49 Windows Update
15-09-2014 03:43:49 Windows Update
16-09-2014 20:33:32 Windows Update
17-09-2014 21:07:05 Installed Microsoft Fix it 50906
17-09-2014 22:03:20 Revo Uninstaller's restore point - Fast Browser
17-09-2014 22:07:29 Revo Uninstaller's restore point - Akamai NetSession Interface
17-09-2014 22:08:20 Revo Uninstaller's restore point - HQPureV1.8
17-09-2014 22:12:28 Revo Uninstaller's restore point - Like 1.5
17-09-2014 22:14:42 Revo Uninstaller's restore point - Like 1.5
17-09-2014 22:16:21 Revo Uninstaller's restore point - NpackdCL
17-09-2014 22:17:08 Removed NpackdCL
17-09-2014 22:18:45 Revo Uninstaller's restore point - PCHealthBoost 3.0.5
17-09-2014 22:20:50 Revo Uninstaller's restore point - Search Armor
17-09-2014 22:22:25 Revo Uninstaller's restore point - Search Protect 1.0
17-09-2014 22:23:48 Revo Uninstaller's restore point - Search Protect 1.0
17-09-2014 22:24:38 Revo Uninstaller's restore point - ShopAtHome.com Toolbar
17-09-2014 22:26:36 Revo Uninstaller's restore point - ShoppingDealFactory
17-09-2014 22:28:32 Revo Uninstaller's restore point - TelevisionFanatic Internet Explorer Toolbar
17-09-2014 22:29:41 Revo Uninstaller's restore point - TelevisionFanatic Internet Explorer Toolbar
17-09-2014 22:30:46 Revo Uninstaller's restore point - videos MediaPlay-Air
17-09-2014 22:32:04 Revo Uninstaller's restore point - Yahoo! Toolbar
17-09-2014 22:33:47 Revo Uninstaller's restore point - Yahoo! Toolbar
18-09-2014 00:11:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2014-09-17 15:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {20990D4E-73BD-49B1-B8A3-A1F1E31C3AD9} - System32\Tasks\PCHB_Pat_PCHealthBoost_RS_DailyTask => C:\Program Files\PC HealthBoost\PCHealthBoost.exe
Task: {214C54A7-F799-49F7-B2CC-F79611A8D57B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {2469D6D6-0B2F-4132-A2ED-4A049E51C469} - System32\Tasks\NSManager => C:\Users\Pat\AppData\Local\NSManager\manager.exe [2014-04-04] ()
Task: {2EA02AF9-2282-45B2-9CEC-3FDE67D5FD31} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-13] (Adobe Systems Incorporated)
Task: {31D20166-B27B-4856-A394-8DBC9CA461AC} - System32\Tasks\SUPERAntiSpyware Scheduled Task e99602dd-52ac-43be-8720-d14e3ce604fe => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {33989DBE-0622-4640-AA42-3183DB2A5B28} - System32\Tasks\PCHB_Pat_PCHealthBoost_RS_WeeklyTask => C:\Program Files\PC HealthBoost\PCHealthBoost.exe
Task: {39B1E7E3-6DB4-4B48-B340-C7A8D9C9C3EB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000Core => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3D3F02E8-9901-4F30-BBC0-61C3BB5939A9} - System32\Tasks\SUPERAntiSpyware Scheduled Task 77b4f18a-f7f7-4e07-9b1a-542711c3e133 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {487DAB6B-02BE-4561-8D84-29FD04DD295B} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files\PC-Doctor 5 for Windows\task_swap.bat [2008-02-24] ()
Task: {607C97C0-E78A-4E77-9F7F-C4224F9C7D28} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {74B5AED7-322F-4963-B064-4A6B4DACB653} - System32\Tasks\Norton Security Scan for Pat => C:\Program Files\Norton Security Scan\Engine\4.0.3.27\Nss.exe [2013-10-11] (Symantec Corporation)
Task: {8C1DC633-C32A-4D11-9728-155E5F686C5D} - System32\Tasks\PCHB_Pat_PCHealthBoost_LogonTask => C:\Program Files\PC HealthBoost\PCHealthBoost.exe
Task: {98D8F43C-7E85-4323-8F47-7431294D5E9F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000UA => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {A51FC96D-2B39-4C43-BB1C-7843919C57A6} - System32\Tasks\PCHB_Pat_PCHealthBoost_LG_DailyTask => C:\Program Files\PC HealthBoost\PCHealthBoost.exe
Task: {B1774EB2-CD88-4FE2-AF11-4F2E5D035C75} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe [2007-10-04] (PC-Doctor, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {E686E5B3-ECE5-446C-B733-D5EB5F84E384} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-12-17] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000Core.job => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3011026113-540398884-3869173323-1000UA.job => C:\Users\Pat\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Pat.job => C:\PROGRA~1\NORTON~2\Engine\403~1.27\Nss.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 77b4f18a-f7f7-4e07-9b1a-542711c3e133.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e99602dd-52ac-43be-8720-d14e3ce604fe.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{2EF81A9E-8FE5-492E-BE2B-AC24305B427B}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2008-01-18 19:21 - 2008-01-18 19:21 - 00057344 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2008-01-18 19:20 - 2008-01-18 19:20 - 00040960 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
2008-01-18 19:20 - 2008-01-18 19:20 - 00006144 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2008-01-18 19:20 - 2008-01-18 19:20 - 00028672 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2008-01-20 19:24 - 2008-01-20 19:24 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2008-01-18 19:21 - 2008-01-18 19:21 - 00036864 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
2008-01-18 19:21 - 2008-01-18 19:21 - 00007168 _____ () C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
2014-09-17 18:50 - 2014-09-17 18:50 - 00043008 _____ () c:\users\pat\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl30lg1.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Pat\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2014 06:51:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/17/2014 06:51:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/17/2014 06:50:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2014 06:41:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application FRST.exe, version 12.9.2014.0, time stamp 0x5413314f, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc00000fd, fault offset 0x00059dc2,
process id 0x1550, application start time 0xFRST.exe0.

Error: (09/17/2014 06:38:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application FRST.exe, version 12.9.2014.0, time stamp 0x5413314f, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc00000fd, fault offset 0x00059dc2,
process id 0x740, application start time 0xFRST.exe0.

Error: (09/17/2014 06:18:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application FRST.exe, version 12.9.2014.0, time stamp 0x5413314f, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc00000fd, fault offset 0x00059dc2,
process id 0x88c, application start time 0xFRST.exe0.

Error: (09/17/2014 06:17:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application FRST.exe, version 12.9.2014.0, time stamp 0x5413314f, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc00000fd, fault offset 0x00059dc4,
process id 0x1158, application start time 0xFRST.exe0.

Error: (09/17/2014 06:11:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application FRST.exe, version 12.9.2014.0, time stamp 0x5413314f, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc00000fd, fault offset 0x000656ef,
process id 0x106c, application start time 0xFRST.exe0.

Error: (09/17/2014 04:55:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HPAdvisor.exe version 1.6.12.2542 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: d84
Start Time: 01cfd2d2712c981d
Termination Time: 84

Error: (09/17/2014 04:53:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (09/17/2014 06:51:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%3

Error: (09/17/2014 06:51:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000ShellHWDetection

Error: (09/17/2014 06:50:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (09/17/2014 06:49:22 PM) (Source: WMPNetworkSvc) (EventID: 14333) (User: )
Description: WMPNetworkSvc0x80070422

Error: (09/17/2014 06:48:31 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (09/17/2014 04:54:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update Service (gupdate)%%3

Error: (09/17/2014 04:53:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (09/17/2014 04:53:01 PM) (Source: WMPNetworkSvc) (EventID: 14333) (User: )
Description: WMPNetworkSvc0x80070422

Error: (09/17/2014 04:51:56 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos

Microsoft Office Sessions:
=========================
Error: (09/17/2014 06:51:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/17/2014 06:51:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/17/2014 06:50:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2014 06:41:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST.exe12.9.2014.05413314fntdll.dll6.0.6001.185384cb733dcc00000fd00059dc2155001cfd2e1987ed36d

Error: (09/17/2014 06:38:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST.exe12.9.2014.05413314fntdll.dll6.0.6001.185384cb733dcc00000fd00059dc274001cfd2e1241c934d

Error: (09/17/2014 06:18:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST.exe12.9.2014.05413314fntdll.dll6.0.6001.185384cb733dcc00000fd00059dc288c01cfd2de70ee96dd

Error: (09/17/2014 06:17:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST.exe12.9.2014.05413314fntdll.dll6.0.6001.185384cb733dcc00000fd00059dc4115801cfd2de46a0157d

Error: (09/17/2014 06:11:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FRST.exe12.9.2014.05413314fntdll.dll6.0.6001.185384cb733dcc00000fd000656ef106c01cfd2dd42c4304d

Error: (09/17/2014 04:55:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: HPAdvisor.exe1.6.12.2542d8401cfd2d2712c981d84

Error: (09/17/2014 04:53:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2014-09-17 18:54:52.224
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 18:54:51.882
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 18:54:51.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 18:54:51.138
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 18:54:50.347
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 18:54:49.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 18:54:49.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 18:54:49.156
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 18:51:23.747
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-17 18:51:23.466
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 48%
Total physical RAM: 3061.77 MB
Available physical RAM: 1584.98 MB
Total Pagefile: 6353.82 MB
Available Pagefile: 4798.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.64 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:326.11 GB) (Free:198.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.24 GB) (Free:1.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 335.4 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=326.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#40
kepayne228
Posted 17 September 2014 - 08:16 PM

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Also I think I need to get rid of the Google Chrome here. It still says Safe Search and Trovi search engine.


  • 0

Advertisements

#41
LiquidTension
Posted 17 September 2014 - 08:31 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello, 
 
Thank you for the kind words. 
 
You certainly had one of the most impressive collections of adware I've seen. 
 
There are several stubborn items in both Firefox and Chrome. The simplest method would be to reset both browsers. Don't worry, your bookmarks will be preserved. 
 
If all is well after completing the steps below, we only have updating your vulnerable software and removing the tools we've used left to go. 
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
2014-09-17 15:22 - 2014-08-12 00:03 - 00000000 ____D () C:\Users\Pat\AppData\Local\searcharmor
2014-09-17 15:20 - 2014-05-18 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost
2014-09-17 15:06 - 2014-04-08 18:13 - 00000000 ____D () C:\Users\Pat\AppData\Local\Fast Browser
Task: {20990D4E-73BD-49B1-B8A3-A1F1E31C3AD9} - System32\Tasks\PCHB_Pat_PCHealthBoost_RS_DailyTask => C:\Program Files\PC HealthBoost\PCHealthBoost.exe
Task: {A51FC96D-2B39-4C43-BB1C-7843919C57A6} - System32\Tasks\PCHB_Pat_PCHealthBoost_LG_DailyTask => C:\Program Files\PC HealthBoost\PCHealthBoost.exe
C:\Program Files\PC HealthBoost
C:\ProgramData\19e8f4e397351af7
EmptyTemp:
end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
b8zkrsY.png Browser Reset
 
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.

STEP 3
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • If you haven't already done so, please download the updated Malwarebytes Anti-Malware 2.0 and save the file to your Desktop.
  • Double-click mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Launch the programme and select Update.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 4
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something unique such as MyEsetScan.
  • Push the Back button.
  • Place a checkmark next to KN1w2nv.png and click SzOC1p0.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • Are there any remaining issues with your browsers after the reset?
  • MBAM Scan log
  • ESET Online Scan log

  • 0

#42
kepayne228
Posted 17 September 2014 - 09:44 PM

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

I'm sorry I forgot to tell you I was shutting down at my aunt's house for the night. I will be back over there tomorrow morning. Good night!


  • 0

#43
LiquidTension
Posted 18 September 2014 - 05:15 AM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Not a problem. I'll look out for your post later today. 


  • 0

#44
kepayne228
Posted 18 September 2014 - 06:44 PM

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Hi Adam I'm back! Here are the latest logs. Still so many threats..

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Pat at 2014-09-18 15:05:08 Run:9
Running from C:\Users\Pat\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
2014-09-17 15:22 - 2014-08-12 00:03 - 00000000 ____D () C:\Users\Pat\AppData\Local\searcharmor
2014-09-17 15:20 - 2014-05-18 13:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost
2014-09-17 15:06 - 2014-04-08 18:13 - 00000000 ____D () C:\Users\Pat\AppData\Local\Fast Browser
Task: {20990D4E-73BD-49B1-B8A3-A1F1E31C3AD9} - System32\Tasks\PCHB_Pat_PCHealthBoost_RS_DailyTask => C:\Program Files\PC HealthBoost\PCHealthBoost.exe
Task: {A51FC96D-2B39-4C43-BB1C-7843919C57A6} - System32\Tasks\PCHB_Pat_PCHealthBoost_LG_DailyTask => C:\Program Files\PC HealthBoost\PCHealthBoost.exe
C:\Program Files\PC HealthBoost
C:\ProgramData\19e8f4e397351af7
EmptyTemp:
end
*****************

C:\Users\Pat\AppData\Local\searcharmor => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC HealthBoost => Moved successfully.
C:\Users\Pat\AppData\Local\Fast Browser => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{20990D4E-73BD-49B1-B8A3-A1F1E31C3AD9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20990D4E-73BD-49B1-B8A3-A1F1E31C3AD9}" => Key deleted successfully.
C:\Windows\System32\Tasks\PCHB_Pat_PCHealthBoost_RS_DailyTask => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCHB_Pat_PCHealthBoost_RS_DailyTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A51FC96D-2B39-4C43-BB1C-7843919C57A6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A51FC96D-2B39-4C43-BB1C-7843919C57A6}" => Key deleted successfully.
C:\Windows\System32\Tasks\PCHB_Pat_PCHealthBoost_LG_DailyTask => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCHB_Pat_PCHealthBoost_LG_DailyTask" => Key deleted successfully.
"C:\Program Files\PC HealthBoost" => File/Directory not found.
C:\ProgramData\19e8f4e397351af7 => Moved successfully.


  • 0

#45
kepayne228
Posted 18 September 2014 - 06:45 PM

kepayne228

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

The browsers seem to be okay after the reset.

 

 

MBAM Scan Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/18/2014
Scan Time: 3:22:30 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.18.09
Rootkit Database: v2014.09.18.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: Pat

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354582
Time Elapsed: 16 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE681A67-9477-CBE6-EB9D-FE534875F98D}, Quarantined, [b468925dabd0b6809c59d3b4946e59a7],
PUP.Optional.HQPure.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQPureV1.8, Quarantined, [a7758a65423987af02ee7b9132d16b95],
PUP.Optional.MediaPlayer.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\videos MediaPlay-Air, Quarantined, [bc60e50aa6d5ae88df34d19d5ca8c23e],
PUP.Optional.HQPure.A, HKU\S-1-5-21-3011026113-540398884-3869173323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQPureV1.8, Quarantined, [100cb7380378fe383ab645c7ef1445bb],
PUP.Optional.MediaPlayer.A, HKU\S-1-5-21-3011026113-540398884-3869173323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\videos MediaPlay-Air, Quarantined, [79a3ad426813e4520013e38b1aead52b],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Safesear.A, HKU\S-1-5-21-3011026113-540398884-3869173323-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://www.safesear....&q={searchTerms}, Good: (www.google.com), Bad: (http://www.safesear....5ab154030217e9]

Folders: 4
PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer, Quarantined, [29f3aa454239979fde823be2b15208f8],
PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer\config, Quarantined, [29f3aa454239979fde823be2b15208f8],
PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer\Playlists, Quarantined, [29f3aa454239979fde823be2b15208f8],
PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer\Snap, Quarantined, [29f3aa454239979fde823be2b15208f8],

Files: 6
PUP.Optional.Inbox, C:\Users\Pat\Downloads\PublicTransportSetup (1).exe, Quarantined, [e735fdf27b003ff75729180133ce07f9],
PUP.Optional.Inbox, C:\Users\Pat\Downloads\PublicTransportSetup (2).exe, Quarantined, [d745bc33e8932016acd432e735cc3dc3],
PUP.Optional.Inbox, C:\Users\Pat\Downloads\PublicTransportSetup.exe, Quarantined, [47d5fcf3ff7ce3537e021009e51cc739],
PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer\log.txt, Quarantined, [29f3aa454239979fde823be2b15208f8],
PUP.Optional.NewPlayer.A, C:\Windows\System32\config\systemprofile\AppData\Local\newplayer\config\config.ini, Quarantined, [29f3aa454239979fde823be2b15208f8],
PUP.Optional.SafeSear.A, C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "https://www.google.com/", "http://www.safesear....20140408-170-ch", "http://www.safesear....=20140917-zv-ch" ],), Replaced,[e23af3fc512a63d3d7e72c0cf51017e9]

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP