TechSpot

Unknown user appearing on certain files/folders... need assistance

Inactive
By Jake25
Oct 6, 2012
  1. I seem to have harboured some sort of unknown user when I check the properties of certain folders on my external hard drive and click security there appears to be a unknown user for some of these folders.

    The user is named: S-1-5-21-1659004503-329068152-839522115-1003


    I also have a problem with a folder and file when I try to delete them I get the notification:

    * an unexpected error is keeping you from deleting this file. If you continue to receive this error, you can use the error code to search for help with this problem.

    1. Error 0x80070570: The file or directory is corrupted and unreadable

    2. Error 0x80070091: The directory is not empty.


    I need assistance on how to delete this files/folders as well as deleting this mysterious user.

    I am running Kaspersky Internet Security 2012 and it didn't detect anything.

    Thanks.
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 5-Step removal instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  3. Jake25

    Jake25 TS Rookie Topic Starter Posts: 40

    Appreciate the reply Dragon Master Jay. Here are the logs:

    (Note: for the DDS application I only received one file DDS.txt. No Attach.txt
    file was made by the application)



    1. Malwarebytes Log:



    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.06.01

    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    Gears :: GEARS-PC [administrator]

    7/10/2012 9:17:47 PM
    mbam-log-2012-10-07 (21-17-47).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 187868
    Time elapsed: 5 minute(s), 52 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    2. GMER Log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-10-07 21:52:06
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC64G
    Running: 8elbscd3.exe; Driver: C:\Users\Gears\AppData\Local\Temp\kgloqpob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----



    3. DDS Log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.7.2
    Run by Gears at 22:02:31 on 2012-10-07
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3039.1338 [GMT 11:00]
    .
    AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
    SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vfsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\StikyNot.exe
    C:\Users\Gears\Desktop\Desktop Icon Toy\DesktopIconToy.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Rainmeter\Rainmeter.exe
    C:\PROGRA~1\Raptr\raptr.exe
    C:\PROGRA~1\Raptr\raptr_im.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Opera\opera.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
    C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://isearch.avg.com/?cid={418EA...1c7d61afd&lang=en&ds=qw011&pr=sa&d=2012-10-03 01:12:58&v=12.2.5.34&sap=hp
    mStart Page = about:blank
    uURLSearchHooks: Ashampoo_US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - c:\users\gears\appdata\locallow\ct2481032\ldrtbAsha.dll
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    mURLSearchHooks: Ashampoo_US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - c:\users\gears\appdata\locallow\ct2481032\ldrtbAsha.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    BHO: Ashampoo_US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - c:\users\gears\appdata\locallow\ct2481032\ldrtbAsha.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - Babylon toolbar helper
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
    TB: !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} -
    TB: Ashampoo_US Toolbar: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - c:\users\gears\appdata\locallow\ct2481032\ldrtbAsha.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
    uRun: [DesktopIconToy] c:\users\gears\desktop\desktop icon toy\DesktopIconToy.exe
    uRun: [Google Update] "c:\users\gears\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Raptr] c:\progra~1\raptr\raptrstub.exe --startup
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    StartupFolder: c:\users\gears\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{71CFB3D2-8435-4E6F-B4E2-E79D3B1F1E82} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{71EC4797-FE96-4C79-BC67-A0114E804FE1} : DhcpNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\gears\appdata\roaming\mozilla\firefox\profiles\c8xjfcuv.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2481032&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=2&q=
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\gears\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\users\gears\appdata\roaming\mozilla\firefox\profiles\c8xjfcuv.default\extensions\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}\plugins\np-mswmp.dll
    FF - plugin: c:\users\gears\appdata\roaming\mozilla\firefox\profiles\c8xjfcuv.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-3 27496]
    R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2011-3-10 23856]
    R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe [2012-7-15 81920]
    R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-25 202296]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]
    R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2009-3-26 599344]
    R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-10-3 722528]
    R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2012-7-15 228408]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 54784]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-8-7 97536]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-10-2 6114816]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-8-6 44576]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S2 SafeBox;SafeBox;"c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe" --> c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [?]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
    S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 9\DfSdkS.exe [2012-9-16 406016]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-25 113120]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
    S4 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe --> c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-10-06 07:57:08 -------- d-----w- c:\users\gears\appdata\roaming\Malwarebytes
    2012-10-06 07:56:35 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-06 07:56:33 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-03 16:59:07 -------- d-----w- c:\users\gears\appdata\roaming\Rainmeter
    2012-10-03 16:59:03 -------- d-----w- c:\program files\Rainmeter
    2012-10-02 15:13:31 -------- d-----w- c:\users\gears\appdata\roaming\AnvSoft
    2012-10-02 15:13:15 -------- d-----w- c:\users\gears\appdata\local\AVG Secure Search
    2012-10-02 15:13:11 -------- d-----w- c:\programdata\AVG Secure Search
    2012-10-02 15:12:55 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-10-02 15:12:51 -------- d-----w- c:\program files\common files\AVG Secure Search
    2012-10-02 15:12:49 -------- d-----w- c:\program files\AVG Secure Search
    2012-09-29 16:55:31 -------- d-----w- c:\users\gears\appdata\local\Macromedia
    2012-09-29 14:36:02 -------- d-----w- c:\users\gears\appdata\local\XboxMB
    2012-09-29 14:35:47 -------- d-----w- c:\windows\XSxS
    2012-09-29 14:35:47 -------- d-----w- c:\users\gears\appdata\local\Xenocode
    2012-09-29 14:35:47 -------- d-----w- c:\program files\Xenocode
    2012-09-29 14:28:51 -------- d-----w- c:\users\gears\appdata\roaming\PandoraRecovery
    2012-09-29 14:28:48 -------- d-----w- c:\program files\Pandora Recovery
    2012-09-29 14:18:37 -------- d-----w- c:\programdata\Cached Installations
    2012-09-28 16:13:12 -------- d-----w- c:\program files\1ClickDownload
    2012-09-26 07:56:51 -------- d-----w- c:\program files\Conduit
    2012-09-26 07:56:47 -------- d-----w- c:\program files\Vuze_Remote
    2012-09-21 06:22:32 -------- d-----w- c:\program files\common files\xing shared
    2012-09-21 06:21:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-09-21 06:21:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-09-16 08:51:01 -------- d-----w- c:\users\gears\appdata\local\CRE
    2012-09-16 08:49:33 -------- d-----w- c:\users\gears\appdata\local\Conduit
    2012-09-16 08:47:26 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
    2012-09-16 08:47:21 -------- d-----w- c:\program files\Ashampoo
    2012-09-08 03:45:06 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    .
    ==================== Find3M ====================
    .
    2012-09-29 09:13:43 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-29 09:13:43 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-08 03:45:02 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-09-08 03:45:02 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-23 19:04:23 720896 ----a-w- c:\windows\iun6002.exe
    2012-07-22 04:40:27 216882 ----a-w- c:\programdata\1342931715.bdinstall.bin
    2012-07-22 04:32:10 18477 ----a-w- c:\programdata\1342931527.bdinstall.bin
    2012-07-22 04:24:43 161839 ----a-w- c:\programdata\1342930705.bdinstall.bin
    2012-07-15 13:21:10 125 ----a-w- c:\windows\xUninstall.bat
    2012-07-15 13:16:12 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
    .
    ============= FINISH: 22:02:49.03 ===============
  4. Jake25

    Jake25 TS Rookie Topic Starter Posts: 40

    4. AdwCleaner Log (Part 1):

    # AdwCleaner v2.003 - Logfile created 10/07/2012 at 22:06:44
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Ultimate (32 bits)
    # User : Gears - GEARS-PC
    # Boot Mode : Normal
    # Running from : L:\System Protection Software\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Users\Gears\AppData\Roaming\Mozilla\Firefox\Profiles\c8xjfcuv.default\searchplugins\Conduit.xml
    Folder Deleted : C:\Program Files\AVG Secure Search
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\Vuze_Remote
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\Users\Gears\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Gears\AppData\Local\Conduit
    Folder Deleted : C:\Users\Gears\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Folder Deleted : C:\Users\Gears\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Gears\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Gears\AppData\LocalLow\CT2481032
    Folder Deleted : C:\Users\Gears\AppData\LocalLow\searchquband
    Folder Deleted : C:\Users\Gears\AppData\LocalLow\Vuze_Remote
    Folder Deleted : C:\Users\Gears\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Gears\AppData\Roaming\BabylonToolbar
    Folder Deleted : C:\Users\Gears\AppData\Roaming\Mozilla\Firefox\Profiles\c8xjfcuv.default\CT2481032
    Folder Deleted : C:\Users\Gears\AppData\Roaming\Mozilla\Firefox\Profiles\c8xjfcuv.default\CT2504091
    Folder Deleted : C:\Users\Gears\AppData\Roaming\Mozilla\Firefox\Profiles\c8xjfcuv.default\extensions\{124d001a-bdcb-472f-aa59-bbe7e4bc3204}
    Folder Deleted : C:\Users\Gears\AppData\Roaming\Mozilla\Firefox\Profiles\c8xjfcuv.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    Folder Deleted : C:\Users\Gears\AppData\Roaming\Mozilla\Firefox\Profiles\c8xjfcuv.default\Smartbar

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\BabylonToolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BabylonToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\b
    Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
    Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\SmartBar.CT2481032
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{708DFB60-0FC1-4D51-BBA8-0A03485252CF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA80CE87-9716-46EF-A912-C6ED1835912E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\Software\Vuze_Remote
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
  5. Jake25

    Jake25 TS Rookie Topic Starter Posts: 40

    4. AdwCleaner Log (Part 2) :

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7600.16385

    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={418EA1DD-5207-403A-A756-1487EE29C674}&mid=956582dac7c947d0b66fd16acdca1500-a53f1b1a57c02aac8f789806f95f1431c7d61afd&lang=en&ds=qw011&pr=sa&d=2012-10-03 01:12:58&v=12.2.5.34&sap=hp --> hxxp://www.google.com
    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affid=112555&tt=3012_8&babsrc=nt_ss&mntrid=3e44817a00000000000000215db9bb5b --> hxxp://www.google.com

    -\\ Mozilla Firefox v14.0.1 (en-US)

    Profile name : default
    File : C:\Users\Gears\AppData\Roaming\Mozilla\Firefox\Profiles\c8xjfcuv.default\prefs.js

    Deleted : user_pref("CT2481032.1000082.isPlayDisplay", "true");
    Deleted : user_pref("CT2481032.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
    Deleted : user_pref("CT2481032.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2481032.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT2481032.FirstTime", "true");
    Deleted : user_pref("CT2481032.FirstTimeFF3", "true");
    Deleted : user_pref("CT2481032.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT248[...]
    Deleted : user_pref("CT2481032.UserID", "UN84203531966749524");
    Deleted : user_pref("CT2481032.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT2481032.autoDisableScopes", -1);
    Deleted : user_pref("CT2481032.browser.search.defaultthis.engineName", true);
    Deleted : user_pref("CT2481032.cbcountry_001", "AU");
    Deleted : user_pref("CT2481032.cbfirsttime", "Sun Sep 30 2012 02:55:02 GMT+1000 (AUS Eastern Standard Time)");
    Deleted : user_pref("CT2481032.defaultSearch", "true");
    Deleted : user_pref("CT2481032.embeddedsData", "[{\"appId\":\"129058858240125318\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT2481032.enableAlerts", "false");
    Deleted : user_pref("CT2481032.enableSearchFromAddressBar", "true");
    Deleted : user_pref("CT2481032.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT2481032.fixPageNotFoundError", "true");
    Deleted : user_pref("CT2481032.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT2481032.fixUrls", true);
    Deleted : user_pref("CT2481032.installId", "ConduitNSISIntegration");
    Deleted : user_pref("CT2481032.installType", "ConduitNSISIntegration");
    Deleted : user_pref("CT2481032.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2481032.isNewTabEnabled", true);
    Deleted : user_pref("CT2481032.isPerformedSmartBarTransition", "true");
    Deleted : user_pref("CT2481032.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT2481032.keyword", true);
    Deleted : user_pref("CT2481032.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.xboxmb.com%2[...]
    Deleted : user_pref("CT2481032.openThankYouPage", "false");
    Deleted : user_pref("CT2481032.openUninstallPage", "false");
    Deleted : user_pref("CT2481032.search.searchAppId", "129058858240125318");
    Deleted : user_pref("CT2481032.search.searchCount", "0");
    Deleted : user_pref("CT2481032.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT2481032.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2481032.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT2481032.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
    Deleted : user_pref("CT2481032.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT2481032.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2481032.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2481032.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT2481032.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1348937707965");
    Deleted : user_pref("CT2481032.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1348937707145");
    Deleted : user_pref("CT2481032.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "13489377073[...]
    Deleted : user_pref("CT2481032.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1348937709579"[...]
    Deleted : user_pref("CT2481032.serviceLayer_services_app.twitter.user-google_lastUpdate", "1348937707615");
    Deleted : user_pref("CT2481032.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1348937707601")[...]
    Deleted : user_pref("CT2481032.serviceLayer_services_app.twitter.user-thesun_news_lastUpdate", "1348937706827"[...]
    Deleted : user_pref("CT2481032.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1348937709603");
    Deleted : user_pref("CT2481032.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348937680130");
    Deleted : user_pref("CT2481032.serviceLayer_services_appsMetadata_lastUpdate", "1348937672560");
    Deleted : user_pref("CT2481032.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348937677898");
    Deleted : user_pref("CT2481032.serviceLayer_services_login_10.10.27.6_lastUpdate", "1348937690344");
    Deleted : user_pref("CT2481032.serviceLayer_services_optimizer_lastUpdate", "1348937680101");
    Deleted : user_pref("CT2481032.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348937678445");
    Deleted : user_pref("CT2481032.serviceLayer_services_searchAPI_lastUpdate", "1348937669375");
    Deleted : user_pref("CT2481032.serviceLayer_services_serviceMap_lastUpdate", "1348937667948");
    Deleted : user_pref("CT2481032.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348937678405");
    Deleted : user_pref("CT2481032.serviceLayer_services_toolbarSettings_lastUpdate", "1348937669857");
    Deleted : user_pref("CT2481032.serviceLayer_services_translation_lastUpdate", "1348937672609");
    Deleted : user_pref("CT2481032.settingsINI", true);
    Deleted : user_pref("CT2481032.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT2481032.smartbar.CTID", "CT2481032");
    Deleted : user_pref("CT2481032.smartbar.Uninstall", "0");
    Deleted : user_pref("CT2481032.smartbar.homepage", true);
    Deleted : user_pref("CT2481032.smartbar.toolbarName", "Ashampoo US ");
    Deleted : user_pref("CT2481032.toolbarBornServerTime", "29-9-2012");
    Deleted : user_pref("CT2481032.toolbarCurrentServerTime", "29-9-2012");
    Deleted : user_pref("CT2481032.url_history0001", "hxxp://www.xboxmb.com/register.php?do=addmember#:::clickhand[...]
    Deleted : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT2504091.FirstTime", "true");
    Deleted : user_pref("CT2504091.FirstTimeFF3", "true");
    Deleted : user_pref("CT2504091.UserID", "UN61142577062601779");
    Deleted : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT2504091.autoDisableScopes", 10);
    Deleted : user_pref("CT2504091.cbcountry_001", "AU");
    Deleted : user_pref("CT2504091.cbfirsttime", "Sun Sep 30 2012 02:55:02 GMT+1000 (AUS Eastern Standard Time)");
    Deleted : user_pref("CT2504091.defaultSearch", "false");
    Deleted : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT2504091.enableAlerts", "false");
    Deleted : user_pref("CT2504091.enableSearchFromAddressBar", "true");
    Deleted : user_pref("CT2504091.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT2504091.fixPageNotFoundError", "true");
    Deleted : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT2504091.fixUrls", true);
    Deleted : user_pref("CT2504091.installId", "ConduitNSISIntegration");
    Deleted : user_pref("CT2504091.installType", "ConduitNSISIntegration");
    Deleted : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2504091.isNewTabEnabled", true);
    Deleted : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
    Deleted : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT2504091.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.xboxmb.com%2[...]
    Deleted : user_pref("CT2504091.openThankYouPage", "false");
    Deleted : user_pref("CT2504091.openUninstallPage", "false");
    Deleted : user_pref("CT2504091.search.searchAppId", "129079840422026594");
    Deleted : user_pref("CT2504091.search.searchCount", "0");
    Deleted : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348937676963");
    Deleted : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1348937672550");
    Deleted : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348937677826");
    Deleted : user_pref("CT2504091.serviceLayer_services_login_10.10.27.6_lastUpdate", "1348937691547");
    Deleted : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1348937676968");
    Deleted : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348937676070");
    Deleted : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1348937669369");
    Deleted : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1348937667934");
    Deleted : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348937677779");
    Deleted : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1348937669113");
    Deleted : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1348937672594");
    Deleted : user_pref("CT2504091.settingsINI", true);
    Deleted : user_pref("CT2504091.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT2504091.smartbar.CTID", "CT2504091");
    Deleted : user_pref("CT2504091.smartbar.Uninstall", "0");
    Deleted : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
    Deleted : user_pref("CT2504091.startPage", "false");
    Deleted : user_pref("CT2504091.toolbarBornServerTime", "29-9-2012");
    Deleted : user_pref("CT2504091.toolbarCurrentServerTime", "29-9-2012");
    Deleted : user_pref("CT2504091.url_history0001", "hxxp://www.xboxmb.com/register.php?do=addmember#:::clickhand[...]
    Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2481032&SearchSource=1[...]
    Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Ashampoo US Customized Web Search");
    Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032[...]
    Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2481032");
    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2481032&SearchSource=13");
    Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481032&SearchSource=2&q=[...]

    -\\ Google Chrome v22.0.1229.79

    File : C:\Users\Gears\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.1] : icon_url ={"backup":{"homepage":true,"homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxps://isearch.avg.com/?cid={418EA1DD-5207-403A-A756-1487EE29C674}&mid=956582dac7c947d0b66fd16acdca1500-a53f1b1a57c02aac8f789806f95f1431c7d61afd&lang=en&ds=qw011&pr=sa&d=2012-10-03 01:12:58&v=12.2.5.34&sap=hp"]}},"browser":{"check_default_browser":false,"last_known_google_url":"hxxp://www.google.com.au/","last_prompted_google_url":"hxxp://www.google.com.au/","window_placement":{"bottom":974,"left":286,"maximized":false,"right":1877,"top":29,"work_area_bottom":1040,"work_area_left":0,"work_area_right":1920,"work_area_top":0}},"countryid_at_install":16725,"default_apps_install_state":2,"default_search_provider":{"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.ico","id":"2","instant_url":"{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&ie={inputEncoding}{google:instantEnabledParameter}{searchTerms}","keyword":"google.com.au","name":"Google","prepopulate_id":"1","search_url":"{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}","suggest_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}"},"dns_prefetching":{"host_referral_list":[2,["hxxp://platform.twitter.com/",["hxxp://cdn.api.twitter.com/",0.3832381940287686,"hxxp://p.twitter.com/",0.7041541779347685,"hxxp://r.twimg.com/",0.2434471914393150]],["hxxp://search.babylon.com/",["hxxp://api.autocompleteplus.com/",4.42297735465740,"hxxp://partner.googleadservices.com/",2.27338020,"hxxp://usw.cdn-services.com/",3.901558575069147,"hxxp://www.google-analytics.com/",2.186131519166907,"hxxp://www.googletagservices.com/",2.27338020]],["hxxp://tools.google.com/",["hxxp://fonts.googleapis.com/",2.5295730496120,"hxxp://tools.google.com/",2.5295730496120,"hxxp://www.google.com/",2.8504890335180]],["hxxp://wms.assoc-amazon.co.uk/",["hxxp://rcm-images.amazon.com/",2.5295730496120,"hxxp://www.assoc-amazon.co.uk/",2.2086570657060]],["hxxp://www.facebook.com/",["hxxp://static.ak.fbcdn.net/",1.011899756959325]],["hxxp://www.hc-sc.gc.ca/",["hxxp://www.google-analytics.com/",2.2086570657060,"hxxp://www.hc-sc.gc.ca/",10.5524726472620]],["hxxp://www.medstoreinternational.com/",["hxxp://smarticon.geotrust.com/",2.2086570657060,"hxxp://www.google-analytics.com/",2.5295730496120,"hxxp://www.medstoreinternational.com/",10.2315566633560,"hxxps://www.edrugsearch.com/",2.5295730496120]],["hxxp://www.northwestpharmacy.com/",["hxxp://platform.twitter.com/",2.2086570657060,"hxxp://privacy-policy.truste.com/",2.2086570657060,"hxxp://www.facebook.com/",2.5295730496120,"hxxp://www.northwestpharmacy.com/",9.910640679449996,"hxxps://apis.google.com/",2.2086570657060,"hxxps://c674753.ssl.cf2.rackcdn.com/",2.2086570657060,"hxxps://www.northwestpharmacy.com/",2.2086570657060,"hxxps://www.securitymetrics.com/",2.2086570657060]],["hxxp://www.rockstarwarehouse.com/",["hxxps://www.rockstarwarehouse.com/",2.60370040]],["hxxp://www.stopthethyroidmadness.com/",["hxxp://ajax.googleapis.com/",1.457713663365960,"hxxp://c.statcounter.com/",1.457713663365960,"hxxp://www.google-analytics.com/",1.457713663365960,"hxxp://www.ingenio.com/",1.457713663365960,"hxxp://www.statcounter.com/",1.457713663365960,"hxxp://www.stopthethyroidmadness.com/",6.117413749681079,"hxxps://secure.newdream.net/",1.457713663365960]],["hxxp://www.thyroiduk.org.uk/",["hxxp://connect.facebook.net/",2.2086570657060,"hxxp://static.ak.facebook.com/",2.5295730496120,"hxxp://wms.assoc-amazon.co.uk/",2.5295730496120,"hxxp://www.facebook.com/",2.5295730496120,"hxxp://www.google-analytics.com/",2.5295730496120,"hxxp://www.healthunlocked.com/",2.5295730496120,"hxxp://www.thyroiduk.org.uk/",8.306060759919998,"hxxp://www2.healthunlocked.com/",2.5295730496120,"hxxps://s-static.ak.facebook.com/",2.5295730496120,"hxxps://www.paypalobjects.com/",2.5295730496120]],["hxxps://pixel.fetchback.com/",["hxxps://pixel.fetchback.com/",2.8504890335180]],["hxxps://plusone.google.com/",["hxxps://plusone.google.com/",0.5495541703113243]],["hxxps://www.facebook.com/",["hxxps://s-static.ak.fbcdn.net/",1.130317813400670]]],"startup_list":[1,"hxxp://partner.googleadservices.com/","hxxp://pubads.g.doubleclick.net/","hxxp://search.babylon.com/","hxxp://usw.cdn-services.com/","hxxp://www.google-analytics.com/","hxxp://www.googletagservices.com/","hxxp://www.rockstarwarehouse.com/","hxxps://data.rockstarwarehouse.com/","hxxps://ssl.google-analytics.com/","hxxps://www.rockstarwarehouse.com/"]},"download":{"directory_upgrade":true},"extensions":{"alerts":{"initialized":true},"autoupdate":{"last_check":"12990303980844191","next_check":"12990321777783191"},"blacklistupdate":{"lastpingday":"12990265201144191","version":"0.0.0.120"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"],"newtab":["chrome-extension://dhkplhfnhceodhffomolpfigojocbpcb/redirect.html"]},"settings":{"aandpgohbohmlknpjbblpmoladhoochg":{"blacklist":true},"abciiempgohamehppammbkhkicmkgkob":{"blacklist":true},"acmpfcamncegnhjdeiodgilikjafcamg":{"blacklist":true},"aebfkgcamgnimcbnbiopgdakknjgggnm":{"blacklist":true},"aemcjbfajnnmhblifaejadoecfoaebld":{"blacklist":true},"afenhmponmfmdmbmccbmglppcmjhmhmh":{"blacklist":true},"aglmapjbjphdidmnileogpjkgpdoliep":{"blacklist":true},"agmhonoepgcnakccfpidhjehlocaeaaj":{"blacklist":true},"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"n","page_ordinal":"n"},"ahjfgnikolodijnpakeknpilnemojlhc":{"blacklist":true},"aieglpnmmhleoenpbmfaffppfomgjmba":{"blacklist":true},"aifmjmboebdkdelpjenakhaodgneempp":{"blacklist":true},"alcbnnpmipohgdllkkglhkbncijplago":{"blacklist":true},"aldalonecchncedclgcndcndgilaclnk":{"blacklist":true},"aljdncnajablgppdcfbehhmidlmbndda":{"blacklist":true},"amfgdngndpfldigimkcindjalokfnmem":{"blacklist":true},"apdmgffkfhjfeejmbjidennfjdkmmmbl":{"blacklist":true},"aphncaagnlabkeipnbbicmcahnamibgb":{"blacklist":true},"bcddmcejgphfgofbpoocakaeapfomlek":{"blacklist":true},"benclngoadbppljglhphhnfknoppmjoa":{"blacklist":true},"bhdkpmneahdelgdgfhddianklldfoell":{"blacklist":true},"bilgncckogfgfipdlejkffnbkgjkmflh":{"blacklist":true},"bjihddggcgnblgojnmhpnngonofbnkaj":{"blacklist":true},"bkhafliomebnpccanacmlfaemgfiofko":{"blacklist":true},"bkkchglolnigbfncnbnnbhhempjkdpkf":{"blacklist":true},"bkplhcigeaiiliajeehehiikokgocbhb":{"blacklist":true},"bldgnkigdcpgnbfehgbameigoohecdfl":{"blacklist":true},"bndahdijlcnncjbpammoedeapmlobllc":{"blacklist":true},"boaoagnmpennjoigkkmnjhecapibhfko":{"blacklist":true},"boclfockfmgcppbajihcgajhpggaakgl":{"blacklist":true},"bokkificjhapflinbdejegngffgkcgfe":{"blacklist":true},"caphkimknlmnhpjoneddiaakmcaajagb":{"blacklist":true},"cbbbpmlnlpnjojeplppgeilanlihoojg":{"blacklist":true},"cbbjhegipokkofhhicbckicchjpcpeni":{"blacklist":true},"cekdjgnecpoooikhmceokdhojckkkhmh":{"blacklist":true},"cepfogmgfkddnllaopgknbdfkceejmhk":{"blacklist":true},"cfbdodejdeejbkffcmiaknpmojjeibpn":{"blacklist":true},"cgnkbnaiipmfbakpmhllalggoepniemh":{"blacklist":true},"cihlkpohodpdkdnfalhdkhhlhmhffmbe":{"blacklist":true},"cjhklhdjonhcohlacgggcbklpnldleck":{"blacklist":true},"cjohbbapkbkkhpohinffggbphnhoblea":{"blacklist":true},"ckckpgefkpjfopjppjfcikppehdhceah":{"blacklist":true},"clapnamcglekekmamicmbahkghdcjaeh":{"blacklist":true},"cmjphjljejnfgdbkdgdlclaabimpknna":{"blacklist":true},"cmlokmkdolieoaoddlfhaidnlmiadhik":{"blacklist":true},"coajchbkdbfhmhbgcjepiofllfjjcpfp":{"blacklist":true},"cpiiakoibaohkfoaijaigdnocfolnmll":{"blacklist":true},"dadcalgappognjbjpalfophhcfakoeac":{"blacklist":true},"danapgfidmepmcfbjjacceiaiiioieio":{"blacklist":true},"dbiblcmlcgdjjbdpbmbcpineegngkiip":{"blacklist":true},"dbmdicehacbaohlockjgdglcobimmjkh":{"blacklist":true},"dchlnpcodkpfdpacogkljefecpegganj":{"ack_external":true,"active_permissions":{"api":["contextMenus","plugin","tabs"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["<all_urls>"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12989167637164201","lastpingday":"12990265201316191","location":3,"manifest":{"background_page":"background/main.html","browser_action":{"default_icon":"images/logo.png","permissions":["tabs","hxxp://*/","hxxps://*/"]},"content_scripts":[{"js":["background/lcr.js","background/links_mode.js","content_scripts/parse_url.js","content_scripts/images.js","content_scripts/content.js"],"matches":["<all_urls>"],"permissions":["tabs","hxxp://*/","hxxps://*/","chrome://*/"]}],"current_locale":"en_US","default_locale":"en","description":"","icons":{"48":"images/linkfilter.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoT5JIHtvANTHxjeMIDoDIO4GErND6wLGKz6RgVBh0MkCUgWriFtriQH9VEj2ie+T4pGHPLsFvOSNu3Qe62IX1uJObiArdfdbiT//IRBIlPl3mqwj3xH8+M4YLpkXEU3zX6oavtcxZpWDkQHB+5Pfp9IRo+az61Td4rgBZwxEAyQIDAQAB","name":"Kaspersky URL Advisor","permissions":["contextMenus","tabs","hxxp://*/","hxxps://*/"],"plugins":[{"path":"plugin/npUrlAdvisor.dll","public":true}],"version":"12.0.0.477"},"path":"dchlnpcodkpfdpacogkljefecpegganj\\12.0.0.477_0","state":1},"dejippphmhbpgckbhdidnjmdcpfccbaj":{"blacklist":true},"dfafokiagoiocidlpglcanjkcdbdnioi":{"blacklist":true},"dfoegfajplmijblljfancdapbdaopebb":{"blacklist":true},"dgaehaeahdegbdlenicbmkbakhdgoeml":{"blacklist":true},"dgcfmgdfbfbgcpbendbhbkfjppboebed":{"blacklist":true},"dgkemngdheppgohkjjelnkjmdeimmfml":{"blacklist":true},"dhkplhfnhceodhffomolpfigojocbpcb":{"ack_external":true,"active_permissions":{"api":["plugin","tabs"],"explicit_host":["hxxp://*/*"],"scriptable_host":["hxxp://*/*"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12989167630396201","location":3,"manifest":{"background_page":"bg.html","browser_action":{"default_icon":"browser_icon_babylon48.png","default_title":"Babylon Toolbar"},"chrome_url_overrides":{"newtab":"redirect.html"},"content_scripts":[{"all_frames":true,"js":["cs.js"],"matches":["hxxp://*/*"]}],"description":"Babylon ToolBar","icons":{"128":"babylon48.png","48":"babylon48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMHVuwST42pNWw6lNOUuLbpo+vO7TrD5Bp1HGFnjF/Z77GdGdkv0qeHtBHZdGcuTIzwsMoooA2yuKA9Xxs5WHpAUItq2L51IxrkzvdbomCdmVg+D95Yw2T6y86pM/ftZAoo1vqoTjWAl6oqLga1tfugMZ0q46tv8GwwDZMnYNEfQIDAQAB","name":"Babylon Toolbar","permissions":["tabs","hxxp://*/"],"plugins":[{"path":"BabylonChromeToolBar.dll","public":true}],"update_url":"hxxp://img.babylon.com/ext/chrome/update/update1.xml","version":"1.7"},"path":"dhkplhfnhceodhffomolpfigojocbpcb\\1.7_0","state":1},"diinokaoicgobepmadnmedlhdfnpehcj":{"blacklist":true},"dinhjcapnfbffhiihdlnbdfjdjjfhcbk":{"blacklist":true},"djnahdkbfgnhgpakidinfonfcjbagkgp":{"blacklist":true},"dlobhinihbmedmheccecfnkcadpehmbf":{"blacklist":true},"dmhjdbigobajgnfoabodjgmcdgoeoljm":{"blacklist":true},"dmkdhgkknhnfpdjeicefnpmhcpbimden":{"blacklist":true},"dnemhlkdpajbbniphgkgceplmnkfnhfo":{"blacklist":true},"doneghboglgnflpdicnkaojmmljgejkj":{"blacklist":true},"dpgenihgggagjjggfocjceeobjkadcbc":{"blacklist":true},"dpmloehicimdjkibmobhmpgdndgbcced":{"blacklist":true},"ebdcdchjcndpjhehacedepnggfdbfkpn":{"blacklist":true},"echngajnlpjeacbanjejlhcajjfoedcc":{"blacklist":true},"edmnikahahfkfilbbjbdoiabnghbkmjc":{"blacklist":true},"efhjelcghjkfigiagdfbfilndaffpmdj":{"blacklist":true},"efnaljpgehfilpmkhobibbjceeeondmn":{"blacklist":true},"egljdhfnbjahogjahnigfnbpidlmdagi":{"blacklist":true},"ehgoiaffgjoinpkllmmnikghgpghnabc":{"blacklist":true},"ehomcoocpagnlcakcbecdaknmacmedld":{"blacklist":true},"eihjeehdobnpkonebmpanonopghepfle":{"blacklist":true},"ejijgghlncnaphklndknkbkclebfboca":{"blacklist":true},"ejlekamipdcfcfpgfepjmklllbpeecaj":{"blacklist":true},"elcaigjcaijbfpjngaekbblphmfjdhfo":{"blacklist":true},"eofejpelggimkodeojpeojnbijgiglgh":{"blacklist":true},"eopmhecjnginkckggjmhombbopmkjpam":{"blacklist":true},"epbmnbdplhcomkedpjfceakddnbgfjmf":{"blacklist":true},"fafoohpbicgbcejffcplajonhhooddle":{"blacklist":true},"fbhiehmngojjcmljddjmgpmcockbccmo":{"blacklist":true},"fcfepemfihgibdacjlnlecebknaaepmj":{"blacklist":true},"ffgfbfakpcnngelphjnppokmoicdollk":{"blacklist":true},"fhlkffpjoajppmhcakbkjndbjfljccpi":{"blacklist":true},"fiapkdjniadkodmdibdnchoifkpfoiid":{"blacklist":true},"fibgploapkhokkbncddlkcmbmiengcfp":{"blacklist":true},"fihepkmlkmciffbhijldnpmifhbkiinp":{"blacklist":true},"fjjeecfjmgfnleghoellhldedkaocjfc":{"blacklist":true},"fleljamdchegbjeiipbnmiebnhgheeld":{"blacklist":true},"flmmgcfcpbfddenepkfmgfpbaceolcoe":{"blacklist":true},"fmcccidacjgnfiafddkngmeolkoiihil":{"blacklist":true},"fmonlemffgbabjifjfaoamdflijecdbk":{"blacklist":true},"fngolbdmkneakeaoiieafkilnogbocda":{"blacklist":true},"fnhcgnmfccojojojacgeiaaeacefdohb":{"blacklist":true},"fnkaadkanmfgpfbmdcllhjdgmdbgljpi":{"blacklist":true},"fnnmbghphdnmmjdapccfobgjemjadeli":{"blacklist":true},"fnoadkjdjfgafomgmablhmffooijcfbn":{"blacklist":true},"fpbippbofbmgmbojjmgfcifpmdaelcmd":{"blacklist":true},"fpmajanjndhgpifbcbnklbiehgnpkgmf":{"blacklist":true},"fpoajjnnpmledpmohlgpgbmlhbgkgahg":{"blacklist":true},"gaicmfjflflabagobdiodejfpjikheeo":{"blacklist":true},"gandihaiobadcggbfkhpbkocmiemjlnf":{"blacklist":true},"gbenikfjhilhpgagllmfgggdjaflbmbi":{"blacklist":true},"gdggdkkjecogagaffaemnbfmllcoihjp":{"blacklist":true},"gekkhpjigmckhgmgngadbeknekgpgolb":{"blacklist":true},"ggagiiobgjmfpdadhecbofeoelcpidec":{"ack_external":true},"ghgphbmpcfgkfneodjpbdanmdoemklio":{"blacklist":true},"ghmaokcegalalefnhlfcnjhnpdbanjkj":{"blacklist":true},"gifglngcdbggmlgkcombebegdaoknkho":{"blacklist":true},"gjkbghdignnlcknknflbigpammebiolo":{"blacklist":true},"gkjeccpmibljcfpfapfljciimedljpnm":{"blacklist":true},"gkjmgdpdndoaiholejnmdbbpdaafahmm":{"blacklist":true},"gmghjgfdialcnhadahmjefeflgnhcjeb":{"blacklist":true},"gnapdhmknipknfmhhnhdmhakdfhgeing":{"blacklist":true},"gncfgndgeoddelbfhlndhljnecoednaa":{"blacklist":true},"gngmkbiihflpghldjnbpemaicedhdddk":{"blacklist":true},"gobjcjhhebpjbmjdgmejhebbleadnceo":{"blacklist":true},"gplgjmecjpbfcdikpbicknafcnfcidek":{"blacklist":true},"hbaajkahagmlkdekmbdabikbopdgpaac":{"blacklist":true},"hbdhabpmbbanaopgkbaondabkkepjfaf":{"blacklist":true},"hbmlheccjkodhfejcmblndjodllmnlnl":{"blacklist":true},"hcapokajkngndbglnfglpfdpoeidmpha":{"blacklist":true},"hcpndbchnlgojmnijaldkicigmihmdca":{"blacklist":true},"hdijkiondgomjpehfhopomicjbiodmcm":{"blacklist":true},"hdnbmmfjbblajkjkcaeofolgfnljpnim":{"blacklist":true},"hecijapnccjhonbmacmkmffooodfokoo":{"blacklist":true},"hefmoncdemhjembgbnkgglhlookbipdc":{"blacklist":true},"hfpfbhnmbbigpmoodjemilggabklpopj":{"blacklist":true},"hgbaomphocgmdpmiohjclchaaljpaelp":{"blacklist":true},"hgboiaecclcbjphldpbgfgggcbihmnai":{"blacklist":true},"hgjgaeknhmidehalnmokomhpfhbfmpcm":{"blacklist":true},"hhfffemhgkginfafaoapljdllodppana":{"blacklist":true},"hhfiljkpjapjjphcocclhhaldpfkkjbi":{"blacklist":true},"hhjmkijkgojfifipdgmiemghfikbohcm":{"blacklist":true},"hhlgbfcfbkhlmajakkcjippgpcmejkko":{"blacklist":true},"hilncbjbdpnfepdidfchmdclhpnlegpj":{"blacklist":true},"hjkhligcnpfjhjlapmejaiaiigibofif":{"blacklist":true},"hkbgccpdcpbdckohbknjlamamelcnlki":{"blacklist":true},"hkjcejgfmaanpncnpoidgbhoikcaeepd":{"blacklist":true},"hkjfdgjkgpbbdmadbglcgljjjddkcdha":{"blacklist":true},"hmmoglffhpmacaacfbbmbbkcbdkjphnc":{"blacklist":true},"hnbcdmfeoldeppcbnnjmjkdofohaljbn":{"blacklist":true},"hncomkjbbkchfjelocejkbbflmjhlhfp":{"blacklist":true},"hnipgljcblpgnnojcfldehpeknhakbgj":{"blacklist":true},"hnkcpoijaeegompjgbjjhkdmljldaccg":{"blacklist":true},"hnnebfeppcbhhbhiifeaajgcjnkljlld":{"blacklist":true},"hnonhhpgjnjcjfbkjdpfbkfpaodcmncb":{"blacklist":true},"hpcdoodjfcmpcpkeendjnjkeinimhkih":{"blacklist":true},"hpibmhghjndideebpackbdlpncgkcppp":{"blacklist":true},"iablioliielnhdianpbiijaoncbmfend":{"blacklist":true},"iccblehkchfmjgfafjcpjlkjcponhdhl":{"blacklist":true},"icihfeaofpcfehanhbnjigdlpfahjlee":{"blacklist":true},"iemfpgbdjfoihicbocpbjppipdbfimeh":{"blacklist":true},"ifbkndkaolfbjjhnnhfmkbkoclpdkpli":{"blacklist":true},"ifeijfpkjckedpclgncedmgdiaoeahmk":{"blacklist":true},"igaajdmlejbjcbmpmnigopikfdaccdcm":{"blacklist":true},"igbaoknfddliiaoimhehfbkfekpmmfll":{"blacklist":true},"igghanohiioehififjoalfkdoicafjof":{"blacklist":true},"ihnembcpodnfgkafmiojebccomjekopm":{"blacklist":true},"iiiinekimabooeihccihfopoadcaaphn":{"blacklist":true},"ijecjbcgpblkacpijljpaienknanaloa":{"blacklist":true},"ijenlpgidnapbndonoinbkhekgjonojg":{"blacklist":true},"ilhjicgcglhjigdehkcehjdokmkahbjl":{"blacklist":true},"imfbomjbodpfgfhfahlgkkcllmhbelhk":{"blacklist":true},"imkffpjpdngdkpgadcmnlkhhmhdocijn":{"blacklist":true},"iobnpmeeecphddicmhhmdjbnlbdhjlne":{"blacklist":true},"iomejadoamfilglofmeaffghddcgapmf":{"blacklist":true},"jaejgaoiipdjjlbnapngknalafalbkej":{"blacklist":true},"jagncdcchgajhfhijbbhecadmaiegcmh":{"ack_external":true,"active_permissions":{"api":["contextMenus","plugin","tabs"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["<all_urls>"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12989167634960201","lastpingday":"12990265201316191","location":3,"manifest":{"background_page":"background/main.html","browser_action":{"default_icon":"images/kbrd-mini.png","permissions":["tabs","hxxp://*/","hxxps://*/"]},"content_scripts":[{"all_frames":true,"js":["content_scripts/content.js"],"matches":["<all_urls>"],"permissions":["tabs","hxxp://*/","hxxps://*/","chrome://*/"]}],"current_locale":"en_US","default_locale":"en","description":"","icons":{"48":"images/kbrd.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIE8ddNMQ/SHWOqKZxQxem2oNC2OBd6k7O54d2Wy39/EfiWgpIdYxghWQCzltY7GKpdguKT9ex5421Eq5KC2rDf6DzgBdvZYEG3lffYa1oIWKfKP8kO5p3DWzsEaGjIO6U6gUaGZDYglwVraxxowNDsVgvuz1F4G/FwdnXsOfQcwIDAQAB","name":"Virtual Keyboard","permissions":["contextMenus","tabs","hxxp://*/","hxxps://*/"],"plugins":[{"path":"plugin/npVKPlugin.dll","public":true}],"version":"12.0.0.477"},"path":"jagncdcchgajhfhijbbhecadmaiegcmh\\12.0.0.477_0","state":1},"janhdpmhnighonkkbkdpnljcoenpfkbh":{"blacklist":true},"jbmbiepnidbnhbbfdbgioomdkgnbcacj":{"blacklist":true},"jbnafcjbcfgejacaanogofkkehcomamp":{"blacklist":true},"jcmipejepoimfflnoapdmkdephgjinck":{"blacklist":true},"jfalnphfjdoalcdhlnhdpekbmmopkgkj":{"blacklist":true},"jfjagidcpadkoaonbogmbgfimmnefeie":{"blacklist":true},"jgdkappiifgomhgikcjbanhnmlekpeje":{"blacklist":true},"jgmpapdckakiohhebmeoemejibommimi":{"blacklist":true},"jhhabiomopkibeecgngiggmopkeofacl":{"blacklist":true},"jindbcpkhnnnjgcjgmkjedbibibiojjf":{"blacklist":true},"jjnkfllhcgkgnfbekpnmoikpfihpjfli":{"blacklist":true},"jkihmglffmfjedfbpbpdbbimcodjbmdh":{"blacklist":true},"jkmhalpofmlfeglboejbchpoijnkmcgh":{"blacklist":true},"jmbkhogpjgjpfjhpdikloblkbkljkgao":{"blacklist":true},"jmeanodbelbflfmnkfdjgpikmldgjjko":{"blacklist":true},"jmifipgdcllamghkhdplfjffkciekbgo":{"blacklist":true},"jpehgolpfgnknboibogccapmdcadjkbd":{"blacklist":true},"jpeijjbllejgmokmahkeommcodahoobm":{"blacklist":true},"jpgidahfcgiajlcbleeiaibpmmblcmnb":{"blacklist":true},"jpkdlckejfjidmplieobnhijmoiecbhl":{"blacklist":true},"kbipembkfhbdmkkkfbigmohilmknjnof":{"blacklist":true},"kcanfkmhccbaheheaackijegkclkaeic":{"blacklist":true},"kcfnnanmpghdnoompcfclakpacapnfbn":{"blacklist":true},"kcgplbmkmfcpngilmhjmebdgkkpbdemp":{"blacklist":true},"kdchmeaiapjkejkcbeclgjklemecieeg":{"blacklist":true},"kelcbonmemlciepjdmfcifnhloeammhj":{"blacklist":true},"kelljdoinjlkmkncffgadbebgpmlcang":{"blacklist":true},"kffhenjbibjnbnjhlkcdlmpeccpaohio":{"blacklist":true},"kgbkdabomfdpfoibliicpmibceaoohgh":{"blacklist":true},"kgdhnhadbnpeibkghaebmhmngobdafag":{"blacklist":true},"kgdkcodealpfjolmiagcogfbgmaamegh":{"blacklist":true},"kgdmldjagfciieddcnlhampgkajkpanc":{"blacklist":true},"kibgmcdcfmcglajcfbecilngejnfppjp":{"blacklist":true},"kiipngoehgkgkackngaidmhmnchfbmio":{"blacklist":true},"kinhljbhjmcmoddhdoodekeklmjapjff":{"blacklist":true},"kkhomejdleoonmbdhcigkhkjcghngncf":{"blacklist":true},"kleaapgdkahaekcocmkbgfainbhihccj":{"blacklist":true},"kmlebjoghkhpapfhbdikannggmmffnco":{"blacklist":true},"kolbbghckjilleabphhgeggcgpfidofi":{"blacklist":true},"lambangeielkjcnmioccboaphdfcffib":{"blacklist":true},"lbaddolhebpnhdcdkicpcflhnfamcemn":{"blacklist":true},"lbficnmfealeidppcbgdcbemgfjodbkg":{"blacklist":true},"lceaiepehinnomgijphkmjccbigkljkj":{"blacklist":true},"lcfkojlnjnedeoepfemhdgkhiabkeadc":{"blacklist":true},"ldgfapfmnplpaohbbadnecegcpfkfall":{"blacklist":true},"lgalokbapphhklmilicdefmgbjkcmldf":{"blacklist":true},"lgcnahanhlfpceencjmlehpfklokhojk":{"blacklist":true},"likifpgnijjfbdegfepoalpamlgnfofi":{"blacklist":true},"liomofjeffddiiccaolcnllbhnipbkhe":{"blacklist":true},"ljcicfibknpmlcmcecddjlbgkejehhpa":{"blacklist":true},"ljeihpebkahejeacdalhkhmckmggppif":{"blacklist":true},"lkdimamelhbiijkiljlnedmhnnkkmlbl":{"blacklist":true},"lkfdchejjogilmloogbbjlnlpbhgjfab":{"blacklist":true},"lkhcbijhgfchgdmklonlobkfbcadbokg":{"blacklist":true},"lljnngafekbnkpdfophmcdlbfebcbcld":{"blacklist":true},"lnahlgmhpghkhmafjppdidhcoaomipfg":{"blacklist":true},"lnbeebaenahmkbffnimghceldeeihfak":{"blacklist":true},"lncjcfkpannmofmpgdfoonkniofdnaba":{"blacklist":true},"lndempehphjoeimfchjflohpmhamiamf":{"blacklist":true},"lnjgjionmhobdfdegbciceafphgemjnc":{"blacklist":true},"lnlaeblencbjjjeaanegaldcjfekeled":{"blacklist":true},"lojppnndedobolgfepahepphhloediji":{"blacklist":true},"loldehkdjdncebfnncknlkdchjclifbn":{"blacklist":true},"lookpbabilcplifjdeifacodednpacmk":{"blacklist":true},"lpgiafapdmlapiokjnmpbbfkomiceoml":{"blacklist":true},"lplmcpcnhpbffpcfiaddbeaplhhbengd":{"blacklist":true},"mamfageekafifnickhgkibkofcclfefe":{"blacklist":true},"mbmdaiddhfoljplpdhohimgieioblfif":{"blacklist":true},"mcknnlhkkdbcppajgefagceglahcafjd":{"blacklist":true},"mdiehnlecbjlppbpaaipmlnhhjgepfcg":{"blacklist":true},"mdngbiejioalifclonjepjjfppmbgned":{"blacklist":true},"megkcfpbmemnpkgadkoompnoajcolpni":{"blacklist":true},"mfffdpnblflpobcnekhekiahepofaane":{"blacklist":true},"mfhfkclojmdocagbmecgcnlofppebebd":{"blacklist":true},"mfncimdpmknolnnnccdmkpnpkaofonkc":{"blacklist":true},"mgdgiplcofghdmpekdeeceolepakodcb":{"blacklist":true},"mjalegijammcloleihdmooifidcjggjp":{"blacklist":true},"mjgobkikdipfikmaoakdcdbicpioljgg":{"blacklist":true},"mjolnadmlahbpepjaemohnkhpjkbhmef":{"blacklist":true},"mknjbohhleiicbpagpgmhoaigbblmnic":{"blacklist":true},"mkobblpffgbncfhijabakfafmkjdmmnm":{"blacklist":true},"mlmegahemifabfmdnndafagnncfbnahn":{"blacklist":true},"mlmmbepkgelpbenpobinockmiehdahai":{"blacklist":true},"mlnoedbhndgbjcbeadjfnmjloejlgojk":{"blacklist":true},"mmjodihhmnpkldljaifiajmlnpflfhpm":{"blacklist":true},"mndoohjdoechinpkfbkolflbonciahfo":{"blacklist":true},"mnhcgaghminpdabllkbkecahjfkdiabk":{"blacklist":true},"mnichagcickblneeijmfnmoiakigmmhf":{"blacklist":true},"mnllienogacopjnkmhgnniopjpgjpopp":{"blacklist":true},"mogepbcllienegdibkfpmombhefhcoic":{"blacklist":true},"mplhbhmkccidaokcelbcbcmhhedebcng":{"blacklist":true},"naopgnjebjeeedbbhcadkhkmeefmloho":{"blacklist":true},"nbieffehfdniifkgdckbndjhojohbfjj":{"blacklist":true},"nckmikohoilfkcoahbjpbgbpegcjgngm":{"blacklist":true},"ncpdanjmicnihdlijomcggnnekloephc":{"blacklist":true},"ndhkiimgbjnendpcfbiadlifmangejoa":{"blacklist":true},"ndiogongcmocdgjciemhagfhpjamehpe":{"blacklist":true},"negkalblfongjbphdcbbhddlickhlamd":{"blacklist":true},"nepfiodmbijheamafkiglonfkjebdjmf":{"blacklist":true},"nfecfkjnlkbphobjbcnphimihniieehc":{"blacklist":true},"nhboiakpmibkbkbeehchlfkggmhphpnk":{"blacklist":true},"nhkmojkfnknbbmhbnacjdlodokeophkl":{"blacklist":true},"nibohffepnilngkecenfdgnokfhmnkod":{"blacklist":true},"nidmbljkkcbdfklgdkklgjgmhejmbojn":{"blacklist":true},"nidodbfomffkfabciljelkbdiabkeehe":{"blacklist":true},"nifbebeekindefklojhchehidpikbjfc":{"blacklist":true},"nihhbeikpchdddoillfdcdinnnnllmna":{"blacklist":true},"nlgapikcofpablcmfgaoodlhiejiehhh":{"blacklist":true},"nmmnodocfckpoddcgihiihcdinaonckb":{"blacklist":true},"nmphbnbmgfccfhcmibikmhcgajjpelpf":{"blacklist":true},"nnioepmjbjjlflmdgjanlcmbjahljeeo":{"blacklist":true},"nochkknnbahbhmmknnmdhagelcnfagom":{"blacklist":true},"noefghcilkpcabnhhilojimkkjplhcnd":{"blacklist":true},"npadaghbcdejfngcjpbnoikajdnongca":{"blacklist":true},"npolaghondefgiomhkbiiompikfjneep":{"blacklist":true},"oakhllhnbcpgagdafgbninlpjdemdmjk":{"blacklist":true},"oanjogmonneelfpnfmdlalfddkeckdej":{"blacklist":true},"ocmhjnhildbnglmlfimkjnnfgddelacb":{"blacklist":true},"ocnlnkjmfnolmbclblfhfhcakldceiec":{"blacklist":true},"odnamglmogfldajnhkfodmloofeokcmm":{"blacklist":true},"oghphhcagopecifjblgdcfihjnlcbcfc":{"blacklist":true},"ogjbodghhojomghbdfnlkppdagkfjede":{"blacklist":true},"oidjdpbndkjhmhmgdoggibcjnippkcgo":{"blacklist":true},"ojglppmhgfohhfeinlhklglifnbfebak":{"blacklist":true},"ojpijjmpahflnipadmlpgbjmagmjchkk":{"ack_external":true},"omceiakkomngangmllpgbjcoeloglald":{"blacklist":true},"onfbaaifbbahonepmednhkjbhdgogkbl":{"blacklist":true},"onpnpccdagncipgnoofbhchlbajcjnkd":{"blacklist":true},"oocfbmollajebjjpkahmlnclfhkjijea":{"blacklist":true},"ookcgejbfhcmcanfkfmmmpahflnlajbl":{"blacklist":true},"opnnngnphijodjhemhdafpnnpdjggofe":{"blacklist":true},"pajgiddgjidlcajihkjoacjbplimkgfe":{"blacklist":true},"pbdgmppmccanplobanhfkjndjkmmabgk":{"blacklist":true},"pbekednmpdekknlffkiopooofokfmkla":{"blacklist":true},"pbglijbamgmlcpnnpbfjkbdeheejjloj":{"blacklist":true},"peiijdmlgbelnnmnkighhkpeihmmamio":{"blacklist":true},"pfcelnbmkeoaeicedjomcjkcammlkdbk":{"blacklist":true},"pfhlnanelpgjbhndafjamnpfhkjadoip":{"blacklist":true},"pfoiaildicnbcjojocjlpcibenphhbln":{"blacklist":true},"pfonklmafadkmcedjlodommcoipgbcde":{"blacklist":true},"pgelifedkjaohmjehecojkfldinjlamn":{"blacklist":true},"pgjpnfpidejcmjibaaohcmehfohacckf":{"blacklist":true},"pgldfhecfiofkhnbgcncepnkjkeoahlk":{"blacklist":true},"phkpgooenaonkpnabopdbjjfmphclela":{"blacklist":true},"pihcfdffalbcnmbghijdfcaanagapelf":{"blacklist":true},"pjdhkkcnlbfebiokpeghfffajaabahfo":{"blacklist":true},"pjgbfgdpkbfimabdalhjmmeeelbmkcac":{"blacklist":true},"pjldcfjmnllhmgjclecdnfampinooman":{"ack_external":true,"active_permissions":{"api":["contextMenus","plugin"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12989167631204201","lastpingday":"12990265201316191","location":3,"manifest":{"background_page":"background/main.html","current_locale":"en_US","default_locale":"en","description":"","icons":{"48":"images/kavab.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC46Aua7nnXi5FBq08hX4n7W4M/LsRHMyETwlB52ZyeMLVcQgLIHvzs2DndSlkh5sAvUREdvsgic2bA7+g02noZYaOqxInN5csatXN9/hS5/BLLYGyqlkZrk8di7IQ5lOPdwnCS3tc8hmWvlT9FMLCJpz+d4SQgK31/q5l6c3SdwIDAQAB","name":"Anti-Banner","permissions":["contextMenus"],"plugins":[{"path":"plugin/npABPlugin.dll","public":true}],"version":"12.0.0.374"},"path":"pjldcfjmnllhmgjclecdnfampinooman\\12.0.0.374_0","state":1},"pkbbbncikcipejaiiiioboongndhmjgl":{"blacklist":true},"pkbkkendemaimikinaefldfljliecapm":{"blacklist":true},"pkhidkonipdjidjglnkfcfhnkfnlefbk":{"blacklist":true},"plfijddblbcdcnammpdmfccchkbdekmm":{"blacklist":true},"pnaiiipilbpcceggeanphcpkkihnojan":{"blacklist":true},"pnnbdjcjeiobikdfikegpclkcimgafpp":{"blacklist":true},"pnpfkfanlgljpkpilhgiimfadggfmhcd":{"blacklist":true},"pnpgiaejfbdapllkchhgchjpdbcpiooa":{"blacklist":true},"pobponmhkpmphbnfhpjdagklbkmjhked":{"blacklist":true},"ppmfajacidhcjbddpgmcmigffpppcadd":{"blacklist":true}},"toolbar":["dhkplhfnhceodhffomolpfigojocbpcb","jagncdcchgajhfhijbbhecadmaiegcmh","dchlnpcodkpfdpacogkljefecpegganj"],"toolbarsize":-1},"homepage":"hxxps://isearch.avg.com/?cid={418EA1DD-5207-403A-A756-1487EE29C674}&mid=956582dac7c947d0b66fd16acdca1500-a53f1b1a57c02aac8f789806f95f1431c7d61afd&lang=en&ds=qw011&pr=sa&d=2012-10-03 01:12:58&v=12.2.5.34&sap=hp","homepage_is_newtabpage":false,"net":{"hxxp_server_properties":{"apis.google.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":53},{"id":6,"value":0}],"supports_spdy":true},"clients1.google.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":32},{"id":6,"value":0}],"supports_spdy":true},"fls.doubleclick.net:443":{"settings":[{"id":4,"value":100},{"id":5,"value":32},{"id":6,"value":0}],"supports_spdy":true},"ssl.google-analytics.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":32},{"id":6,"value":0}],"supports_spdy":true},"ssl.gstatic.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":33},{"id":6,"value":4}],"supports_spdy":true},"www.google.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":32},{"id":6,"value":0}],"supports_spdy":true}}},"ntp":{"gplus_required":false,"promo_closed":false,"promo_end":1344952800.0,"promo_group":858,"promo_group_max":1,"promo_group_timeslice":0,"promo_increment":1,"promo_initial_segment":4,"promo_line":"What do you think of Chrome? <a href=\"hxxp://survey.googleratings.com/wix/p5963862.aspx\">Take the survey</a>","promo_num_groups":1000,"promo_resource_cache_update":"1345830020.957408","promo_start":1344434400.0,"promo_views":0,"promo_views_max":15},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Users\\Gears\\AppData\\Local\\Google\\Chrome\\Application\\21.0.1180.83","plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Users\\Gears\\AppData\\Local\\Google\\Chrome\\Application\\21.0.1180.75\\PepperFlash\\pepflashplayer.dll","version":"11.3.31.225"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Users\\Gears\\AppData\\Local\\Google\\Chrome\\Application\\21.0.1180.83\\gcswf32.dll","version":"11,3,300,268"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32_11_3_300_268.dll","version":"11,3,300,268"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Remoting Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Remoting Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Users\\Gears\\AppData\\Local\\Google\\Chrome\\Application\\21.0.1180.83\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Users\\Gears\\AppData\\Local\\Google\\Chrome\\Application\\21.0.1180.83\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Babylon ToolBar","path":"C:\\Users\\Gears\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dhkplhfnhceodhffomolpfigojocbpcb\\1.7_0\\BabylonChromeToolBar.dll","version":"2.0.0.3"},{"enabled":true,"name":"Babylon ToolBar"},{"enabled":true,"name":"Kaspersky Anti-Virus","path":"C:\\Users\\Gears\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjldcfjmnllhmgjclecdnfampinooman\\12.0.0.374_0\\plugin/npABPlugin.dll","version":"12.0.0.374"},{"enabled":true,"name":"Kaspersky Anti-Virus","path":"C:\\Users\\Gears\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jagncdcchgajhfhijbbhecadmaiegcmh\\12.0.0.477_0\\plugin/npVKPlugin.dll","version":"12.0.0.477"},{"enabled":true,"name":"Kaspersky Anti-Virus","path":"C:\\Users\\Gears\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\dchlnpcodkpfdpacogkljefecpegganj\\12.0.0.477_0\\plugin/npUrlAdvisor.dll","version":"12.0.0.477"},{"enabled":true,"name":"Kaspersky Anti-Virus"},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.3.23"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"CANON iMAGE GATEWAY Album Plugin Utility","path":"C:\\Program Files\\Canon\\Easy-PhotoPrint EX\\NPEZFFPI.DLL","version":"3.0.5.0"},{"enabled":true,"name":"CANON iMAGE GATEWAY Album Plugin Utility"},{"enabled":true,"name":"NVIDIA 3D Vision","path":"C:\\Program Files\\NVIDIA Corporation\\3D Vision\\npnv3dv.dll","version":"7.17.13.0142"},{"enabled":true,"name":"NVIDIA 3D VISION","path":"C:\\Program Files\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll","version":"7.17.13.0142"},{"enabled":true,"name":"NVIDIA 3D"},{"enabled":true,"name":"Java(TM) Platform SE 7 U5","path":"C:\\Program Files\\Oracle\\JavaFX 2.1 Runtime\\bin\\plugin2\\npjp2.dll","version":"10.5.1.255"},{"enabled":true,"name":"Java Deployment Toolkit 7.0.50.255","path":"C:\\Windows\\system32\\npDeployJava1.dll","version":"10.5.1.255"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"VLC Web Plugin","path":"C:\\Program Files\\VideoLAN\\VLC\\npvlc.dll","version":"2.0.2"},{"enabled":true,"name":"VLC Web Plugin"},{"enabled":true,"name":"iTunes Application Detector","path":"C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll","version":"1.0.1.1"},{"enabled":true,"name":"iTunes Application Detector"},{"enabled":true,"name":"Google Update","path":"

    -\\ Opera v12.2.1578.0

    File : C:\Users\Gears\AppData\Roaming\Opera\Opera\operaprefs.ini

    Deleted : Home URL=hxxp://www.searchnu.com/102

    *************************

    AdwCleaner[S1].txt - [59320 octets] - [07/10/2012 22:06:44]

    ########## EOF - C:\AdwCleaner[S1].txt - [59381 octets] ##########
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  7. Jake25

    Jake25 TS Rookie Topic Starter Posts: 40

    Here is the ComboFix Log:

    ComboFix 12-10-08.01 - Gears 08/10/2012 18:27:24.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3039.1867 [GMT 11:00]
    Running from: c:\users\Gears\Desktop\ComboFix.exe
    AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
    FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
    SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\1342930705.bdinstall.bin
    c:\programdata\1342931527.bdinstall.bin
    c:\programdata\1342931715.bdinstall.bin
    c:\windows\iun6002.exe
    c:\windows\XSxS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-08 07:36 . 2012-10-08 07:36 -------- d-----w- c:\users\Gears\AppData\Local\temp
    2012-10-08 07:36 . 2012-10-08 07:36 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-07 15:18 . 2012-10-07 15:18 -------- d-----w- c:\users\Gears\AppData\Local\Western Digital
    2012-10-06 07:57 . 2012-10-06 07:57 -------- d-----w- c:\users\Gears\AppData\Roaming\Malwarebytes
    2012-10-06 07:56 . 2012-10-06 07:56 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-06 07:56 . 2012-09-07 07:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-03 16:59 . 2012-10-03 17:03 -------- d-----w- c:\users\Gears\AppData\Roaming\Rainmeter
    2012-10-03 16:59 . 2012-10-03 16:59 -------- d-----w- c:\program files\Rainmeter
    2012-10-02 15:13 . 2012-10-02 15:13 -------- d-----w- c:\users\Gears\AppData\Roaming\AnvSoft
    2012-10-02 15:12 . 2012-10-02 15:12 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-10-02 15:12 . 2012-10-07 11:06 -------- d-----w- c:\program files\Common Files\AVG Secure Search
    2012-09-29 16:55 . 2012-09-29 16:55 -------- d-----w- c:\users\Gears\AppData\Local\Macromedia
    2012-09-29 14:36 . 2012-09-29 14:36 -------- d-----w- c:\users\Gears\AppData\Local\XboxMB
    2012-09-29 14:35 . 2012-09-29 14:35 -------- d-----w- c:\users\Gears\AppData\Local\Xenocode
    2012-09-29 14:35 . 2012-09-29 14:35 -------- d-----w- c:\program files\Xenocode
    2012-09-29 14:28 . 2012-09-29 14:28 -------- d-----w- c:\users\Gears\AppData\Roaming\PandoraRecovery
    2012-09-29 14:28 . 2012-09-29 14:33 -------- d-----w- c:\program files\Pandora Recovery
    2012-09-29 14:18 . 2012-09-29 14:18 -------- d-----w- c:\programdata\Cached Installations
    2012-09-28 16:13 . 2012-09-28 16:13 -------- d-----w- c:\program files\1ClickDownload
    2012-09-21 06:22 . 2012-09-21 06:22 -------- d-----w- c:\program files\Common Files\xing shared
    2012-09-21 06:21 . 2012-09-21 06:21 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-09-21 06:21 . 2012-09-21 06:21 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-09-21 06:21 . 2012-09-21 06:22 -------- d-----w- c:\program files\Real
    2012-09-16 08:51 . 2012-09-26 07:57 -------- d-----w- c:\users\Gears\AppData\Local\CRE
    2012-09-16 08:47 . 2009-08-24 11:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
    2012-09-16 08:47 . 2012-09-16 08:47 -------- d-----w- c:\program files\Ashampoo
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-29 09:13 . 2012-07-15 16:09 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-09-29 09:13 . 2012-07-15 16:09 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-08 03:45 . 2012-09-08 03:45 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-09-08 03:45 . 2012-07-14 18:41 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-09-08 03:45 . 2012-07-14 18:41 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-07-17 18:19 . 2012-07-17 18:19 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D58AD29-5E2E-41CE-8598-2901C4BCE803}\offreg.dll
    2012-07-15 13:21 . 2012-07-15 13:21 125 ----a-w- c:\windows\xUninstall.bat
    2012-07-15 13:16 . 2012-07-15 13:14 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
    2012-07-14 00:17 . 2012-08-24 15:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
    "DesktopIconToy"="c:\users\Gears\Desktop\Desktop Icon Toy\DesktopIconToy.exe" [2011-10-07 499712]
    "Raptr"="c:\progra~1\Raptr\raptrstub.exe" [2012-09-11 53896]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-12 13584928]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-12 92704]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 321080]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
    "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2516296]
    "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-02 252848]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-09-21 296096]
    .
    c:\users\Gears\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-7-3 40136]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
    R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x]
    R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS.exe [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    R4 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
    S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
    S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe [x]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [x]
    S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x]
    S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1484021189-1909616540-3148479992-1001Core.job
    - c:\users\Gears\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 14:05]
    .
    2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1484021189-1909616540-3148479992-1001UA.job
    - c:\users\Gears\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 14:05]
    .
    2012-10-04 c:\windows\Tasks\HPCeeScheduleForGears.job
    - c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 12:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = about:blank
    IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Gears\AppData\Roaming\Mozilla\Firefox\Profiles\c8xjfcuv.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{124d001a-bdcb-472f-aa59-bbe7e4bc3204} - c:\users\Gears\AppData\LocalLow\CT2481032\ldrtbAsha.dll
    BHO-{124d001a-bdcb-472f-aa59-bbe7e4bc3204} - c:\users\Gears\AppData\LocalLow\CT2481032\ldrtbAsha.dll
    Toolbar-10 - (no file)
    Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Toolbar-{124d001a-bdcb-472f-aa59-bbe7e4bc3204} - c:\users\Gears\AppData\LocalLow\CT2481032\ldrtbAsha.dll
    ShellIconOverlayIdentifiers-{152C96EB-288E-4EDC-B7C6-D21F8250ADF3} - (no file)
    ShellIconOverlayIdentifiers-{342DAA0B-D796-460D-8566-901E08A1CCAD} - (no file)
    ShellIconOverlayIdentifiers-{57595DAE-1AE1-4D97-A49E-67CBB53B52DF} - (no file)
    ShellIconOverlayIdentifiers-{33816773-98AE-4723-ADE0-EBE54C8B5A67} - (no file)
    HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
    HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
    AddRemove-7DE39862CC26DCE2446838AAF7CD5C163F835A57 - c:\progra~1\DIFX\270581355A767BF1\DPInst.exe
    AddRemove-abgx360 - c:\users\Gears\Desktop\abgx360\uninstall.exe
    AddRemove-Advanced WindowsCare V2 Personal_is1 - c:\program files\IObit\Advanced WindowsCare V2\unins000.exe
    AddRemove-Desktop Icon Toy_is1 - c:\users\Gears\Desktop\New folder\Desktop Icon Toy\unins000.exe
    AddRemove-DVDFab 8 Qt_is1 - l:\marko's main drive\Software (ALL)\DVD Burning & Decryption Software\DVDFab 8 Qt\unins000.exe
    AddRemove-GOM Player - c:\program files\GRETECH\GomPlayer\Uninstall.exe
    AddRemove-KProbe - c:\windows\iun6002.exe
    AddRemove-Malwarebytes' Anti-Malware_is1 - c:\users\Gears\Desktop\Malwarebytes' Anti-Malware\unins000.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    AddRemove-CT2481032 - c:\users\Gears\AppData\Local\Conduit\CT2481032\uninstall.exe
    AddRemove-YourFileDownloader - c:\program files\YourFileDownloader\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-08 18:42:55
    ComboFix-quarantined-files.txt 2012-10-08 07:42
    .
    Pre-Run: 450,833,694,720 bytes free
    Post-Run: 450,503,430,144 bytes free
    .
    - - End Of File - - E5131501BB7E3AF92D28747EDCF583F1
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
    Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBR.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
  9. Jake25

    Jake25 TS Rookie Topic Starter Posts: 40

    The TDSS Killer Log is attached:

    Attached Files:

  10. Jake25

    Jake25 TS Rookie Topic Starter Posts: 40

    Here's the aswMBR.txt log + MBR.txt uploaded.

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-09 10:21:59
    -----------------------------
    10:21:59.249 OS Version: Windows 6.1.7600
    10:21:59.249 Number of processors: 2 586 0x1706
    10:21:59.251 ComputerName: GEARS-PC UserName: Gears
    10:22:05.924 Initialize success
    10:23:11.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    10:23:11.334 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OC64G Size: 476940MB BusType: 11
    10:23:11.361 Disk 0 MBR read successfully
    10:23:11.365 Disk 0 MBR scan
    10:23:11.369 Disk 0 unknown MBR code
    10:23:11.382 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    10:23:11.396 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
    10:23:11.400 Disk 0 scanning sectors +976771072
    10:23:11.460 Disk 0 scanning C:\Windows\system32\drivers
    10:23:17.335 Service scanning
    10:23:24.572 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
    10:23:24.625 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
    10:23:24.759 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
    10:23:25.151 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
    10:23:36.538 Modules scanning
    10:23:46.874 Disk 0 trace - called modules:
    10:23:46.896 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys ataport.SYS PCIIDEX.SYS msahci.sys
    10:23:46.902 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bc8030]
    10:23:46.907 3 CLASSPNP.SYS[8c37c59e] -> nt!IofCallDriver -> [0x86bc72b8]
    10:23:46.912 5 hpdskflt.sys[8c32df92] -> nt!IofCallDriver -> [0x86af4c30]
    10:23:46.918 7 ACPI.sys[8b8ac3b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86ac5908]
    10:23:46.923 Scan finished successfully
    10:23:55.980 Disk 0 MBR has been saved successfully to "C:\Users\Gears\Desktop\MBR.dat"
    10:23:55.986 The log file has been saved successfully to "C:\Users\Gears\Desktop\aswMBR.txt"

    Attached Files:

    • MBR.txt
      File size:
      512 bytes
      Views:
      1
  11. Jake25

    Jake25 TS Rookie Topic Starter Posts: 40

    I didn't get any options to "cure" on the TDSS Killer App so I chose "skip".
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's run through another careful check here:

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Copy the code below in the quotebox, and then under the Custom Scans/Fixes box paste it in:

    • Click the Run Scan button. The scan will not take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time.

    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
  13. Jake25

    Jake25 TS Rookie Topic Starter Posts: 40

    OTL.txt (Part 1):

    OTL logfile created on: 10/10/2012 6:17:39 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gears\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

    2.97 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 45.36% Memory free
    5.93 Gb Paging File | 3.94 Gb Available in Paging File | 66.46% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 465.66 Gb Total Space | 410.88 Gb Free Space | 88.23% Space Free | Partition Type: NTFS

    Computer Name: GEARS-PC | User Name: Gears | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/10 18:15:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gears\Desktop\OTL.exe
    PRC - [2012/10/03 02:12:54 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    PRC - [2012/09/28 23:33:52 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
    PRC - [2012/09/21 17:21:57 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/09/12 09:33:36 | 000,067,720 | ---- | M] (Raptr, Inc) -- C:\Program Files\Raptr\raptr.exe
    PRC - [2012/09/12 09:33:36 | 000,044,680 | ---- | M] (Raptr, Inc) -- C:\Program Files\Raptr\raptr_im.exe
    PRC - [2012/08/17 19:02:22 | 000,271,840 | ---- | M] (Azureus Software, Inc) -- C:\Program Files\Vuze\Azureus.exe
    PRC - [2012/07/28 07:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/03 23:21:44 | 000,040,136 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
    PRC - [2012/05/15 03:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/10/07 11:30:12 | 000,499,712 | ---- | M] (iDeskSoft) -- C:\Users\Gears\Desktop\Desktop Icon Toy\DesktopIconToy.exe
    PRC - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
    PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/03/28 18:06:24 | 000,311,352 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
    PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
    PRC - [2010/03/25 04:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2009/07/21 18:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
    PRC - [2009/07/21 18:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe
    PRC - [2009/07/14 12:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/14 12:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
    PRC - [2009/07/14 12:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/26 03:46:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
    PRC - [2009/03/02 14:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/29 20:13:43 | 009,813,424 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_278.dll
    MOD - [2012/09/28 23:33:55 | 000,783,360 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
    MOD - [2012/09/28 23:33:55 | 000,316,928 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
    MOD - [2012/09/28 23:33:55 | 000,276,480 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
    MOD - [2012/09/28 23:33:55 | 000,168,448 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
    MOD - [2012/09/28 23:33:55 | 000,099,840 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
    MOD - [2012/09/28 23:33:55 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
    MOD - [2012/09/28 23:33:55 | 000,098,816 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
    MOD - [2012/09/28 23:33:55 | 000,078,336 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
    MOD - [2012/09/28 23:33:55 | 000,076,800 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
    MOD - [2012/09/28 23:33:55 | 000,068,608 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
    MOD - [2012/09/28 23:33:55 | 000,064,000 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
    MOD - [2012/09/28 23:33:55 | 000,046,592 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
    MOD - [2012/09/28 23:33:55 | 000,045,568 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gsttypefindfunctions.dll
    MOD - [2012/08/23 12:53:20 | 000,087,520 | ---- | M] () -- C:\Program Files\Vuze\aereg.dll
    MOD - [2012/07/22 15:08:48 | 000,028,160 | ---- | M] () -- C:\Users\Gears\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
    MOD - [2012/07/03 23:21:44 | 000,040,136 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.exe
    MOD - [2012/07/03 23:21:42 | 000,627,400 | ---- | M] () -- C:\Program Files\Rainmeter\Rainmeter.dll
    MOD - [2012/07/03 23:18:22 | 000,019,456 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\QuotePlugin.dll
    MOD - [2012/07/03 23:18:16 | 000,046,592 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\WebParser.dll
    MOD - [2012/07/03 23:17:04 | 000,026,624 | ---- | M] () -- C:\Program Files\Rainmeter\Plugins\InputText.dll
    MOD - [2012/06/23 08:59:52 | 000,313,856 | ---- | M] () -- C:\Program Files\Raptr\PyQt4.QtWebKit.pyd
    MOD - [2012/06/23 08:55:58 | 000,494,592 | ---- | M] () -- C:\Program Files\Raptr\PyQt4.QtNetwork.pyd
    MOD - [2012/06/23 08:53:22 | 005,812,736 | ---- | M] () -- C:\Program Files\Raptr\PyQt4.QtGui.pyd
    MOD - [2012/06/23 08:39:06 | 001,662,464 | ---- | M] () -- C:\Program Files\Raptr\PyQt4.QtCore.pyd
    MOD - [2012/06/23 08:24:28 | 000,067,584 | ---- | M] () -- C:\Program Files\Raptr\sip.pyd
    MOD - [2012/06/03 20:16:58 | 000,102,400 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll
    MOD - [2011/11/21 13:20:46 | 001,949,696 | ---- | M] () -- C:\Program Files\Raptr\libtorrent.pyd
    MOD - [2011/10/25 05:49:56 | 002,717,595 | ---- | M] () -- C:\Program Files\Raptr\heliotrope._purple.pyd
    MOD - [2011/10/07 11:27:26 | 000,131,072 | ---- | M] () -- C:\Users\Gears\Desktop\Desktop Icon Toy\HookManager.dll
    MOD - [2011/09/09 10:47:40 | 001,183,699 | ---- | M] () -- C:\Program Files\Raptr\liboscar.dll
    MOD - [2011/09/09 10:47:36 | 001,640,221 | ---- | M] () -- C:\Program Files\Raptr\libjabber.dll
    MOD - [2011/09/09 10:47:32 | 001,052,194 | ---- | M] () -- C:\Program Files\Raptr\libymsg.dll
    MOD - [2011/09/09 10:47:22 | 000,495,680 | ---- | M] () -- C:\Program Files\Raptr\plugins\libaim.dll
    MOD - [2011/09/09 10:47:22 | 000,483,306 | ---- | M] () -- C:\Program Files\Raptr\plugins\libicq.dll
    MOD - [2011/09/09 10:47:16 | 000,655,356 | ---- | M] () -- C:\Program Files\Raptr\plugins\libirc.dll
    MOD - [2011/09/09 10:47:16 | 000,603,326 | ---- | M] () -- C:\Program Files\Raptr\plugins\ssl-nss.dll
    MOD - [2011/09/09 10:47:14 | 000,497,782 | ---- | M] () -- C:\Program Files\Raptr\plugins\libyahoojp.dll
    MOD - [2011/09/09 10:47:14 | 000,474,199 | ---- | M] () -- C:\Program Files\Raptr\plugins\ssl.dll
    MOD - [2011/09/09 10:47:10 | 001,306,387 | ---- | M] () -- C:\Program Files\Raptr\plugins\libmsn.dll
    MOD - [2011/09/09 10:47:04 | 000,565,461 | ---- | M] () -- C:\Program Files\Raptr\plugins\libxmpp.dll
    MOD - [2011/09/09 10:46:56 | 000,506,276 | ---- | M] () -- C:\Program Files\Raptr\plugins\libyahoo.dll
    MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
    MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
    MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
    MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
    MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
    MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
    MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
    MOD - [2011/03/02 13:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2011/02/16 05:17:28 | 001,213,633 | ---- | M] () -- C:\Program Files\Raptr\libxml2-2.dll
    MOD - [2011/02/16 05:17:28 | 000,417,501 | ---- | M] () -- C:\Program Files\Raptr\sqlite3.dll
    MOD - [2010/11/23 10:06:22 | 000,055,808 | ---- | M] () -- C:\Program Files\Raptr\zlib1.dll
    MOD - [2010/11/23 09:57:34 | 000,167,936 | ---- | M] () -- C:\Program Files\Raptr\win32gui.pyd
    MOD - [2010/11/23 09:57:34 | 000,111,104 | ---- | M] () -- C:\Program Files\Raptr\win32file.pyd
    MOD - [2010/11/23 09:57:34 | 000,096,256 | ---- | M] () -- C:\Program Files\Raptr\win32api.pyd
    MOD - [2010/11/23 09:57:34 | 000,036,352 | ---- | M] () -- C:\Program Files\Raptr\win32process.pyd
    MOD - [2010/11/23 09:57:18 | 000,141,312 | ---- | M] () -- C:\Program Files\Raptr\gobject._gobject.pyd
    MOD - [2010/11/23 09:57:06 | 000,263,168 | ---- | M] () -- C:\Program Files\Raptr\win32com.shell.shell.pyd
    MOD - [2010/11/23 09:56:56 | 000,354,304 | ---- | M] () -- C:\Program Files\Raptr\pythoncom26.dll
    MOD - [2010/11/23 09:56:56 | 000,110,592 | ---- | M] () -- C:\Program Files\Raptr\pywintypes26.dll
    MOD - [2010/11/23 09:56:26 | 000,324,608 | ---- | M] () -- C:\Program Files\Raptr\PIL._imaging.pyd
    MOD - [2010/11/23 09:56:02 | 000,805,376 | ---- | M] () -- C:\Program Files\Raptr\_ssl.pyd
    MOD - [2010/11/23 09:56:02 | 000,583,680 | ---- | M] () -- C:\Program Files\Raptr\unicodedata.pyd
    MOD - [2010/11/23 09:56:02 | 000,356,864 | ---- | M] () -- C:\Program Files\Raptr\_hashlib.pyd
    MOD - [2010/11/23 09:56:02 | 000,127,488 | ---- | M] () -- C:\Program Files\Raptr\pyexpat.pyd
    MOD - [2010/11/23 09:56:02 | 000,087,040 | ---- | M] () -- C:\Program Files\Raptr\_ctypes.pyd
    MOD - [2010/11/23 09:56:02 | 000,044,544 | ---- | M] () -- C:\Program Files\Raptr\_sqlite3.pyd
    MOD - [2010/11/23 09:56:02 | 000,043,008 | ---- | M] () -- C:\Program Files\Raptr\_socket.pyd
    MOD - [2010/11/23 09:56:02 | 000,009,216 | ---- | M] () -- C:\Program Files\Raptr\winsound.pyd
    MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2009/07/14 15:45:49 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e033d390dc7e9567b6960b0f530cf30\System.Management.ni.dll
    MOD - [2009/07/14 15:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
    MOD - [2009/07/14 15:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
    MOD - [2009/07/14 15:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
    MOD - [2009/07/14 15:42:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
    MOD - [2009/07/14 15:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
    MOD - [2009/07/14 15:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll


    ========== Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe -- (SafeBox)
    SRV - [2012/10/03 02:12:54 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
    SRV - [2012/07/28 07:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/14 11:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/05/15 03:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
    SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 9\DfSdkS.exe -- (DfSdkS)
    SRV - [2009/07/21 18:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\stacsv.exe -- (STacSV)
    SRV - [2009/07/14 12:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 12:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 12:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/03/26 03:46:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
    SRV - [2009/03/02 14:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\AEstSrv.exe -- (AESTFilters)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Gears\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/10/03 02:12:55 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2012/08/15 00:50:54 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
    DRV - [2011/11/25 15:59:40 | 000,240,184 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avchv.sys -- (avchv)
    DRV - [2011/11/17 18:38:34 | 000,063,056 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\bdsandbox.sys -- (bdsandbox)
    DRV - [2011/05/13 19:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
    DRV - [2011/05/13 19:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
    DRV - [2011/03/10 19:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
    DRV - [2011/03/04 14:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
    DRV - [2011/03/04 14:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
    DRV - [2009/11/02 21:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
    DRV - [2009/10/02 21:23:26 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
    DRV - [2009/07/21 18:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2009/07/14 12:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2009/07/14 12:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2009/07/14 12:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2009/07/14 10:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 10:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/07/14 10:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/14 09:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/07/14 09:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
    DRV - [2009/04/29 09:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2008/09/13 08:13:00 | 007,391,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2008/09/04 18:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
    DRV - [2008/08/07 18:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
    DRV - [2008/08/06 04:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2002/07/17 11:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\URLSearchHook: {124d001a-bdcb-472f-aa59-bbe7e4bc3204} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 01 7C 0D 01 EA 61 CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=100&systemid=102&sr=0&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: {124d001a-bdcb-472f-aa59-bbe7e4bc3204}:10.10.27.6
    FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
    FF - prefs.js..extensions.enabledAddons: {ba14329e-9550-4989-b3f2-9732e92d17cc}:10.10.27.6
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gears\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gears\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/08/31 03:09:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/08/31 03:09:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/08/31 03:09:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/21 17:22:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/21 17:13:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2012/08/25 02:46:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gears\AppData\Roaming\Mozilla\Extensions
    [2012/10/07 22:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gears\AppData\Roaming\Mozilla\Firefox\Profiles\c8xjfcuv.default\extensions
    [2012/08/25 02:46:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/09/21 17:22:29 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    File not found (No name found) -- C:\USERS\GEARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C8XJFCUV.DEFAULT\EXTENSIONS\{124D001A-BDCB-472F-AA59-BBE7E4BC3204}
    File not found (No name found) -- C:\USERS\GEARS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\C8XJFCUV.DEFAULT\EXTENSIONS\{BA14329E-9550-4989-B3F2-9732E92D17CC}
    [2012/07/14 11:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/07/14 11:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/07/14 11:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========


    O1 HOSTS File: ([2012/10/08 18:36:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [DesktopIconToy] C:\Users\Gears\Desktop\Desktop Icon Toy\DesktopIconToy.exe (iDeskSoft)
    O4 - HKCU..\Run: [Raptr] C:\Program Files\Raptr\raptrstub.exe (Raptr, Inc)
    O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Gears\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119.cab (GMNRev Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71CFB3D2-8435-4E6F-B4E2-E79D3B1F1E82}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71EC4797-FE96-4C79-BC67-A0114E804FE1}: DhcpNameServer = 192.168.1.254
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 08:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/10 18:15:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gears\Desktop\OTL.exe
    [2012/10/10 02:05:22 | 000,000,000 | ---D | C] -- C:\Users\Gears\Desktop\FIFA.13.PAL.XBOX360-COMPLEX-[BTARENA.org]
    [2012/10/08 18:43:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/08 18:43:07 | 000,000,000 | ---D | C] -- C:\Users\Gears\AppData\Local\temp
    [2012/10/08 18:25:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/08 18:25:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/08 18:25:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/08 18:25:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/08 18:25:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/08 02:18:26 | 000,000,000 | ---D | C] -- C:\Users\Gears\AppData\Local\Western Digital
    [2012/10/08 01:52:12 | 000,000,000 | ---D | C] -- C:\Users\Gears\Desktop\DarbeeVision Video Processor
    [2012/10/06 18:57:08 | 000,000,000 | ---D | C] -- C:\Users\Gears\AppData\Roaming\Malwarebytes
    [2012/10/06 18:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/06 18:56:33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/10/05 21:43:20 | 000,000,000 | ---D | C] -- C:\Users\Gears\Desktop\Modem Related
    [2012/10/04 04:09:10 | 000,000,000 | ---D | C] -- C:\Users\Gears\Desktop\Wallpapers
    [2012/10/04 03:59:08 | 000,000,000 | ---D | C] -- C:\Users\Gears\Documents\Rainmeter
    [2012/10/04 03:59:07 | 000,000,000 | ---D | C] -- C:\Users\Gears\AppData\Roaming\Rainmeter
    [2012/10/04 03:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter
    [2012/10/03 02:13:43 | 000,000,000 | ---D | C] -- C:\Users\Gears\Documents\Any Video Converter
    [2012/10/03 02:13:31 | 000,000,000 | ---D | C] -- C:\Users\Gears\AppData\Roaming\AnvSoft
    [2012/10/03 02:12:55 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
    [2012/10/03 02:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
    [2012/10/03 02:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
    [2012/10/03 02:12:07 | 000,000,000 | ---D | C] -- C:\Users\Gears\Desktop\Any Video Converter
    [2012/09/30 05:11:04 | 010,150,457 | ---- | C] (XboxMB) -- C:\Users\Gears\Desktop\Horizon.exe
    [2012/09/30 03:55:31 | 000,000,000 | ---D | C] -- C:\Users\Gears\AppData\Local\Macromedia
    [2012/09/30 01:36:02 | 000,000,000 | ---D | C] -- C:\Users\Gears\AppData\Local\XboxMB
    [2012/09/30 01:35:47 | 000,000,000 | ---D | C] -- C:\Users\Gears\AppData\Local\Xenocode
    [2012/09/30 01:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
    [2012/09/30 01:28:51 | 000,000,000 | ---D | C] -- C:\Users\Gears\AppData\Roaming\PandoraRecovery
    [2012/09/30 01:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
    [2012/09/30 01:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora Recovery
    [2012/09/30 01:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Cached Installations
    [2012/09/29 03:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\1ClickDownload
    [2012/09/21 17:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2012/09/21 17:22:13 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
    [2012/09/21 17:22:02 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
    [2012/09/21 17:22:01 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
    [2012/09/21 17:22:00 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
    [2012/09/21 17:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
    [2012/09/21 17:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Real
    [2012/09/21 17:21:31 | 000,000,000 | ---D | C] -- C:\Users\Gears\AppData\Roaming\Real
    [2012/09/21 17:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
    [2012/09/16 19:51:01 | 000,000,000 | ---D | C] -- C:\Users\Gears\AppData\Local\CRE
    [2012/09/16 19:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
    [2012/09/16 19:47:26 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe
    [2012/09/16 19:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
  14. Jake25

    Jake25 TS Rookie Topic Starter Posts: 40

    The above is incorrect ^^^ I ran the scan a second time because I didn't get
    a extras.txt file and I still didn't this file on the second scan just the OTL.txt file.
    I've attached the OTL.txt file because it is too large to post.

    Attached Files:

  15. Jake25

    Jake25 TS Rookie Topic Starter Posts: 40

    I just found THIS on my external hard drive:

    $RECYCLE.BIN

    It's a folder with nothing in it and it only appeared after I checked to show hidden files/folders in windows yesterday.
  16. Jake25

    Jake25 TS Rookie Topic Starter Posts: 40

    SOB!!!
    After using this guide:

    THESE files appeared inside the $RECYCLE.BIN folder on my external WD Hard drive:
    1. S-1-5-21-2169645263-20918744-1565424607-1000
    2. S-1-5-21-2585331536-1361303903-4103002566-1000
    3. S-1-5-21-2741294344-2145987491-316772483-1000

    The virus uses explorers process so you won't be able to delete it as long as EXPLORER is running...
    How to confirm this is the recycler virus now? do I delete these files?
  17. Jake25

    Jake25 TS Rookie Topic Starter Posts: 40

    I think I mightve screwed something up running this guide above from youtube...
    help anyone lol
    The contents of my C drive are now changed and I have locked folders...
  18. Jake25

    Jake25 TS Rookie Topic Starter Posts: 40

  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  20. Jake25

    Jake25 TS Rookie Topic Starter Posts: 40

    Appreciate the Reply Jay.

    I ended up reinstalling Windows 7. Backing up my files to my external HD.

    Inside Registry Editor I can see these Unknown Users...

    I took a photo and attached it. I can not delete them from the registry.

    What should I do next?

    Attached Files:

  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    They're not unknown users. Please do the following, so you can see, and for my peace of mind, too:

    Go to Start > type in CMD and hit Enter.

    In Command Prompt, type in net user > log.txt && log.txt and hit Enter.

    Once done, post the log that launches
  22. Jake25

    Jake25 TS Rookie Topic Starter Posts: 40

    User accounts for \\GEARS

    -------------------------------------------------------------------------------
    Administrator Guest MetalMX
    The command completed successfully.

    So there is nothing wrong with my computer then?
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Should be fine, no doubt. :)
  24. Jake25

    Jake25 TS Rookie Topic Starter Posts: 40

    Highly value your help DragonMaster Jay thanks for taking the time to assist me.
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.