also @ TechSpot: Bill Gates is once again the richest person in the world

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Win64/patched.a removal help needed services.exe infected

Discussion in 'Virus and Malware Removal' started by Lfis492a, Oct 23, 2012.

Post New Reply

Page 2 of 3

Lfis492a Newcomer, in training Posts: 38

Istributable - x86 9.0.30729.6161
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C42C10A8-F2F4-4846-B772-ABD1912A2E85}" = PCDrdsho
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF91A786-9EBE-47A2-86A9-5694560AA349}" = Nero 10 Football Movie ThemePack
"040a_5005" = USB MassStorage CardReader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AnyDVD" = AnyDVD
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"BFGC" = Big Fish Games: Game Manager
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"blekkotb_soc" = Blekko search bar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"LimeWire" = LimeWire 5.5.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Masque Slots II" = Masque Slots II
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.2.0.700
"Rapport_msi" = Rapport
"RealPlayer 15.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TomTom HOME" = TomTom HOME 2.8.3.2499
"UMPlayer" = UMPlayer 0.98 [Athlon]
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Facebook Plug-In" = Facebook Plug-In
"Play65" = Play65
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2012 6:57:26 PM | Computer Name = Grumpy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/22/2012 6:57:26 PM | Computer Name = Grumpy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7005

Error - 10/22/2012 6:57:26 PM | Computer Name = Grumpy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7005

Error - 10/22/2012 6:57:27 PM | Computer Name = Grumpy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/22/2012 6:57:27 PM | Computer Name = Grumpy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003

Error - 10/22/2012 6:57:27 PM | Computer Name = Grumpy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003

Error - 10/23/2012 7:28:55 PM | Computer Name = Grumpy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EasyShare.exe, version: 2.0.2.225, time
stamp: 0x3e93fc57 Faulting module name: msvcrt.dll, version: 7.0.7600.16930, time
stamp: 0x4eeaf834 Exception code: 0x40000015 Fault offset: 0x0005620a Faulting process
id: 0xb04 Faulting application start time: 0x01cdb1761d4eeb27 Faulting application
path: C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe Faulting
module path: C:\Windows\syswow64\msvcrt.dll Report Id: 6901cc94-1d69-11e2-9aac-00038a000015

Error - 10/23/2012 9:04:45 PM | Computer Name = Grumpy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: CF29834.3XE, version: 6.1.7600.16385, time
stamp: 0x4a5bc48d Faulting module name: ntdll.dll, version: 6.1.7600.16915, time
stamp: 0x4ec4b137 Exception code: 0xc0000374 Fault offset: 0x00000000000c6ae2 Faulting
process id: 0x1214 Faulting application start time: 0x01cdb1836888abec Faulting application
path: C:\ComboFix\CF29834.3XE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: cc4d9c86-1d76-11e2-9aac-00038a000015

Error - 10/23/2012 9:13:42 PM | Computer Name = Grumpy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EasyShare.exe, version: 2.0.2.225, time
stamp: 0x3e93fc57 Faulting module name: msvcrt.dll, version: 7.0.7600.16930, time
stamp: 0x4eeaf834 Exception code: 0x40000015 Fault offset: 0x0005620a Faulting process
id: 0x880 Faulting application start time: 0x01cdb184c4396961 Faulting application
path: C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe Faulting
module path: C:\Windows\syswow64\msvcrt.dll Report Id: 0c59adc7-1d78-11e2-8a05-00038a000015

Error - 10/23/2012 9:36:09 PM | Computer Name = Grumpy-PC | Source = Application Error | ID = 1000
Description = Faulting application name: EasyShare.exe, version: 2.0.2.225, time
stamp: 0x3e93fc57 Faulting module name: msvcrt.dll, version: 7.0.7600.16930, time
stamp: 0x4eeaf834 Exception code: 0x40000015 Fault offset: 0x0005620a Faulting process
id: 0xdb0 Faulting application start time: 0x01cdb187ee665349 Faulting application
path: C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe Faulting
module path: C:\Windows\syswow64\msvcrt.dll Report Id: 2f4b5cca-1d7b-11e2-84b7-00038a000015

[ Media Center Events ]
Error - 10/17/2012 4:54:04 AM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
Description = 4:54:04 AM - Error connecting to the internet. 4:54:04 AM - Unable
to contact server..

Error - 10/17/2012 4:54:12 AM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
Description = 4:54:09 AM - Error connecting to the internet. 4:54:09 AM - Unable
to contact server..

Error - 10/17/2012 5:54:14 AM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
Description = 5:54:14 AM - Error connecting to the internet. 5:54:14 AM - Unable
to contact server..

Error - 10/17/2012 5:54:22 AM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
Description = 5:54:19 AM - Error connecting to the internet. 5:54:19 AM - Unable
to contact server..

Error - 10/22/2012 3:27:27 PM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
Description = 3:27:19 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)

Error - 10/22/2012 4:27:42 PM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
Description = 4:27:40 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)

Error - 10/22/2012 5:27:57 PM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
Description = 5:27:56 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)

Error - 10/22/2012 6:28:12 PM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
Description = 6:28:11 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)

Error - 10/23/2012 3:42:17 AM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
Description = 3:42:17 AM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)

Error - 10/23/2012 3:30:45 PM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
Description = 3:30:37 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)

[ System Events ]
Error - 10/23/2012 9:16:13 PM | Computer Name = Grumpy-PC | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
time(s).

Error - 10/23/2012 9:16:13 PM | Computer Name = Grumpy-PC | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/23/2012 9:18:06 PM | Computer Name = Grumpy-PC | Source = Service Control Manager | ID = 7034
Description = The ScsiAccess service terminated unexpectedly. It has done this
1 time(s).

Error - 10/23/2012 9:29:55 PM | Computer Name = Grumpy-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/23/2012 9:33:08 PM | Computer Name = Grumpy-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 10/23/2012 9:33:58 PM | Computer Name = Grumpy-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/23/2012 9:34:08 PM | Computer Name = Grumpy-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 10/23/2012 9:34:14 PM | Computer Name = Grumpy-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 10/23/2012 9:35:25 PM | Computer Name = Grumpy-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 10/23/2012 9:35:37 PM | Computer Name = Grumpy-PC | Source = Service Control Manager | ID = 7000
Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
following error: %%2

< End of report >

Lfis492a, Oct 23, 2012

#21
Lfis492a Newcomer, in training Posts: 38

If all is ok I thank you very much. I just need to get that info from you regarding your post signature. not sure if it's a fraud or something. I dont see it on an unaffected computer. can it be because I'm not logged into this site from that computer??? I don't want to log into the site on that computer until I'm done here. don't want to mess up the thread or anything.

Lfis492a, Oct 23, 2012

#22

Broni Malware Annihilator Posts: 39,206 +175

The message at the bottom is real.
On your other computer you may have signatures disabled.

You forgot to reinstall AVG.

===================================

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;;localhost
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2012/10/23 17:52:48 | 000,000,000 | ---D | C] -- C:\FRST
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A3E39C6A

:Services

:Reg

:Files
C:\Program Files (x86)\Ask.com

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==============================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

Double click on adwcleaner.exe to run the tool.

Click on Uninstall.

Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Broni, Oct 23, 2012

#23

Lfis492a Newcomer, in training Posts: 38

Reinstalled avg. thanks. continuing with your orders.

Lfis492a, Oct 24, 2012

#24
Lfis492a Newcomer, in training Posts: 38

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\FRST\Quarantine\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U folder moved successfully.
C:\FRST\Quarantine\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\L folder moved successfully.
C:\FRST\Quarantine\{1b405ce6-8848-e2d9-71ed-723aea56cefb} folder moved successfully.
Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
ADS C:\ProgramData\TEMP:A3E39C6A deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\Ask.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Grumpy
->Temp folder emptied: 22582352 bytes
->Temporary Internet Files folder emptied: 339490 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61468373 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1526 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 93974 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 123362024 bytes

Total Files Cleaned = 198.00 mb

[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Grumpy
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Grumpy
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 10242012_104232

Files\Folders moved on Reboot...
File\Folder C:\FRST\Quarantine not found!
C:\Users\Grumpy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Lfis492a, Oct 24, 2012

#25

Lfis492a Newcomer, in training Posts: 38

Results of screen317's Security Check version 0.99.53
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 29
Java(TM) 6 Update 22
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Lfis492a, Oct 24, 2012

#26

Lfis492a Newcomer, in training Posts: 38

Farbar Service Scanner Version: 19-10-2012
Ran by Grumpy (administrator) on 24-10-2012 at 11:05:56
Running from "C:\Users\Grumpy\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 20:58] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-11 00:54] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-09 21:28] - [2012-06-02 01:25] - 0182272 ____A (Microsoft Corporation) BAF19B633933A9FB4883D27D66C39E9A

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Lfis492a, Oct 24, 2012

#27
Lfis492a Newcomer, in training Posts: 38

# AdwCleaner v2.005 - Logfile created 10/24/2012 at 11:14:10
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Grumpy - GRUMPY-PC
# Boot Mode : Normal
# Running from : C:\Users\Grumpy\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Grumpy\AppData\Local\funmoods-speeddial.crx
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Grumpy\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Grumpy\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Grumpy\AppData\Local\Conduit
Folder Deleted : C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
Folder Deleted : C:\Users\Grumpy\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Grumpy\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Grumpy\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Grumpy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Grumpy\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\Grumpy\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Grumpy\AppData\Roaming\Mozilla\Firefox\Profiles\eeab7iv9.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\13.2.0.3");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : search_url ={"backup":{"_signature":"+XnlfAvm5cPv0xcd7+KPZefEwCQ0Kckbel/Uw6uNR1Q=","_version":4,"extensions":{"ids":["ahfgeienlihckogmohjhadlkjgocpleb","blpcfgokakmgnkcojhhkbfbldkacnbeo","cjpglkicenollcignonpgiafdgfeehoj","coobgpohoikkiipiblmjeljniedjpjpf","fdloijijlkoblmigdofommgnheckmaki","jfmjfhklogoienhpfnppmbcbjfjnkonk","lifbcibllhkdhoafpjfnlhfpfgnpldfl","ndibdjnfmopecpmkdieinmbadjfpblof","pjkljhegncpnkpknbcohdijeoejaedia"]},"homepage":"hxxp://search.babylon.com/?affID=112414&tt=060612_5_&babsrc=HP_ss&mntrId=94b2cc9f0000000000000026f2442a0b","homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxp://search.babylon.com/?affID=112414&tt=060612_5_&babsrc=HP_ss&mntrId=94b2cc9f0000000000000026f2442a0b"]}},"browser":{"last_known_google_url":"hxxp://www.google.com/","last_prompted_google_url":"hxxp://www.google.com/","window_placement":{"bottom":572,"left":0,"maximized":true,"right":800,"top":0,"work_area_bottom":572,"work_area_left":0,"work_area_right":800,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":1,"default_search_provider":{"id":"7","name":"Web Search","hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adbrlnt1&chnl=adbrlnt1&cd=2XzutAtN2Y1L1QzutDtDtByC0FtByEyEtB0AtD0B0C0Czy0FtN0D0TzutBtDtCtBtDyCtCyB&cr=2115539453","suggest_url":"{google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}"},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_bookmarks":false,"import_history":false,"import_home_page":false,"import_search_engine":false,"make_chrome_default_for_user":false,"ping_delay":-60,"show_welcome_page":true,"skip_first_run_ui":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://c.amazon-adsystem.com/",["hxxp://bid.openx.net/",2.20865687140,"hxxp://cm.g.doubleclick.net/",2.20865687140,"hxxp://s.amazon-adsystem.com/",2.85048845060,"hxxp://tag.admeld.com/",2.20865687140]],["hxxp://c.www.endless.com/",["hxxp://s.amazon-adsystem.com/",2.20865687140]],["hxxp://d3l3lkinz3f56t.cloudfront.net/",["hxxp://r.turn.com/",0.8797942512800001,"hxxp://s.amazon-adsystem.com/",1.52318416460]],["hxxp://s.amazon-adsystem.com/",["hxxp://c.amazon-adsystem.com/",1.66104427160,"hxxp://sis.amazon.com/",0.479979538850]],["hxxp://search2.skype.com/",["hxxp://api.skype.com/",2.20865687140,"hxxp://metrics.skype.com/",2.20865687140,"hxxp://nikkomsgchannel/",2.20865687140,"hxxp://search2.skype.com/",3.81323581940,"hxxp://survey.122.2o7.net/",2.85048845060,"hxxp://www.skype.com/",2.85048845060,"hxxp://www.skypeassets.com/",5.41781476740]],["hxxp://sis.amazon.com/",["hxxp://c.www.endless.com/",2.5295726610]],["hxxp://tools.google.com/",["hxxp://fonts.googleapis.com/",2.5295726610,"hxxp://themes.googleusercontent.com/",2.5295726610,"hxxp://tools.google.com/",2.85048845060,"hxxp://www.google-analytics.com/",2.20865687140,"hxxp://www.google.com/",3.17140424020]],["hxxp://view.atdmt.com/",["hxxp://rmd.atdmt.com/",0.9620906145200001,"hxxp://spe.atdmt.com/",1.2830025180]],["hxxp://www.amazon.com/",["hxxp://bes-clck.com/",2.20865687140,"hxxp://d3l3lkinz3f56t.cloudfront.net/",2.5295726610,"hxxp://ecx.images-amazon.com/",5.096898977800001,"hxxp://fls-na.amazon.com/",2.20865687140,"hxxp://g-ecx.images-amazon.com/",13.1198325790,"hxxp://nikkomsgchannel/",2.20865687140,"hxxp://pda-as.amazon.com/",2.5295726610,"hxxp://www.amazon.com/",3.81323581940,"hxxp://z-ecx.images-amazon.com/",8.306056873799999,"hxxps://images-na.ssl-images-amazon.com/",5.41781476740]],["hxxp://www.facebook.com/",["hxxp://profile.ak.fbcdn.net/",2.27338020,"hxxp://static.ak.fbcdn.net/",3.323225551961839,"hxxps://s-static.ak.fbcdn.net/",1.940627358830160]],["hxxp://www.google.com/",["hxxp://nikkomsgchannel/",2.31134759240,"hxxp://ssl.gstatic.com/",2.31134759240,"hxxp://www.google.com/",6.040390621999999]],["hxxp://www.piriform.com/",["hxxp://ajax.googleapis.com/",2.27338020,"hxxp://connect.facebook.net/",2.27338020,"hxxp://www.piriform.com/",2.60370040]],["hxxp://www.skype.com/",["hxxp://connect.facebook.net/",2.20865687140,"hxxp://metrics.skype.com/",2.5295726610,"hxxp://survey.122.2o7.net/",2.85048845060,"hxxp://www.facebook.com/",7.02239371540,"hxxp://www.google-analytics.com/",2.5295726610,"hxxp://www.skype.com/",2.5295726610,"hxxp://www.skypeassets.com/",15.0453078860,"hxxps://s-static.ak.fbcdn.net/",2.5295726610]]],"startup_list":[1,"hxxp://addon.greetingmoods.com/","hxxp://ajax.googleapis.com/","hxxp://cdn.montiera.com/","hxxp://connect.facebook.net/","hxxp://dnt.cloud.avg.com/","hxxp://reports.funmoods.com/","hxxp://static.piriform.com/","hxxp://www.google-analytics.com/","hxxp://www.piriform.com/","hxxps://ssl.google-analytics.com/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"alerts":{"initialized":true},"autoupdate":{"next_check":"12995373313588916"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"],"newtab":["chrome-extension://ndibdjnfmopecpmkdieinmbadjfpblof/content/redirect.html","chrome-extension://cjpglkicenollcignonpgiafdgfeehoj/speeddial.html"]},"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"app_launcher_ordinal":"h","page_ordinal":"n"},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_permissions":{"api":["appNotifications"]},"app_launcher_ordinal":"n","events":["runtime.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12995355281896061","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"en_US","default_locale":"en","description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","name":"YouTube","permissions":["appNotifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.5"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.5_0","state":1},"cjpglkicenollcignonpgiafdgfeehoj":{"active_permissions":{"api":["bookmarks","management","tabs"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12995355271788061","location":3,"manifest":{"background_page":"background.html","chrome_url_overrides":{"newtab":"speeddial.html"},"content_scripts":[{"js":["content_script.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_idle"}],"description":"FunDial for Chrome - replace Chrome new tab with your predefined visual bookmarks.","icons":{"128":"icons/128.png","32":"icons/32.png","48":"icons/48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRqN9D2z7WOarG6HPbopiFxzXhGGBycI3jvJwPztlgJ6/vTsLX2SLP1xj54If/v/5F6Nz1WHHhOgTgaQ0xCch4ELAluUDnjx/gjtMi1nlw38O+TWcinxlXVVE4zRtd+p6iMxrrhno7LRykN4iyjqhK2RqYrTHbb1LDj4f4vcY/6wIDAQAB","name":"FunDial","options_page":"options.html#options","page_action":{"icon":"icons/16.png","popup":"popup.html"},"permissions":["bookmarks","tabs","hxxp://*/*","hxxps://*/*","management"],"update_url":"hxxp://funmoods.com/public/download/chrome/update.xml","version":"1.0.1"},"path":"cjpglkicenollcignonpgiafdgfeehoj\\1.0.1_0","state":1},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"app_launcher_ordinal":"w","events":["runtime.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12995355279268061","location":2,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","name":"Google Search","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.19"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.19_0","state":1},"fdloijijlkoblmigdofommgnheckmaki":{"active_permissions":{"api":["cookies","tabs"],"explicit_host":["hxxp://*.facebook.com/*","hxxp://*/*","hxxps://*.facebook.com/*"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12995355268314061","location":3,"manifest":{"background_page":"background.html","browser_action":{"default_icon":"img/16.png","default_popup":"dropdown.html","default_title":"Post smileys to your wall!!!"},"description":"Enhance your facebook chat with smileys, emoticons, winks and much more...","icons":{"128":"img/128.png","16":"img/16.png","32":"img/32.png","48":"img/48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4I2p+i3JuCwAiIsZ2ghWhEdSXVJO/OJazNk+bbGezy6ddEd+4eUpcmg8/x0akFoMlh/uPVNRMdXJ9siZSNrvbCHZ+qWNdtSGPU5SNW8YiZbiwRXTtRou6CX7nCVtQH1ZH9NPsE6BwMvuc1OW0oNIOmubTo+jV6rW+R3gJl+db0wIDAQAB","name":"Funmoods","permissions":["tabs","cookies","hxxp://*/*","hxxp://*.facebook.com/","hxxps://*.facebook.com/","hxxp://addon.greetingmoods.com"],"update_url":"hxxp://funmoods.com/public/download/chrome/update.xml","version":"1.5.1"},"path":"fdloijijlkoblmigdofommgnheckmaki\\1.5.1_0","state":1},"jfmjfhklogoienhpfnppmbcbjfjnkonk":{"ack_external":true,"active_permissions":{"api":["tabs"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"from_bookmark":false,"from_webstore":false,"install_time":"12970448047463713","location":3,"manifest":{"background_page":"background.html","content_scripts":[{"js":["contentscript.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_idle"}],"description":"RealPlayer HTML5Video Downloader Extension","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCl0WKWTrid8Fh+tsoJPRheLc7tksPgH1NfLF79Fj3YKb0fk2Fip1eE/chfSnGWQkxe5Ck2r+ZPba7m+FWQhZDCE5EXvOTDoqi7TEvjccW5pMpW5wCUOLKQVSttgBwkY8EUYt40SwtJ6HmLoPZfQmo9W3qAjnlhlF5AkY4jYgBv3QIDAQAB","name":"RealPlayer HTML5Video Downloader Extension","permissions":["tabs","hxxp://*/*","hxxps://*/*"],"version":"1.5"},"path":"jfmjfhklogoienhpfnppmbcbjfjnkonk\\1.5_0","state":1},"lifbcibllhkdhoafpjfnlhfpfgnpldfl":{"ack_external":true,"active_permissions":{"api":["plugin","tabs"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["file:///*","hxxp://*/*","hxxps://*/*"]},"from_bookmark":false,"from_webstore":false,"install_time":"12970448057525713","location":3,"manifest":{"background_page":"background.html","browser_action":{"default_icon":"skype.png","default_title":"Options"},"content_scripts":[{"all_frames":true,"js":["contentscript.js"],"matches":["hxxp://*/*","file://*/*","hxxps://*/*"],"run_at":"document_end"}],"description":"Skype Click to Call","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMxFysW3wPKWRPPe3xuJQz3m1ZDLX1hN8EYdP37tRPf7lp8vIhG4xirlXHGK748qcLPc4Lm8WsHDhvS5okN54Kwcnw4T2tBXSCZJxMmlu14HZ5yc/t969QLTPLIbAsasq4NVo40YuP2B7umxV9BlcxZEB9TEKPEQq8DRoKhj9jBQIDAQAB","name":"Skype Click to Call","permissions":["tabs","hxxp://*/*","hxxps://*/*"],"plugins":[{"path":"npSkypeChromePlugin.dll","public":true}],"version":"5.7.0.8773"},"path":"lifbcibllhkdhoafpjfnlhfpfgnpldfl\\5.7.0.8773_0","state":1},"ndibdjnfmopecpmkdieinmbadjfpblof":{"active_permissions":{"api":["plugin","tabs","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["hxxp://*/*","hxxp://dnt.cloud.avg.com/*","hxxp://dntf.cloud.avg.com/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxp://toolbar.avg.com/*","hxxps://*/*"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12995355277491061","location":3,"manifest":{"background_page":"content/background.html","browser_action":{"default_icon":"content/icons/avg_icon_16.png","default_title":"AVG Do Not Track"},"chrome_url_overrides":{"newtab":"content/redirect.html"},"content_scripts":[{"all_frames":true,"js":["content/js/content.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"js":["content/js/ntinject.js"],"matches":["hxxp://toolbar.avg.com/*"]}],"current_locale":"en_US","default_locale":"en","description":"AVG Secure Search","icons":{"128":"content/icons/128-AVG-logo.png","16":"content/icons/16-AVG-logo.png","48":"content/icons/48-AVG-logo.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQAB","name":"AVG Secure Search","options_page":"content/options.html","permissions":["tabs","plugin","webRequest","webRequestBlocking","hxxp://*/*","hxxps://*/*","hxxp://dnt.cloud.avg.com/","hxxp://dntf.cloud.avg.com/"],"version":"12.2.5.34"},"path":"ndibdjnfmopecpmkdieinmbadjfpblof\\12.2.5.34_0","state":1},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"]},"app_launcher_ordinal":"t","events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":true,"install_time":"12995355278632061","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxps://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Gmail","options_page":"hxxps://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"7"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\7_0","state":1}},"toolbar":["lifbcibllhkdhoafpjfnlhfpfgnpldfl","fdloijijlkoblmigdofommgnheckmaki","ndibdjnfmopecpmkdieinmbadjfpblof"],"toolbarsize":-1},"homepage":"hxxp://search.babylon.com/?affID=112414&tt=060612_5_&babsrc=HP_ss&mntrId=94b2cc9f0000000000000026f2442a0b","homepage_is_newtabpage":false,"ntp":{"promo_resource_cache_update":"1350881651.722061"},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\22.0.1229.94","migrated_to_pepper_flash":true,"plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\22.0.1229.94\\PepperFlash\\pepflashplayer.dll","version":"11.4.31.110"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_4_402_287.dll","version":"11,4,402,287"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Chrome Remote Desktop Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Chrome Remote Desktop Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\22.0.1229.94\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\22.0.1229.94\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Skype Toolbars","path":"C:\\Users\\Grumpy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\lifbcibllhkdhoafpjfnlhfpfgnpldfl\\5.7.0.8773_0\\npSkypeChromePlugin.dll","version":"5.7.0.8773"},{"enabled":true,"name":"Skype Toolbars"},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.4.38"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.290.11","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll","version":"6.0.290.11"},{"enabled":true,"name":"Java(TM) Platform SE 6 U29","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npjp2.dll","version":"6.0.290.11"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"Coupons Inc., Coupon Printer Manager ","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npCouponPrinter.dll","version":"4, 0, 0, 6"},{"enabled":true,"name":"Coupons Inc., Coupon Printer Manager ","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npMozCouponPrinter.dll","version":"4, 0, 1, 3"},{"enabled":true,"name":"Coupons Inc., Coupon Printer Manager "},{"enabled":true,"name":"RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\nppl3260.dll","version":"15.0.6.14"},{"enabled":true,"name":"RealPlayer Download Plugin","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\nprpplugin.dll","version":"15.0.6.14"},{"enabled":true,"name":"RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ","path":"C:\\ProgramData\\Real\\RealPlayer\\BrowserRecordPlugin\\MozillaPlugins\\nprphtml5videoshim.dll","version":"15.0.6.14"},{"enabled":true,"name":"RealPlayer"},{"enabled":true,"name":"QuickTime Plug-in 7.7.2","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin.dll","version":"7.7.2 (1680.56)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.2","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin2.dll","version":"7.7.2 (1680.56)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.2","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin3.dll","version":"7.7.2 (1680.56)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.2","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin4.dll","version":"7.7.2 (1680.56)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.2","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin5.dll","version":"7.7.2 (1680.56)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.2","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin6.dll","version":"7.7.2 (1680.56)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.2","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin7.dll","version":"7.7.2 (1680.56)"},{"enabled":true,"name":"QuickTime"},{"enabled":true,"name":"RealJukebox NS Plugin","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\nprjplug.dll","version":"15.0.6.14"},{"enabled":true,"name":"RealJukebox NS Plugin"},{"enabled":true,"name":"AVG SiteSafety plugin","path":"C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\12.2.6\\\\npsitesafety.dll","version":"12, 0, 0, 0"},{"enabled":true,"name":"AVG SiteSafety plugin"},{"enabled":true,"name":"RIM Handheld Application Loader","path":"C:\\Program Files (x86)\\Common Files\\Research In Motion\\BBWebSLLauncher\\NPWebSLLauncher.dll","version":"6.0.1.33 (Release build by unknown)"},{"enabled":true,"name":"RIM Handheld Application Loader"},{"enabled":true,"name":"Google Update","path":"C:\\Program Files (x86)\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll","version":"1.3.21.123"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Bing Bar","path":"C:\\Program Files (x86)\\MSN Toolbar\\Platform\\5.0.1423.0\\npwinext.dll","version":"5.0.1423.0"},{"enabled":true,"name":"Bing Bar"},{"enabled":true,"name":"MetaStream 3 Plugin","path":"C:\\Program Files (x86)\\Viewpoint\\Viewpoint Experience Technology\\npViewpoint.dll","version":"3, 2, 2, 26"},{"enabled":true,"name":"MetaStream 3 Plugin"},{"enabled":true,"name":"Windows Live? Photo Gallery","path":"C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll","version":"15.4.3555.0308_ship.wlx.w4m4 (ship)"},{"enabled":true,"name":"Windows Live? Photo Gallery"},{"enabled":true,"name":"iTunes Application Detector","path":"C:\\Program Files (x86)\\iTunes\\Mozilla Plugins\\npitunes.dll","version":"1.0.1.1"},{"enabled":true,"name":"iTunes Application Detector"},{"enabled":true,"name":"RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ","path":"C:\\ProgramData\\Real\\RealPlayer\\BrowserRecordPlugin\\MozillaPlugins\\nprpchromebrowserrecordext.dll","version":"15.0.6.14"},{"enabled":true,"name":"RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) "},{"enabled":true,"name":"BrowserPlus (from Yahoo!) v2.9.8","path":"C:\\Users\\Grumpy\\AppData\\Local\\Yahoo!\\BrowserPlus\\2.9.8\\Plugins\\npybrowserplus_2.9.8.dll","version":"2,9,8,0"},{"enabled":true,"name":"BrowserPlus (from Yahoo!) v2.9.8"},{"enabled":true,"name":"Facebook Plugin","path":"C:\\Users\\Grumpy\\AppData\\Roaming\\Facebook\\npfbplugin_1_0_3.dll","version":"1, 0, 3, 0"},{"enabled":true,"name":"Facebook Plugin"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\npctrl.dll","version":"5.1.10411.0"},{"enabled":true,"name":"Silverlight"}]},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exited_cleanly":true,"name":"First user"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["hxxp://search.babylon.com/?affID=112414&tt=060612_5_&babsrc=HP_ss&mntrId=94b2cc9f0000000000000026f2442a0b"]},"webkit":{"webprefs":{"allow_running_insecure_content":true}}}

*************************

AdwCleaner[R1].txt - [21336 octets] - [22/10/2012 23:59:09]
AdwCleaner[R2].txt - [40105 octets] - [24/10/2012 11:12:14]
AdwCleaner[S1].txt - [39912 octets] - [24/10/2012 11:14:10]

########## EOF - C:\AdwCleaner[S1].txt - [39973 octets] ##########

Lfis492a, Oct 24, 2012

#28
Broni Malware Annihilator Posts: 39,206 +175

Eset?

Broni, Oct 24, 2012

#29
Lfis492a Newcomer, in training Posts: 38

Running it right now. (in 1 min)

Lfis492a, Oct 24, 2012

#30
Lfis492a Newcomer, in training Posts: 38

I just got in and I see it's still going. it found 7 threats so far. but looks like it's about a quarter the way. over 9 hours running. time on computer is correct. time on the scanner is still ticking. is all ok? files are still changing (currently scanning file listed) all is ok I guess. I really appreciate you. I will try and get that signature to show on the other computer. it is the computer that I do business on. Maybe I'm supposed to log into the site to see signatures. or I'll see if signatures are turned off or at the end of this thread you can put a link up. Thank You so much. still waiting for eset to finish.

Lfis492a, Oct 24, 2012

#31
Broni Malware Annihilator Posts: 39,206 +175

Let me know when it's done.

Broni, Oct 24, 2012

#32
Lfis492a Newcomer, in training Posts: 38

I just came back to the pc and it was rebooted. was that supposed to happen??? no messages or results windows. nothing.

Lfis492a, Oct 24, 2012

#33
Lfis492a Newcomer, in training Posts: 38

No it crashed. I now see the message "windows has recovered from an unexpected shutdown a problem caused diwnos to stop working correctly. windows will notify you if a solution is available"

Lfis492a, Oct 24, 2012

#34
Broni Malware Annihilator Posts: 39,206 +175
That's fine.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL :Commands [purity] [emptytemp] [EMPTYFLASH] [emptyjava] [CLEARALLRESTOREPOINTS] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
Broni, Oct 24, 2012

#35
Lfis492a Newcomer, in training Posts: 38

Should I run it again??? is it possible to run it again?

Lfis492a, Oct 24, 2012

#36
Lfis492a Newcomer, in training Posts: 38

It had showed 7 infected files. where those in the archive/restore points files or something??

Lfis492a, Oct 24, 2012

#37
Broni Malware Annihilator Posts: 39,206 +175

For a peace of mind re-run it.

Broni, Oct 24, 2012

#38
Broni Malware Annihilator Posts: 39,206 +175

We posted at the same time.

Broni, Oct 24, 2012

#39
Lfis492a Newcomer, in training Posts: 38

I took a pic with my phone but not of the complete list. of files shown infected. (the names of the infections)

Lfis492a, Oct 24, 2012

#40

Page 2 of 3

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.