Solved Win64/patched.a removal help needed services.exe infected

Results of screen317's Security Check version 0.99.53
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 29
Java(TM) 6 Update 22
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 19-10-2012
Ran by Grumpy (administrator) on 24-10-2012 at 11:05:56
Running from "C:\Users\Grumpy\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 20:58] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-11 00:54] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-09 21:28] - [2012-06-02 01:25] - 0182272 ____A (Microsoft Corporation) BAF19B633933A9FB4883D27D66C39E9A

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
# AdwCleaner v2.005 - Logfile created 10/24/2012 at 11:14:10
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Grumpy - GRUMPY-PC
# Boot Mode : Normal
# Running from : C:\Users\Grumpy\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Grumpy\AppData\Local\funmoods-speeddial.crx
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Grumpy\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Grumpy\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Grumpy\AppData\Local\Conduit
Folder Deleted : C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
Folder Deleted : C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki
Folder Deleted : C:\Users\Grumpy\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Grumpy\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Grumpy\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Grumpy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Grumpy\AppData\LocalLow\Funmoods
Folder Deleted : C:\Users\Grumpy\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\I Want This
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Grumpy\AppData\Roaming\Mozilla\Firefox\Profiles\eeab7iv9.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\13.2.0.3");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : search_url ={"backup":{"_signature":"+XnlfAvm5cPv0xcd7+KPZefEwCQ0Kckbel/Uw6uNR1Q=","_version":4,"extensions":{"ids":["ahfgeienlihckogmohjhadlkjgocpleb","blpcfgokakmgnkcojhhkbfbldkacnbeo","cjpglkicenollcignonpgiafdgfeehoj","coobgpohoikkiipiblmjeljniedjpjpf","fdloijijlkoblmigdofommgnheckmaki","jfmjfhklogoienhpfnppmbcbjfjnkonk","lifbcibllhkdhoafpjfnlhfpfgnpldfl","ndibdjnfmopecpmkdieinmbadjfpblof","pjkljhegncpnkpknbcohdijeoejaedia"]},"homepage":"hxxp://search.babylon.com/?affID=112414&tt=060612_5_&babsrc=HP_ss&mntrId=94b2cc9f0000000000000026f2442a0b","homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxp://search.babylon.com/?affID=112414&tt=060612_5_&babsrc=HP_ss&mntrId=94b2cc9f0000000000000026f2442a0b"]}},"browser":{"last_known_google_url":"hxxp://www.google.com/","last_prompted_google_url":"hxxp://www.google.com/","window_placement":{"bottom":572,"left":0,"maximized":true,"right":800,"top":0,"work_area_bottom":572,"work_area_left":0,"work_area_right":800,"work_area_top":0}},"countryid_at_install":21843,"default_apps_install_state":1,"default_search_provider":{"id":"7","name":"Web Search","hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adbrlnt1&chnl=adbrlnt1&cd=2XzutAtN2Y1L1QzutDtDtByC0FtByEyEtB0AtD0B0C0Czy0FtN0D0TzutBtDtCtBtDyCtCyB&cr=2115539453","suggest_url":"{google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}"},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_bookmarks":false,"import_history":false,"import_home_page":false,"import_search_engine":false,"make_chrome_default_for_user":false,"ping_delay":-60,"show_welcome_page":true,"skip_first_run_ui":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://c.amazon-adsystem.com/",["hxxp://bid.openx.net/",2.20865687140,"hxxp://cm.g.doubleclick.net/",2.20865687140,"hxxp://s.amazon-adsystem.com/",2.85048845060,"hxxp://tag.admeld.com/",2.20865687140]],["hxxp://c.www.endless.com/",["hxxp://s.amazon-adsystem.com/",2.20865687140]],["hxxp://d3l3lkinz3f56t.cloudfront.net/",["hxxp://r.turn.com/",0.8797942512800001,"hxxp://s.amazon-adsystem.com/",1.52318416460]],["hxxp://s.amazon-adsystem.com/",["hxxp://c.amazon-adsystem.com/",1.66104427160,"hxxp://sis.amazon.com/",0.479979538850]],["hxxp://search2.skype.com/",["hxxp://api.skype.com/",2.20865687140,"hxxp://metrics.skype.com/",2.20865687140,"hxxp://nikkomsgchannel/",2.20865687140,"hxxp://search2.skype.com/",3.81323581940,"hxxp://survey.122.2o7.net/",2.85048845060,"hxxp://www.skype.com/",2.85048845060,"hxxp://www.skypeassets.com/",5.41781476740]],["hxxp://sis.amazon.com/",["hxxp://c.www.endless.com/",2.5295726610]],["hxxp://tools.google.com/",["hxxp://fonts.googleapis.com/",2.5295726610,"hxxp://themes.googleusercontent.com/",2.5295726610,"hxxp://tools.google.com/",2.85048845060,"hxxp://www.google-analytics.com/",2.20865687140,"hxxp://www.google.com/",3.17140424020]],["hxxp://view.atdmt.com/",["hxxp://rmd.atdmt.com/",0.9620906145200001,"hxxp://spe.atdmt.com/",1.2830025180]],["hxxp://www.amazon.com/",["hxxp://bes-clck.com/",2.20865687140,"hxxp://d3l3lkinz3f56t.cloudfront.net/",2.5295726610,"hxxp://ecx.images-amazon.com/",5.096898977800001,"hxxp://fls-na.amazon.com/",2.20865687140,"hxxp://g-ecx.images-amazon.com/",13.1198325790,"hxxp://nikkomsgchannel/",2.20865687140,"hxxp://pda-as.amazon.com/",2.5295726610,"hxxp://www.amazon.com/",3.81323581940,"hxxp://z-ecx.images-amazon.com/",8.306056873799999,"hxxps://images-na.ssl-images-amazon.com/",5.41781476740]],["hxxp://www.facebook.com/",["hxxp://profile.ak.fbcdn.net/",2.27338020,"hxxp://static.ak.fbcdn.net/",3.323225551961839,"hxxps://s-static.ak.fbcdn.net/",1.940627358830160]],["hxxp://www.google.com/",["hxxp://nikkomsgchannel/",2.31134759240,"hxxp://ssl.gstatic.com/",2.31134759240,"hxxp://www.google.com/",6.040390621999999]],["hxxp://www.piriform.com/",["hxxp://ajax.googleapis.com/",2.27338020,"hxxp://connect.facebook.net/",2.27338020,"hxxp://www.piriform.com/",2.60370040]],["hxxp://www.skype.com/",["hxxp://connect.facebook.net/",2.20865687140,"hxxp://metrics.skype.com/",2.5295726610,"hxxp://survey.122.2o7.net/",2.85048845060,"hxxp://www.facebook.com/",7.02239371540,"hxxp://www.google-analytics.com/",2.5295726610,"hxxp://www.skype.com/",2.5295726610,"hxxp://www.skypeassets.com/",15.0453078860,"hxxps://s-static.ak.fbcdn.net/",2.5295726610]]],"startup_list":[1,"hxxp://addon.greetingmoods.com/","hxxp://ajax.googleapis.com/","hxxp://cdn.montiera.com/","hxxp://connect.facebook.net/","hxxp://dnt.cloud.avg.com/","hxxp://reports.funmoods.com/","hxxp://static.piriform.com/","hxxp://www.google-analytics.com/","hxxp://www.piriform.com/","hxxps://ssl.google-analytics.com/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"alerts":{"initialized":true},"autoupdate":{"next_check":"12995373313588916"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"],"newtab":["chrome-extension://ndibdjnfmopecpmkdieinmbadjfpblof/content/redirect.html","chrome-extension://cjpglkicenollcignonpgiafdgfeehoj/speeddial.html"]},"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"app_launcher_ordinal":"h","page_ordinal":"n"},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_permissions":{"api":["appNotifications"]},"app_launcher_ordinal":"n","events":["runtime.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12995355281896061","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"en_US","default_locale":"en","description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","name":"YouTube","permissions":["appNotifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.5"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.5_0","state":1},"cjpglkicenollcignonpgiafdgfeehoj":{"active_permissions":{"api":["bookmarks","management","tabs"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12995355271788061","location":3,"manifest":{"background_page":"background.html","chrome_url_overrides":{"newtab":"speeddial.html"},"content_scripts":[{"js":["content_script.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_idle"}],"description":"FunDial for Chrome - replace Chrome new tab with your predefined visual bookmarks.","icons":{"128":"icons/128.png","32":"icons/32.png","48":"icons/48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRqN9D2z7WOarG6HPbopiFxzXhGGBycI3jvJwPztlgJ6/vTsLX2SLP1xj54If/v/5F6Nz1WHHhOgTgaQ0xCch4ELAluUDnjx/gjtMi1nlw38O+TWcinxlXVVE4zRtd+p6iMxrrhno7LRykN4iyjqhK2RqYrTHbb1LDj4f4vcY/6wIDAQAB","name":"FunDial","options_page":"options.html#options","page_action":{"icon":"icons/16.png","popup":"popup.html"},"permissions":["bookmarks","tabs","hxxp://*/*","hxxps://*/*","management"],"update_url":"hxxp://funmoods.com/public/download/chrome/update.xml","version":"1.0.1"},"path":"cjpglkicenollcignonpgiafdgfeehoj\\1.0.1_0","state":1},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"app_launcher_ordinal":"w","events":["runtime.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12995355279268061","location":2,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","name":"Google Search","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.19"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.19_0","state":1},"fdloijijlkoblmigdofommgnheckmaki":{"active_permissions":{"api":["cookies","tabs"],"explicit_host":["hxxp://*.facebook.com/*","hxxp://*/*","hxxps://*.facebook.com/*"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12995355268314061","location":3,"manifest":{"background_page":"background.html","browser_action":{"default_icon":"img/16.png","default_popup":"dropdown.html","default_title":"Post smileys to your wall!!!"},"description":"Enhance your facebook chat with smileys, emoticons, winks and much more...","icons":{"128":"img/128.png","16":"img/16.png","32":"img/32.png","48":"img/48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4I2p+i3JuCwAiIsZ2ghWhEdSXVJO/OJazNk+bbGezy6ddEd+4eUpcmg8/x0akFoMlh/uPVNRMdXJ9siZSNrvbCHZ+qWNdtSGPU5SNW8YiZbiwRXTtRou6CX7nCVtQH1ZH9NPsE6BwMvuc1OW0oNIOmubTo+jV6rW+R3gJl+db0wIDAQAB","name":"Funmoods","permissions":["tabs","cookies","hxxp://*/*","hxxp://*.facebook.com/","hxxps://*.facebook.com/","hxxp://addon.greetingmoods.com"],"update_url":"hxxp://funmoods.com/public/download/chrome/update.xml","version":"1.5.1"},"path":"fdloijijlkoblmigdofommgnheckmaki\\1.5.1_0","state":1},"jfmjfhklogoienhpfnppmbcbjfjnkonk":{"ack_external":true,"active_permissions":{"api":["tabs"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"from_bookmark":false,"from_webstore":false,"install_time":"12970448047463713","location":3,"manifest":{"background_page":"background.html","content_scripts":[{"js":["contentscript.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_idle"}],"description":"RealPlayer HTML5Video Downloader Extension","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCl0WKWTrid8Fh+tsoJPRheLc7tksPgH1NfLF79Fj3YKb0fk2Fip1eE/chfSnGWQkxe5Ck2r+ZPba7m+FWQhZDCE5EXvOTDoqi7TEvjccW5pMpW5wCUOLKQVSttgBwkY8EUYt40SwtJ6HmLoPZfQmo9W3qAjnlhlF5AkY4jYgBv3QIDAQAB","name":"RealPlayer HTML5Video Downloader Extension","permissions":["tabs","hxxp://*/*","hxxps://*/*"],"version":"1.5"},"path":"jfmjfhklogoienhpfnppmbcbjfjnkonk\\1.5_0","state":1},"lifbcibllhkdhoafpjfnlhfpfgnpldfl":{"ack_external":true,"active_permissions":{"api":["plugin","tabs"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["file:///*","hxxp://*/*","hxxps://*/*"]},"from_bookmark":false,"from_webstore":false,"install_time":"12970448057525713","location":3,"manifest":{"background_page":"background.html","browser_action":{"default_icon":"skype.png","default_title":"Options"},"content_scripts":[{"all_frames":true,"js":["contentscript.js"],"matches":["hxxp://*/*","file://*/*","hxxps://*/*"],"run_at":"document_end"}],"description":"Skype Click to Call","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMxFysW3wPKWRPPe3xuJQz3m1ZDLX1hN8EYdP37tRPf7lp8vIhG4xirlXHGK748qcLPc4Lm8WsHDhvS5okN54Kwcnw4T2tBXSCZJxMmlu14HZ5yc/t969QLTPLIbAsasq4NVo40YuP2B7umxV9BlcxZEB9TEKPEQq8DRoKhj9jBQIDAQAB","name":"Skype Click to Call","permissions":["tabs","hxxp://*/*","hxxps://*/*"],"plugins":[{"path":"npSkypeChromePlugin.dll","public":true}],"version":"5.7.0.8773"},"path":"lifbcibllhkdhoafpjfnlhfpfgnpldfl\\5.7.0.8773_0","state":1},"ndibdjnfmopecpmkdieinmbadjfpblof":{"active_permissions":{"api":["plugin","tabs","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["hxxp://*/*","hxxp://dnt.cloud.avg.com/*","hxxp://dntf.cloud.avg.com/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxp://toolbar.avg.com/*","hxxps://*/*"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12995355277491061","location":3,"manifest":{"background_page":"content/background.html","browser_action":{"default_icon":"content/icons/avg_icon_16.png","default_title":"AVG Do Not Track"},"chrome_url_overrides":{"newtab":"content/redirect.html"},"content_scripts":[{"all_frames":true,"js":["content/js/content.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"js":["content/js/ntinject.js"],"matches":["hxxp://toolbar.avg.com/*"]}],"current_locale":"en_US","default_locale":"en","description":"AVG Secure Search","icons":{"128":"content/icons/128-AVG-logo.png","16":"content/icons/16-AVG-logo.png","48":"content/icons/48-AVG-logo.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQAB","name":"AVG Secure Search","options_page":"content/options.html","permissions":["tabs","plugin","webRequest","webRequestBlocking","hxxp://*/*","hxxps://*/*","hxxp://dnt.cloud.avg.com/","hxxp://dntf.cloud.avg.com/"],"version":"12.2.5.34"},"path":"ndibdjnfmopecpmkdieinmbadjfpblof\\12.2.5.34_0","state":1},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"]},"app_launcher_ordinal":"t","events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":true,"install_time":"12995355278632061","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxps://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"en_US","default_locale":"en","description":"Fast, searchable email with less spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","name":"Gmail","options_page":"hxxps://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"7"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\7_0","state":1}},"toolbar":["lifbcibllhkdhoafpjfnlhfpfgnpldfl","fdloijijlkoblmigdofommgnheckmaki","ndibdjnfmopecpmkdieinmbadjfpblof"],"toolbarsize":-1},"homepage":"hxxp://search.babylon.com/?affID=112414&tt=060612_5_&babsrc=HP_ss&mntrId=94b2cc9f0000000000000026f2442a0b","homepage_is_newtabpage":false,"ntp":{"promo_resource_cache_update":"1350881651.722061"},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\22.0.1229.94","migrated_to_pepper_flash":true,"plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\22.0.1229.94\\PepperFlash\\pepflashplayer.dll","version":"11.4.31.110"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_4_402_287.dll","version":"11,4,402,287"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Chrome Remote Desktop Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Chrome Remote Desktop Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\22.0.1229.94\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\22.0.1229.94\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Skype Toolbars","path":"C:\\Users\\Grumpy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\lifbcibllhkdhoafpjfnlhfpfgnpldfl\\5.7.0.8773_0\\npSkypeChromePlugin.dll","version":"5.7.0.8773"},{"enabled":true,"name":"Skype Toolbars"},{"enabled":true,"name":"Adobe Acrobat","path":"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.4.38"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.290.11","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll","version":"6.0.290.11"},{"enabled":true,"name":"Java(TM) Platform SE 6 U29","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npjp2.dll","version":"6.0.290.11"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"Coupons Inc., Coupon Printer Manager ","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npCouponPrinter.dll","version":"4, 0, 0, 6"},{"enabled":true,"name":"Coupons Inc., Coupon Printer Manager ","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npMozCouponPrinter.dll","version":"4, 0, 1, 3"},{"enabled":true,"name":"Coupons Inc., Coupon Printer Manager "},{"enabled":true,"name":"RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\nppl3260.dll","version":"15.0.6.14"},{"enabled":true,"name":"RealPlayer Download Plugin","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\nprpplugin.dll","version":"15.0.6.14"},{"enabled":true,"name":"RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ","path":"C:\\ProgramData\\Real\\RealPlayer\\BrowserRecordPlugin\\MozillaPlugins\\nprphtml5videoshim.dll","version":"15.0.6.14"},{"enabled":true,"name":"RealPlayer"},{"enabled":true,"name":"QuickTime Plug-in 7.7.2","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin.dll","version":"7.7.2 (1680.56)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.2","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin2.dll","version":"7.7.2 (1680.56)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.2","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin3.dll","version":"7.7.2 (1680.56)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.2","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin4.dll","version":"7.7.2 (1680.56)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.2","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin5.dll","version":"7.7.2 (1680.56)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.2","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin6.dll","version":"7.7.2 (1680.56)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.2","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\npqtplugin7.dll","version":"7.7.2 (1680.56)"},{"enabled":true,"name":"QuickTime"},{"enabled":true,"name":"RealJukebox NS Plugin","path":"C:\\Program Files (x86)\\Mozilla Firefox\\plugins\\nprjplug.dll","version":"15.0.6.14"},{"enabled":true,"name":"RealJukebox NS Plugin"},{"enabled":true,"name":"AVG SiteSafety plugin","path":"C:\\Program Files (x86)\\Common Files\\AVG Secure Search\\SiteSafetyInstaller\\12.2.6\\\\npsitesafety.dll","version":"12, 0, 0, 0"},{"enabled":true,"name":"AVG SiteSafety plugin"},{"enabled":true,"name":"RIM Handheld Application Loader","path":"C:\\Program Files (x86)\\Common Files\\Research In Motion\\BBWebSLLauncher\\NPWebSLLauncher.dll","version":"6.0.1.33 (Release build by unknown)"},{"enabled":true,"name":"RIM Handheld Application Loader"},{"enabled":true,"name":"Google Update","path":"C:\\Program Files (x86)\\Google\\Update\\1.3.21.123\\npGoogleUpdate3.dll","version":"1.3.21.123"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Bing Bar","path":"C:\\Program Files (x86)\\MSN Toolbar\\Platform\\5.0.1423.0\\npwinext.dll","version":"5.0.1423.0"},{"enabled":true,"name":"Bing Bar"},{"enabled":true,"name":"MetaStream 3 Plugin","path":"C:\\Program Files (x86)\\Viewpoint\\Viewpoint Experience Technology\\npViewpoint.dll","version":"3, 2, 2, 26"},{"enabled":true,"name":"MetaStream 3 Plugin"},{"enabled":true,"name":"Windows Live? Photo Gallery","path":"C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll","version":"15.4.3555.0308_ship.wlx.w4m4 (ship)"},{"enabled":true,"name":"Windows Live? Photo Gallery"},{"enabled":true,"name":"iTunes Application Detector","path":"C:\\Program Files (x86)\\iTunes\\Mozilla Plugins\\npitunes.dll","version":"1.0.1.1"},{"enabled":true,"name":"iTunes Application Detector"},{"enabled":true,"name":"RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ","path":"C:\\ProgramData\\Real\\RealPlayer\\BrowserRecordPlugin\\MozillaPlugins\\nprpchromebrowserrecordext.dll","version":"15.0.6.14"},{"enabled":true,"name":"RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) "},{"enabled":true,"name":"BrowserPlus (from Yahoo!) v2.9.8","path":"C:\\Users\\Grumpy\\AppData\\Local\\Yahoo!\\BrowserPlus\\2.9.8\\Plugins\\npybrowserplus_2.9.8.dll","version":"2,9,8,0"},{"enabled":true,"name":"BrowserPlus (from Yahoo!) v2.9.8"},{"enabled":true,"name":"Facebook Plugin","path":"C:\\Users\\Grumpy\\AppData\\Roaming\\Facebook\\npfbplugin_1_0_3.dll","version":"1, 0, 3, 0"},{"enabled":true,"name":"Facebook Plugin"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\npctrl.dll","version":"5.1.10411.0"},{"enabled":true,"name":"Silverlight"}]},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exited_cleanly":true,"name":"First user"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["hxxp://search.babylon.com/?affID=112414&tt=060612_5_&babsrc=HP_ss&mntrId=94b2cc9f0000000000000026f2442a0b"]},"webkit":{"webprefs":{"allow_running_insecure_content":true}}}

*************************

AdwCleaner[R1].txt - [21336 octets] - [22/10/2012 23:59:09]
AdwCleaner[R2].txt - [40105 octets] - [24/10/2012 11:12:14]
AdwCleaner[S1].txt - [39912 octets] - [24/10/2012 11:14:10]

########## EOF - C:\AdwCleaner[S1].txt - [39973 octets] ##########
 
I just got in and I see it's still going. it found 7 threats so far. but looks like it's about a quarter the way. over 9 hours running. time on computer is correct. time on the scanner is still ticking. is all ok? files are still changing (currently scanning file listed) all is ok I guess. I really appreciate you. I will try and get that signature to show on the other computer. it is the computer that I do business on. Maybe I'm supposed to log into the site to see signatures. or I'll see if signatures are turned off or at the end of this thread you can put a link up. Thank You so much. still waiting for eset to finish.
 
I just came back to the pc and it was rebooted. was that supposed to happen??? no messages or results windows. nothing.
 
No it crashed. I now see the message "windows has recovered from an unexpected shutdown a problem caused diwnos to stop working correctly. windows will notify you if a solution is available"
 
That's fine.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
I took a pic with my phone but not of the complete list. of files shown infected. (the names of the infections)
 
Lol. I see. I mean if you are sure it's clean and that those files found were just remnant pieces im fine especially if we are goiing to clear all the restore points and if the restore points were what was detected.
what do you think??
 
Results of eset
C:\_OTL\MovedFiles\10242012_104232\C_\FRST\Quarantine\services.exe Win64/Patched.A.Gen trojan deleted - quarantined
C:\_OTL\MovedFiles\10242012_104232\C_FRST\Quarantine\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U\00000004.@ Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\10242012_104232\C_FRST\Quarantine\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\10242012_104232\C_FRST\Quarantine\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\10242012_104232\C_FRST\Quarantine\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U\80000000.@ Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\10242012_104232\C_FRST\Quarantine\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U\80000032.@ probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\10242012_104232\C_FRST\Quarantine\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U\80000064.@ Win64/Sirefef.AN trojan cleaned by deleting - quarantined
D:\Corel\Suite8\Programs\CCWin\Aim\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application cleaned by deleting - quarantined
D:\Documents and Settings\All Users\Desktop\BS227.exe multiple threats cleaned by deleting - quarantined
D:\Documents and Settings\PC\Local Settings\Temp\dat2.tmp JS/AdWare.SearchPage.A virus deleted - quarantined
D:\Documents and Settings\PC\Local Settings\Temp\dat54.tmp JS/AdWare.SearchPage.A virus deleted - quarantined
D:\Documents and Settings\PC\Local Settings\Temp\dat5F.tmp JS/AdWare.SearchPage.A virus deleted - quarantined
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Grumpy
->Temp folder emptied: 146346515 bytes
->Temporary Internet Files folder emptied: 7063762 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59324303 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 100252 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 203.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Grumpy
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Grumpy
->Java cache emptied: 0 bytes

User: LogMeInRemoteUser

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10252012_080805

Files\Folders moved on Reboot...
C:\Users\Grumpy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif




Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif



Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif



Go to Start Repairs tab and click Start button.

p22001166.gif



Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif


Click on box next to the Restart System when Finished. Then click on Start.

Then try updates again.
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
796
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back