• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Auntie Mame

Babylon.Toolbar, svchost.exe, and others

14 posts in this topic

Hello,

 

My elderly parents' desktop has become infected with the svchost.exe virus, Babylon.Toolbar and search that appears to go away but does not, and at least one trojan (that I think I got rid of), among others that pop-up. Trying to clean it up, I have read the advice in your forum, as well as forums in Malwarebytes Anti-Malware, bleepingcomputer, and techguy, and ran several scans and removal tools. In between some of these scans, my parents and my teen nephew have continued to use the desktop for their emails, his homework and his music (and who knows what else). Although I have advised them to not open forwarded attachments, they do. At my wits' end, I am now asking for your help.

 

Here is where I am at now:

 

- Computer slower than normal in starting up and running.

- Seems as though the mouse onscreen moves on its own.

- I downloaded and ran (in order) Malwarebytes Anti-Malware three times, Spybot Search & Destroy, DDS twice, Kapersky Security Scan once, SSD again, HijackThis, and SSD for the third time. If I was not familiar with a removal/cleanup tool (e.g., HijackThis), I simply ran it and did not fix anything with it.

- In between these scans: I attempted to uninstall Babylon.Toolbar and search, and remove it from Internet Explorer, Chrome, and Firefox. It still lurks on the desktop and in Chrome, though it does not appear in Chrome extensions. I uninstalled Firefox, as I could not remove the Babylon.Toolbar and search from it. I intend on re-installing FF once computer is clean. Also, I disabled auto-run of flash devices. Found some viruses on one flash/usb drive as well. I think I fixed that, but my main focus here is the desktop.

- At least twice when trying to fix problems in SSD, a pop-up noted I could not fix problem since I was not signed in as Administrator. I was.

 

I would greatly appreciate any help you could give. Logs are attached below.

 

Auntie Mame

 

 

 

 

==> MALWAREBYTES ANTI-MALWARE

 

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

 

Database version: v2012.10.24.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Ramon :: RAMON-LETICIA [administrator]

 

10/24/2012 5:12:58 PM

mbam-log-2012-10-24 (17-12-58).txt

 

Scan type: Full scan (C:\|D:\|E:\|F:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 561866

Time elapsed: 3 hour(s), 40 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Users\Ramon\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

 

(end)

 

 

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

 

Database version: v2012.10.24.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Ramon :: RAMON-LETICIA [administrator]

 

10/24/2012 10:23:03 PM

mbam-log-2012-10-24 (22-23-03).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 203149

Time elapsed: 8 minute(s), 1 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

 

Database version: v2012.10.24.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Ramon :: RAMON-LETICIA [administrator]

 

10/24/2012 10:31:27 PM

mbam-log-2012-10-24 (22-31-27).txt

 

Scan type: Full scan (C:\|D:\|E:\|F:\|Q:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 561562

Time elapsed: 2 hour(s), 49 minute(s), 40 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

==> SPYBOT SEARCH AND DESTROY - SUMMARY ONLY

 

First run showed 23 infections. Was unable to fix 15 (or 12?).

Second run showed 15 (or 12?) problems. Was unable to fix 2.

Third run showed 2 problems (both Babylon). Fixed both.

 

 

Please read the Instructions and post the other requested logs: DDS and Security Check.

We need the information in order to help you.

Edited by cnm

Share this post


Link to post
Share on other sites

Here are the remainder of the logs:

 

 

 

==> DDS

 

FIRST DDS LOG

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-19.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/3/2010 11:29:28 AM

System Uptime: 10/25/2012 6:14:43 AM (12 hours ago)

.

Motherboard: FOXCONN | | 2AB1

Processor: AMD Sempron 140 Processor | CPU 1 | 783/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 454 GiB total, 399.368 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.478 GiB free.

E: is CDROM (CDFS)

F: is FIXED (NTFS) - 466 GiB total, 416.453 GiB free.

.

==== Disabled Device Manager Items =============

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

ATI Catalyst Install Manager

AVG 2011

Bejeweled 2 Deluxe

Blackhawk Striker 2

Bonjour

Build-a-lot 2

CameraHelperMsi

Carbonite Online Backup Setup

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chuzzle Deluxe

CinemaNow Media Manager

Comodo Dragon

COMODO Internet Security

CyberLink DVD Suite Deluxe

Diner Dash 2 Restaurant Rescue

Dora's Carnival Adventure

DVD Menu Pack for HP MediaSmart Video

erLT

Escape Rosecliff Island

FATE

ffdshow manager

ffdshow v1.2.4422 [2012-04-09]

Final Drive Nitro

FrostWire 5.4.0

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Haali Media Splitter

Heroes of Hellas 2 - Olympia

Hewlett-Packard ACLM.NET v1.1.2.0

HP Advisor

HP Customer Experience Enhancements

HP Game Console

HP Games

HP MediaSmart CinemaNow 2.0

HP MediaSmart DVD

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart SmartMenu

HP MediaSmart Video

HP MediaSmart/TouchSmart Netflix

HP Odometer

HP Setup

HP Support Assistant

HP Support Information

HP Update

HP Vision Hardware Diagnostics

Hulu Desktop

iTunes

Jewel Quest 3

Jewel Quest Solitaire 2

Junk Mail filter update

Kobo

LabelPrint

Lexmark 2400 Series

LightScribe System Software

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft PowerPoint Viewer

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

Movie Theme Pack for HP MediaSmart Video

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton Internet Security

ooVoo

PDF Complete Special Edition

Penguins!

PhotoNow!

PictureMover

Plants vs. Zombies

PlayReady PC Runtime amd64

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PowerDirector

PressReader

Realtek High Definition Audio Driver

Recovery Manager

Roxio CinemaNow 2.0

Seagate Manager Installer

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype Toolbars

Skype™ 5.10

Smiley Bar for Facebook

Spybot - Search & Destroy

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Updater Service

Virtual Families

Virtual Villagers - The Secret City

Visual Studio 2008 x64 Redistributables

Wheel of Fortune 2

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Zinio Reader 4

Zuma Deluxe

.

==== End Of File ===========================

 

SECOND DDS LOG

DDS (Ver_2012-10-19.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16421

Run by Ramon at 18:09:14 on 2012-10-25

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1298 [GMT -4:00]

.

AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\ProgramData\IBUpdaterService\ibsvc.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe

C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\lxcrcoms.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe

C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\UI0Detect.exe

C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com/

uSearch Bar = Preserve

uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} -

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Smiley Bar for Facebook: {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Program Files (x86)\Smiley Bar for Facebook\ScriptHost.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -

uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900

mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRunOnce: [spybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{608E1190-54D3-44A5-AAC7-2EDD6D2650D3} : NameServer = 8.26.56.26,156.154.70.22

TCP: Interfaces\{608E1190-54D3-44A5-AAC7-2EDD6D2650D3} : DHCPNameServer = 65.32.5.111 65.32.5.112

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background

x64-Run: [LXCRCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXCRtime.dll,RunDLLEntry

x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1205000.07D\symds64.sys [2011-1-14 450608]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1205000.07D\symefa64.sys [2011-1-14 802864]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-5 377936]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2011-1-25 953904]

R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2012-3-11 22696]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-3-11 577824]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-3-11 43248]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110203.001\IDSviA64.sys [2011-2-4 476792]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\ironx64.sys [2011-1-14 171128]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys [2011-1-14 382072]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-20 203264]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-26 189736]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 IBUpdaterService;Updater Service;C:\ProgramData\IBUpdaterService\ibsvc.exe [2012-10-2 571616]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe [2011-1-14 130000]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-20 635416]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-20 6790656]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-20 221184]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-5-27 118864]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-14 132656]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-5-14 329952]

R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-5-14 6465760]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-20 346144]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-10-20 38456]

S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/10/20 19:52:23;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-10-20 245232]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 ffdshow manager;ffdshow manager;C:\ProgramData\ffdshow manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [2012-10-25 1698848]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-25 136176]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-10-25 1153368]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-15 250808]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-25 136176]

S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2010-5-14 271712]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe --> C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-8 1255736]

.

=============== Created Last 30 ================

.

2012-10-25 20:19:28 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-10-25 20:19:28 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-10-24 03:08:31 -------- d-----w- C:\Users\Ramon\AppData\Roaming\Malwarebytes

2012-10-24 03:08:00 -------- d-----w- C:\ProgramData\Malwarebytes

2012-10-24 03:07:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-10-24 03:07:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-10-23 19:35:43 -------- d-----w- C:\Users\Ramon\AppData\Local\Comodo

2012-10-23 18:36:22 -------- d-----w- C:\Program Files\COMODO

2012-10-21 04:22:36 -------- d-----w- C:\Program Files (x86)\COMODO

2012-10-21 04:07:06 -------- d-----w- C:\ProgramData\CPA_VA

2012-10-21 04:00:40 -------- d-----w- C:\ProgramData\Comodo

2012-10-21 04:00:37 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2012-10-21 03:32:42 163056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

2012-10-09 19:47:59 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll

2012-10-02 19:23:48 -------- d-----w- C:\Users\Ramon\AppData\Roaming\StatusWinks

2012-10-02 19:22:31 -------- d-----w- C:\Program Files (x86)\Smiley Bar for Facebook

2012-10-02 19:22:26 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2012-10-02 19:22:26 -------- d-----w- C:\Program Files (x86)\Haali

2012-10-02 19:22:25 -------- d-----w- C:\Program Files (x86)\ffdshow

2012-10-02 19:22:10 -------- d-----w- C:\ProgramData\ffdshow manager

2012-10-02 19:22:05 -------- d-----w- C:\ProgramData\IBUpdaterService

2012-09-26 20:16:18 -------- d-----w- C:\Users\Ramon\FrostWire

2012-09-26 20:16:06 -------- d-----w- C:\Users\Ramon\.frostwire5

2012-09-26 20:15:33 -------- d-----w- C:\Program Files (x86)\FrostWire 5

2012-09-26 20:10:59 -------- d-----w- C:\Users\Ramon\AppData\Local\Apple Computer

2012-09-26 20:10:44 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-09-26 20:10:00 -------- d-----w- C:\Program Files\iPod

2012-09-26 20:09:59 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2012-09-26 20:09:59 -------- d-----w- C:\Program Files\iTunes

2012-09-26 20:09:59 -------- d-----w- C:\Program Files (x86)\iTunes

2012-09-26 20:09:17 -------- d-----w- C:\Users\Ramon\AppData\Local\Apple

2012-09-26 20:07:55 -------- d-----w- C:\Program Files\Bonjour

2012-09-26 20:07:55 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-09-26 01:10:57 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

.

==================== Find3M ====================

.

2012-10-09 21:36:17 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-09 21:36:17 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

.

============= FINISH: 18:11:54.47 ===============

 

 

 

==>SECURITY CHECK (DDS)

 

Results of screen317's Security Check version 0.99.53

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

COMODO Antivirus

Norton Internet Security

AVG Anti-Virus Free Edition 2011

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

MVPS Hosts File

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.65.1.1000

Adobe Flash Player 11.4.402.287

Adobe Reader X 10.1.3 Adobe Reader out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

AVG avgwdsvc.exe

AVG avgtray.exe

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 3%

````````````````````End of Log``````````````````````

 

 

 

==> KAPERSKY SECURITY SCAN (KSS)

 

 

Detailed report

Problems found

Scanning date:

 

Database update date:

 

 

Product version: 11/04/2012 12:06 PM

 

11/04/2012 03:04 AM

 

 

12.0.1.117 (a)

 

Computer protection (0)

Information about anti-virus software and firewalls installed on the computer.

Malware (0)

Information about malware detected on the computer.

Vulnerabilities (0)

Information about applications and operating system components in which vulnerabilities have been detected.

Other issues (12)

Information about vulnerabilities associated with the settings of installed applications and the operating system.

"Autorun from hard drives is allowed"

"Autorun from network drives is enabled"

"CD/DVD autorun is enabled"

"Removable media autorun is enabled"

"Windows Explorer - show extensions of known file types"

"Microsoft Internet Explorer: clear history of typed URLs"

"Microsoft Internet Explorer - disable caching data received via protected channel"

"Microsoft Internet Explorer: disable sending error reports"

"Microsoft Internet Explorer: delete cookies"

"Microsoft Internet Explorer: clear the list of trusted domains"

"Windows Explorer: display of known file types extensions is disabled"

"Microsoft Internet Explorer: start page reset"

 

 

 

==> SPYBOT SEARCH AND DESTROY - SUMMARY ONLY

 

First run showed 2 problems: Babylon Toolbar (2 entries Adware) and DoubleClick (1 entries Browser).

Clicked fix selected problems. Was told I was not an administrator. DoubleClick was fixed.

Second run showed 1 problem: Babylon Toolbar. Again, was told I was not administrator and could not fix.

 

 

 

==> HIJACK THIS

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:47:04 PM, on 11/5/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe

C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe

C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files (x86)\Seagate\SeagateManager\ManagerApp\UpdateCheck.exe

C:\Windows\SysWOW64\DllHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Smiley Bar for Facebook - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Program Files (x86)\Smiley Bar for Facebook\ScriptHost.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll

O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)

O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

O4 - HKLM\..\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun

O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{608E1190-54D3-44A5-AAC7-2EDD6D2650D3}: NameServer = 8.26.56.26,156.154.70.22

O17 - HKLM\System\CS1\Services\Tcpip\..\{608E1190-54D3-44A5-AAC7-2EDD6D2650D3}: NameServer = 8.26.56.26,156.154.70.22

O17 - HKLM\System\CS2\Services\Tcpip\..\{608E1190-54D3-44A5-AAC7-2EDD6D2650D3}: NameServer = 8.26.56.26,156.154.70.22

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: c:\progra~3\ffdsho~1\22639~1.201\{16cdf~1\ffdsho~1.dll C:\Windows\SysWOW64\guard32.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

O23 - Service: CyberLink Product - 2010/10/20 19:52:23 (CLKMSVC10_C6F09094) - CyberLink - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: ffdshow manager - Unknown owner - C:\ProgramData\ffdshow manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe

O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\ProgramData\IBUpdaterService\ibsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

O23 - Service: lxcr_device - Unknown owner - C:\Windows\system32\lxcrcoms.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 15170 bytes

 

 

 

==> SPYBOT SEARCH AND DESTROY (SSD)

 

Ran 11/08/2012 12:45 PM

First run showed 23 problems: Babylon.Toolbar (2 entries Adware); CasaleMedia (7 entries Browser); DoubleClick (2 entries Browser);

FastClick (1 entry browser);MediaPlex (4 entries Browser); W3i.IQ5.fraud (1 entry adware); and Zedo (5 entries Browser).

Clicked fix selected problems. Warning pop-up noted: 'This action may not be performed completely since you are not an administrator.

If you want this performed for all users, please run this application elevated as an administrator.' [OK]

Second Warning pop-up noted: 'Some problems couldn't be fized; the reason could be that the associated files are still in use (in

memory). This could be fixed after a restart. May Spybot-S&D run on your next system startup?' [Yes]

Confirmation pop-up noted: '21 problems fixed. 1 problem could not be fixed You should have an administrator scan and fix again!'[OK]

Babylon.Toolbar was not fixed.

Share this post


Link to post
Share on other sites

Hi Auntie Mame, and Welcome to SWI.

 

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.

 

It sounds like the first thing you need to do is ensure that everyone is logging on with their own account, and that it is NOT an administrator account, but a limited rights account. You should never be using an administrator account for day to day use, its a security risk.

 

I see this error in your Spybot Search & Destroy log:

'This action may not be performed completely since you are not an administrator.

If you want this performed for all users, please run this application elevated as an administrator.'

You will need to either be logged in on an administrator account or be able to run all the utilities requested as administrator (requires Administrator User ID and password).

 

The first problem I see is that you have too many antivirus programs installed. It is never recommended to run more than one antivirus program resident, as they can conflict with each other, and you actually end up with less protection, not more. You should decide which you want to keep, and completely uninstall the other. The same guidelines apply for software firewalls, more is not better. For antivirus programs, I see AVG Free 2011 (outdated by two version), Comodo Internet Security (not a program I would ever recommend for their antivirus), Norton Internet Security (both an antivirus and firewall program). The best of all those is Norton Internet Security, but I don't know if it's a current version. From the folder dates it looks like you may have installed Comodo's antivirus as an additional cleaning too.

 

I would make sure you have only one installed resident antivirus program, and uninstall the others. If Norton Internet Security is updated, I would recommend keeping that as your security software.

 

The next thing I would do is uninstall a foistware program, and a questionable program.

 

I recommend you uninstall the questionable Ask Toolbar, (which appears already partially uninstalled by one of the scanners you used). It was likely installed with another program and you didn't see the notice that it was an optional component at the start of the install process. Many programs (even widely known legitimate programs) have toolbars as optional bundled installs these days because they get money from the business relationship. You can read more about Ask.com here.

 

If you uninstalled the Ask Toolbar as recommended, using Windows Explorer delete the following folder if still found:

C:\Program Files (x86)\Ask.com

 

Next, I recommend you uninstall Smiley Bar for Facebook. In general, it can be difficult to find a smiley program that isn't infected or adware, and I found little information on this program, which is not a good sign, and there was no information about their site atWorld or Trust.

 

If you uninstall Smiley Bar for Facebook as recommended, delete the following folders if still found:

C:\Program Files (x86)\Smiley Bar for Facebook

C:\Users\Ramon\AppData\Roaming\StatusWinks

 

You are running FrostWire. while the program is clean, just because the P2P client is clean, doesn't mean that the files you download are. Many P2P networks are riddled with malware, and it's often some of the most recent and therefore sometimes the most difficult to remove. I would recommend it's removal. Some help sites feel so strongly about it that they won't provide removal assistance unless P2P programs are uninstalled, as the chance of reinfection is so high from P2P downloaded software. Please let me know what you chose to do.

 

 

Please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

 

Now that you should have only one antivirus program installed, please rerun SecurityCheck that you previously downloaded:

  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Download ComboFix© by sUBs from one of these locations:

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

Familiarize yourself with ComboFix before running it:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

  • Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.
     
  • Double click on ComboFix.exe & follow the prompts.
     
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. There are some difficult to remove infections that will only be fixed if you have the Recovery Console installed.
     
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

RC1.png

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

cfRC_screen_2.png

 

Click on Yes, to continue scanning for malware. When finished, it will save a log.

Please include the contents of the log at C:\ComboFix.txt in your next reply, and in a second reply the log from AdwCleaner, the new log from SecurityCheck, and note any errors encountered.

Share this post


Link to post
Share on other sites

ComboFix 12-11-14.01 - Ramon 11/15/2012 0:04.1.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1832 [GMT -5:00]

Running from: c:\users\Ramon\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

F:\Autorun.inf

F:\Setup.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 )))))))))))))))))))))))))))))))

.

.

2012-11-15 05:56 . 2012-11-15 05:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-15 02:30 . 2012-11-15 02:30 -------- d-----w- c:\users\Ramon\AppData\Roaming\AVG2013

2012-11-15 02:26 . 2012-11-15 02:26 -------- d-----w- c:\users\Ramon\AppData\Local\AVG Secure Search

2012-11-15 02:26 . 2012-11-15 02:26 -------- d-----w- c:\users\Ramon\AppData\Roaming\TuneUp Software

2012-11-15 02:25 . 2012-11-15 02:25 -------- d-----w- c:\programdata\AVG Secure Search

2012-11-15 02:25 . 2012-11-15 02:24 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-11-15 02:24 . 2012-11-15 02:25 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-11-15 02:24 . 2012-11-15 02:25 -------- d-----w- c:\program files (x86)\AVG Secure Search

2012-11-15 02:19 . 2012-11-15 02:27 -------- d-----w- c:\programdata\AVG2013

2012-11-15 01:59 . 2012-11-15 01:59 -------- d-----w- c:\users\Ramon\AppData\Local\Avg2013

2012-11-15 01:59 . 2012-11-15 01:59 -------- d-----w- c:\users\Ramon\AppData\Local\MFAData

2012-11-14 23:48 . 2012-11-14 23:48 -------- d-----w- c:\users\Ramon\AppData\Local\Symantec

2012-11-05 22:44 . 2012-11-05 22:44 388096 ----a-r- c:\users\Ramon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-05 22:44 . 2012-11-05 22:44 -------- d-----w- c:\program files (x86)\Trend Micro

2012-11-04 17:25 . 2012-11-04 17:25 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE

2012-10-27 01:25 . 2012-10-27 01:25 -------- d-----w- c:\windows\SysWow64\Extensions

2012-10-27 01:25 . 2012-10-27 01:25 -------- d-----w- c:\windows\SysWow64\searchplugins

2012-10-25 23:23 . 2012-10-25 23:23 -------- d-----w- c:\programdata\Kaspersky Lab

2012-10-25 23:23 . 2012-10-25 23:23 -------- d-----w- c:\program files (x86)\Kaspersky Lab

2012-10-25 20:19 . 2012-10-25 21:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-10-25 20:19 . 2012-10-25 21:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-10-24 03:08 . 2012-10-24 03:08 -------- d-----w- c:\users\Ramon\AppData\Roaming\Malwarebytes

2012-10-24 03:08 . 2012-11-08 05:14 -------- d-----w- c:\programdata\Malwarebytes

2012-10-24 03:07 . 2012-10-24 03:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-24 03:07 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2012-10-21 04:07 . 2012-10-21 04:07 -------- d-----w- c:\programdata\CPA_VA

2012-10-21 04:00 . 2012-11-14 23:53 -------- d-----w- c:\programdata\Comodo

2012-10-21 04:00 . 2012-10-21 04:00 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2012-10-21 03:32 . 2012-10-21 03:32 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-14 21:11 . 2011-06-17 19:04 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-10-09 21:36 . 2012-07-15 19:06 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 21:36 . 2011-06-26 01:25 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2012-10-02 08:30 . 2012-10-02 08:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-09-21 08:46 . 2012-09-21 08:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-09-21 08:46 . 2012-09-21 08:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys

2012-09-14 19:19 . 2012-10-09 19:47 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-09 19:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-14 08:05 . 2012-09-14 08:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2012-08-31 18:19 . 2012-10-09 19:48 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-09 19:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-09 19:48 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-09 19:48 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-24 18:05 . 2012-10-09 19:47 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-09 19:47 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-24 11:15 . 2012-09-22 03:00 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-22 03:00 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-22 03:01 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-22 03:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-22 03:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-22 03:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-22 03:01 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-22 03:00 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-22 03:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-22 03:00 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-22 03:00 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-22 03:00 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-22 03:01 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-22 03:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-22 03:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-22 03:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-22 03:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-22 03:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-22 03:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-22 03:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-22 03:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-22 03:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-12 16:17 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 16:17 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 16:17 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 16:17 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-26 01:10 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-21 17:01 . 2012-09-26 20:10 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 17:01 . 2012-08-21 17:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 17:01 . 2012-08-21 17:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-20 18:48 . 2012-10-09 19:48 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-20 18:48 . 2012-10-09 19:48 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-20 18:48 . 2012-10-09 19:48 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-20 18:48 . 2012-10-09 19:48 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 18:48 . 2012-10-09 19:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-20 18:48 . 2012-10-09 19:48 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 18:48 . 2012-10-09 19:48 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-20 18:46 . 2012-10-09 19:48 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 18:38 . 2012-10-09 19:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-09 19:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38 . 2012-10-09 19:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-20 17:38 . 2012-10-09 19:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-20 17:37 . 2012-10-09 19:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-20 17:37 . 2012-10-09 19:48 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-20 17:32 . 2012-10-09 19:48 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-11-15 02:24 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll" [2012-11-15 1796552]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-26 39408]

"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-15 997320]

"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-11-15 1020512]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~3\ffdsho~1\22639~1.201\{16cdf~1\ffdsho~1.dll c:\progra~3\ffdsho~1\22639~1.201\{16cdf~1\ffdshowmngr.dll

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]

R2 CLKMSVC10_C6F09094;CyberLink Product - 2010/10/20 19:52;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-06-30 245232]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-08 1255736]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-15 30568]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 ffdshow manager;ffdshow manager;c:\programdata\ffdshow manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [2012-10-25 1698848]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]

S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-15 711112]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-05-14 329952]

S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-05-14 6465760]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_C6F09094

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 21:36]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 01:24]

.

2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 01:24]

.

2012-10-20 c:\windows\Tasks\HPCeeScheduleForRamon.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]

"LXCRCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll" [2006-02-24 30720]

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{608E1190-54D3-44A5-AAC7-2EDD6D2650D3}: NameServer = 8.26.56.26,156.154.70.22

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll

Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll

Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG10\avgtray.exe

Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-15 01:21:33

ComboFix-quarantined-files.txt 2012-11-15 06:21

.

Pre-Run: 429,008,822,272 bytes free

Post-Run: 428,909,871,104 bytes free

.

- - End Of File - - 0291687F689F79EB4489DF6250FF7A8D

Edited by Auntie Mame

Share this post


Link to post
Share on other sites

The Joker,

 

Thank you for your kind welcome. First, I created new user accounts, and with the Administrator account, changed the name and added a password. As administrator, I tried to uninstall Norton Internet Security (it was not updated, but uninstall did not work), uninstalled all Comodo programs (it was for additonal cleaning), and downloaded AVG Anti-Virus Free 2013 to be the resident anti-virus program. My attempt to uninstall the Ask Toolbar gave me this error message:

 

Error 1316. A network error occurred while attempting to

read from the file C:\Windows\Installer\AskToolbar.msi

 

and the program was not removed from the program list in the control panel. Uninstalled Smiley Bar for Facebook and FrostWire. Later, after running AdwCleaner and SecurityCheck (logs attached below, it popped in my brilliant mind to use symantec's Norton Removal Tool to completely remove Norton. Done. Then I re-ran SecurityCheck. Log attached below.

 

I downloaded and ran ComboFix. Log attached in another reply. I did not see any prompts regarding Microsoft Windows Recovery Console. Nor could I locate, and thus do not know if I have the, Windows 7 System Recovery Environment. I appreciate your help!

 

 

# AdwCleaner v2.007 - Logfile created 11/14/2012 at 21:49:32

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Ramon - RAMON-LETICIA

# Boot Mode : Normal

# Running from : C:\Users\Ramon\Downloads\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Found : C:\Users\Public\Desktop\eBay.lnk

Folder Found : C:\Program Files (x86)\AVG Secure Search

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found : C:\ProgramData\AVG Secure Search

Folder Found : C:\ProgramData\IBUpdaterService

Folder Found : C:\Users\Ramon\AppData\Local\APN

Folder Found : C:\Users\Ramon\AppData\Local\AVG Secure Search

Folder Found : C:\Users\Ramon\AppData\Local\Temp\AskSearch

Folder Found : C:\Users\Ramon\AppData\LocalLow\AVG Secure Search

Folder Found : C:\Users\Ramon\AppData\LocalLow\BabylonToolbar

Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

 

***** [Registry] *****

 

Key Found : HKCU\Software\APN

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\Ask.com

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\bProtector

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

Key Found : HKCU\Software\PIP

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\Software\APN

Key Found : HKLM\Software\AskToolbar

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\Software\bProtector

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\Software\PIP

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Found : HKU\S-1-5-21-997291780-1119377360-3724968778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKU\S-1-5-21-997291780-1119377360-3724968778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D0F4A166-B8D4-48b8-9D63-80849FE137CB}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

-\\ Google Chrome v [unable to get version]

 

File : C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Found [l.1] : icon_url ={"backup":{"_signature":"gM0R5WbX/apkjfAyrD7crq41O1h9aJ7lCwE/NqbW4fA=","_version":4,"extensions":{"ids":["aaaanijiojpcccpkjdjjmjghddcgcbfj","ahfgeienlihckogmohjhadlkjgocpleb","blpcfgokakmgnkcojhhkbfbldkacnbeo","coobgpohoikkiipiblmjeljniedjpjpf","hgojaaaiddhmiiakpejiklijbalpckih","jmfkcklnlgedgbglfkkgedjfmejoahla","pjkljhegncpnkpknbcohdijeoejaedia"],"settings":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"ndibdjnfmopecpmkdieinmbadjfpblof":{"location":1,"manifest":{"background_page":"content/background.html","browser_action":{"default_icon":"content/icons/avg_icon_16.png","default_title":"AVG Do Not Track"},"chrome_url_overrides":{"newtab":"content/redirect.html"},"content_scripts":[{"all_frames":true,"js":["content/js/content.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"js":["content/js/ntinject.js"],"matches":["hxxp://toolbar.avg.com/*"]}],"default_locale":"en","description":"AVG Secure Search","icons":{"128":"content/icons/128-AVG-logo.png","16":"content/icons/16-AVG-logo.png","48":"content/icons/48-AVG-logo.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQAB","name":"AVG Secure Search","options_page":"content/options.html","permissions":["tabs","plugin","webRequest","webRequestBlocking","hxxp://*/*","hxxps://*/*","hxxp://dnt.cloud.avg.com/","hxxp://dntf.cloud.avg.com/"],"version":"13.2.0.4"},"path":"ndibdjnfmopecpmkdieinmbadjfpblof\\13.2.0.4","state":0},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"hgojaaaiddhmiiakpejiklijbalpckih":{"location":1,"manifest":{"background":{"page":"background.html"},"content_scripts":[{"all_frames":false,"js":["ci.content.pack.js","content.js"],"matches":["<all_urls>"],"run_at":"document_start"},{"all_frames":false,"js":["ci.browser.helper.js"],"matches":["<all_urls>"],"run_at":"document_end"}],"description":"Add Smileys to Facebook Chat","homepage_url":"hxxp://www.statuswinks.com/","icons":{"128":"icon128.png","16":"icon16.png","48":"icon48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1jsAQ41OnoYhcGAqBDS8kBfewrqtzggICVCuEcyjE+aa+/8YI5ibjJon6ZOLZ2L2qyEBXZN5U+pR7Sq+1VxiVtWOEyf7l7GVDRoeSfhKelQgKPM0uKK/EPszhzJKlgTXWzY3E3IsKRG3dbBqXpySRq2sV6pgYSBhdCyfZIVx6EwIDAQAB","manifest_version":2,"name":"Smiley Bar for Facebook","permissions":["tabs","webNavigation","<all_urls>"],"update_url":"hxxp://dd50w6dldw3pf.cloudfront.net/statuswinks/chrome/update.xml","version":"1.0.0.0"},"path":"hgojaaaiddhmiiakpejiklijbalpckih\\1.0.0.0","state":0}}},"homepage":"hxxp://search.babylon.com/?affID=115851&tt=021012_IKAN_4012_8&babsrc=HP_ss&mntrId=9c675ee6000000000000643150210246","homepage_is_newtabpage":false,"session":{"restore_on_startup":5,"urls_to_restore_on_startup":["hxxp://search.babylon.com/?affID=115851&tt=021012_IKAN_4012_8&babsrc=HP_ss&mntrId=9c675ee6000000000000643150210246"]}},"browser":{"check_default_browser":true,"clear_lso_data_enabled":true,"last_known_google_url":"hxxp://www.google.com/","last_prompted_google_url":"hxxp://www.google.com/","pepper_flash_settings_enabled":true,"window_placement":{"bottom":852,"left":43,"maximized":true,"right":1158,"top":42,"work_area_bottom":860,"work_area_left":0,"work_area_right":1600,"work_area_top":0}},"cloud_print":{"email":""},"countryid_at_install":21843,"default_apps_install_state":1,"default_search_provider":{"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.ico","id":"2","instant_url":"{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&ie={inputEncoding}{google:instantEnabledParameter}{searchTerms}","keyword":"google.com","name":"Google","prepopulate_id":"1","search_url":"{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}","suggest_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}"},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":true,"show_welcome_page":true,"skip_first_run_ui":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://ad.doubleclick.net/",["hxxp://s0.2mdn.net/",2.27338020]],["hxxp://ad.turn.com/",["hxxp://cdn.turn.com/",2.319614810014193]],["hxxp://ads.pubmatic.com/",["hxxp://ad.turn.com/",2.319614810014193,"hxxp://adadvisor.net/",2.613894300836889,"hxxp://aud.pubmatic.com/",2.908173791659586,"hxxp://ib.adnxs.com/",2.319614810014193,"hxxp://idpix.media6degrees.com/",2.319614810014193,"hxxp://image2.pubmatic.com/",3.496732773304977,"hxxp://pixel.quantserve.com/",2.025335319191497,"hxxp://pixel.rubiconproject.com/",2.025335319191497,"hxxp://sync.mathtag.com/",2.319614810014193,"hxxp://www.adadvisor.net/",2.025335319191497]],["hxxp://blogs.computerworld.com/",["hxxp://a0.twimg.com/",4.585621599999999,"hxxp://idg-computerworldblogs.disqus.com/",2.60370040,"hxxp://images.industrybrains.com/",3.594660999999999,"hxxp://mediacdn.disqus.com/",6.897862999999998,"hxxp://now.eloqua.com/",3.264340799999999,"hxxp://ping.chartbeat.net/",2.27338020,"hxxp://static.chartbeat.com/",2.27338020,"hxxp://w.sharethis.com/",4.585621599999999,"hxxp://www.computerworld.com/",12.381310448080,"hxxp://www.facebook.com/",4.585621599999999]],["hxxp://cdn.assets.gorillanation.com/",["hxxp://analytics.springboardvideo.com/",2.025335319191497,"hxxp://analytics.stg.springboardvideo.com/",2.025335319191497,"hxxp://b.scorecardresearch.com/",2.319614810014193,"hxxp://cdn.springboard.gorillanation.com/",2.319614810014193,"hxxp://cms.springboard.gorillanation.com/",2.319614810014193,"hxxp://si-general.springboardplatform.com/",2.025335319191497,"hxxp://streaming.springboardvideo.com/",2.319614810014193,"hxxp://webservices.evolvemediacorp.com/",2.025335319191497,"hxxp://www.google.com/",2.613894300836889,"hxxp://www.springboardplatform.com/",3.202453282482282]],["hxxp://cdn.turn.com/",["hxxp://image2.pubmatic.com/",2.025335319191497]],["hxxp://core.saymedia.com/",["hxxp://b.scorecardresearch.com/",1.151398295090829,"hxxp://pixel.quantserve.com/",1.151398295090829,"hxxp://tag.admeld.com/",2.025335319191497]],["hxxp://ct1.addthis.com/",["hxxp://adx.adnxs.com/",2.025335319191497,"hxxp://aidps.atdmt.com/",2.025335319191497,"hxxp://cspix.media6degrees.com/",2.025335319191497,"hxxp://ds.addthis.com/",2.025335319191497,"hxxp://ds.reson8.com/",2.319614810014193,"hxxp://ib.adnxs.com/",0.3857109649737093,"hxxp://m.addthisedge.com/",0.8618217694195256,"hxxp://segment-pixel.invitemedia.com/",0.07084425480575195,"hxxp://sync.mathtag.com/",2.025335319191497,"hxxp://view.atdmt.com/",0.07084425480575195]],["hxxp://d.xp1.ru4.com/",["hxxp://d.xp1.ru4.com/",2.025335319191497,"hxxp://hxxp.content.ru4.com/",2.319614810014193,"hxxp://idsync.rlcdn.com/",2.319614810014193,"hxxp://image2.pubmatic.com/",2.025335319191497,"hxxp://loadm.exelator.com/",2.025335319191497,"hxxp://m.xp1.ru4.com/",2.319614810014193,"hxxp://pixel.exelator.com/",2.025335319191497,"hxxp://r.nexac.com/",2.025335319191497,"hxxp://r.openx.net/",2.319614810014193,"hxxp://tags.bluekai.com/",2.025335319191497]],["hxxp://dan-ball.jp/",["hxxp://dan-ball.jp/",7.852488223133726,"hxxp://pagead2.googlesyndication.com/",1.151398295090829,"hxxp://www.google-analytics.com/",1.151398295090829]],["hxxp://edge.sharethis.com/",["hxxp://edge.sharethis.com/",2.27338020,"hxxp://w.sharethis.com/",2.60370040]],["hxxp://google.com/",["hxxp://www.google.com/",2.066525344788971]],["hxxp://googleads.g.doubleclick.net/",["hxxp://amch.questionmarket.com/",0.08351555225096762,"hxxp://cheetah.vizu.com/",0.9001873533091516,"hxxp://googleads.g.doubleclick.net/",2.319614810014193,"hxxp://i1.ytimg.com/",0.3077220011432548,"hxxp://pagead2.googlesyndication.com/",0.6826697905252139,"hxxp://puma.vizu.com/",1.19642002939210,"hxxp://s0.2mdn.net/",0.3353495960346131,"hxxp://www.google.com/",2.319614810014193,"hxxp://www.gstatic.com/",0.9001873533091516,"hxxps://googleads.g.doubleclick.net/",2.319614810014193]],["hxxp://i.notdoppler.com/",["hxxp://gd31b7d91cc574d63.api.playtomic.com/",2.025335319191497]],["hxxp://ipchicken.com/",["hxxp://ipchicken.com/",4.426065477271901,"hxxp://pagead2.googlesyndication.com/",1.804354218957534,"hxxp://www.google-analytics.com/",2.066525344788971,"hxxp://www.kqzyfj.com/",1.804354218957534,"hxxp://www.yceml.net/",1.804354218957534]],["hxxp://mediacdn.disqus.com/",["hxxp://b.scorecardresearch.com/",1.320604615120,"hxxp://mediacdn.disqus.com/",2.27338020]],["hxxp://news.google.com/",["hxxp://csi.gstatic.com/",1.857229544077419,"hxxp://i.ytimg.com/",3.746206601728809,"hxxp://news.google.com/",1.857229544077419,"hxxp://nt0.ggpht.com/",3.476352736350040,"hxxp://nt1.ggpht.com/",4.555768197865120,"hxxp://nt2.ggpht.com/",4.555768197865120,"hxxp://nt3.ggpht.com/",5.365329794001430,"hxxp://ssl.gstatic.com/",2.666791140213729,"hxxp://www.gstatic.com/",2.666791140213729,"hxxps://plusone.google.com/",2.127083409456189]],["hxxp://puma.vizu.com/",["hxxp://cheetah.vizu.com/",1.151398295090829,"hxxp://puma.vizu.com/",1.151398295090829]],["hxxp://seg.sharethis.com/",["hxxp://b.scorecardresearch.com/",2.27338020]],["hxxp://support.google.com/",["hxxp://fonts.googleapis.com/",2.084686339270529,"hxxp://support.google.com/",3.599202055834588,"hxxp://www.google.com/",3.296298912521777,"hxxps://plusone.google.com/",2.084686339270529]],["hxxp://tap2-cdn.rubiconproject.com/",["hxxp://d.agkn.com/",1.967674022654115,"hxxp://ib.adnxs.com/",2.253575376373089,"hxxp://image2.pubmatic.com/",1.967674022654115,"hxxp://match.adsrvr.org/",2.253575376373089,"hxxp://matcher-pbm.bidder7.mookie1.com/",1.967674022654115,"hxxp://matcher-rbc.bidder7.mookie1.com/",2.253575376373089,"hxxp://matcher.bidder8.mookie1.com/",2.253575376373089,"hxxp://p.rightaction.com/",2.539476730092063,"hxxp://pixel.rubiconproject.com/",2.253575376373089,"hxxp://rc.rlcdn.com/",2.253575376373089]],["hxxp://view.atdmt.com/",["hxxp://b.scorecardresearch.com/",2.27338020,"hxxp://b.voicefive.com/",1.320604615120,"hxxp://core.insightexpressai.com/",1.981245015120,"hxxp://rmd.atdmt.com/",0.990284415120]],["hxxp://webservices.evolvemediacorp.com/",["hxxp://cdn.assets.gorillanation.com/",2.319614810014193,"hxxp://webservices.evolvemediacorp.com/",3.791012264127673,"hxxp://www.google-analytics.com/",2.613894300836889]],["hxxp://www.alumniclass.com/",["hxxp://www.alumniclass.com/",10.53138520,"hxxp://www.google-analytics.com/",2.60370040]],["hxxp://www.ask.com/",["hxxp://ak.imgfarm.com/",2.27338020,"hxxp://b.scorecardresearch.com/",2.60370040,"hxxp://img.youtube.com/",2.27338020,"hxxp://sp.ask.com/",6.567542799999998,"hxxp://tbr.ask.com/",2.27338020,"hxxp://www.ask.com/",7.228183199999998,"hxxp://www.google-analytics.com/",2.60370040,"hxxp://wzpo1.ask.com/",2.60370040]],["hxxp://www.easports.com/",["hxxp://cdn.content.easports.com/",4.585621599999999,"hxxp://cdn.www.easports.com/",9.870744799999997,"hxxp://dnn506yrbagrg.cloudfront.net/",2.27338020,"hxxp://eaeacom.112.2o7.net/",2.60370040,"hxxp://resources.ea.com/",2.60370040,"hxxp://www.easports.com/",11.52234580,"hxxp://www.gaiaflashframework.com/",2.27338020,"hxxp://www.google-analytics.com/",2.93402060]],["hxxp://www.facebook.com/",["hxxp://static.ak.fbcdn.net/",0.8243654771309440]],["hxxp://www.frostwire.com/",["hxxp://static.frostwire.com/",7.985144776013998,"hxxp://www.google-analytics.com/",2.5295730496120,"hxxps://apis.google.com/",2.5295730496120,"hxxps://ssl.gstatic.com/",2.2086570657060]],["hxxp://www.google.com/",["hxxp://id.google.com/",0.4313678912262720,"hxxp://lh4.googleusercontent.com/",0.65358771397920,"hxxp://news.google.com/",0.65358771397920,"hxxp://p5-jw2y3q2ant4ta-exsacsz3lrzhy2jr-582265-i1-v6exp3-v4.metric.gstatic.com/",0.65358771397920,"hxxp://p5-jw2y3q2ant4ta-exsacsz3lrzhy2jr-582265-i2-v6exp3-ds.metric.gstatic.com/",0.65358771397920,"hxxp://ssl.gstatic.com/",0.3465408968816255,"hxxp://www.google.com/",2.748303444257430]],["hxxp://www.notdoppler.com/",["hxxp://ads.intergi.com/",2.613894300836889,"hxxp://adserver.adtechus.com/",2.319614810014193,"hxxp://beacon.saymedia.com/",3.791012264127673,"hxxp://core.saymedia.com/",2.613894300836889,"hxxp://ct1.addthis.com/",2.613894300836889,"hxxp://i.notdoppler.com/",14.53144202176024,"hxxp://pagead2.googlesyndication.com/",2.025335319191497,"hxxp://pixel.quantserve.com/",2.319614810014193,"hxxp://www.notdoppler.com/",4.673850736595761,"hxxps://plusone.google.com/",2.319614810014193]],["hxxp://www.pfaff.com/",["hxxp://www.google-analytics.com/",2.189416085407748,"hxxp://www.pfaff.com/",4.967033507193693]],["hxxp://www.springboardplatform.com/",["hxxp://analytics.springboardvideo.com/",2.025335319191497,"hxxp://analytics.stg.springboardvideo.com/",2.025335319191497,"hxxp://streaming.springboardvideo.com/",2.908173791659586]],["hxxp://www.verdugohs.org/",["hxxp://counter.edlio.com/",1.538615947120,"hxxp://www.verdugohs.org/",55.99057963632034,"hxxps://www.paypalobjects.com/",2.230834958240]],["hxxp://www.youtube.com/",["hxxp://s.ytimg.com/",1.857229544077419]],["hxxps://plusone.google.com/",["hxxps://plusone.google.com/",1.241244702449474,"hxxps://ssl.gstatic.com/",0.5281470911240961]]],"startup_list":[1,"hxxp://cdn.www.easports.com/","hxxp://id.google.com/","hxxp://p5-etcqmcm5466xw-qvn6y5g2umf73cqy-446960-i1-v6exp3-v4.metric.gstatic.com/","hxxp://p5-etcqmcm5466xw-qvn6y5g2umf73cqy-446960-i2-v6exp3-ds.metric.gstatic.com/","hxxp://p5-etcqmcm5466xw-qvn6y5g2umf73cqy-446960-s1-v6exp3-v4.metric.gstatic.com/","hxxp://sp.ask.com/","hxxp://ssl.gstatic.com/","hxxp://websearch.ask.com/","hxxp://www.easports.com/","hxxp://www.google.com/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"alerts":{"initialized":true},"autoupdate":{"last_check":"12994569243900750","next_check":"12995522347596491"},"blacklistupdate":{"lastpingday":"12994498804307750","version":"0.0.0.129"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"],"newtab":["chrome-extension://aaaanijiojpcccpkjdjjmjghddcgcbfj/config/skin/new-tab.html"]},"settings":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"ack_external":true,"active_permissions":{"api":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","plugin","tabs","unlimitedStorage"],"explicit_host":["chrome://favicon/*","hxxp://*/*","hxxps://*/*"],"scriptable_host":["*://*.ask.com/","*://*.bagsbuy.com/*","*://*.childrenschorus.org/*","*://*.csaa.com/*","*://*.facebook.com/*","*://*.google.com/*","*://*.google.com/imgres*","*://*.mercurynews.com/*","*://*.usnews.com/*","*://*.wikipedia.org/*","*://*/*","*://codesearch.google.com/*","*://images.google.com/*"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12993415288035891","location":3,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.23076"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.23076_0","state":1,"update_url_data":""},"aakhlmakppmkkmfkoibponkmmpgpmjgl":{"blacklist":true},"aandpgohbohmlknpjbblpmoladhoochg":{"blacklist":true},"abciiempgohamehppammbkhkicmkgkob":{"blacklist":true},"abfclfmhaemoockhhinpplncjehfpdbd":{"blacklist":true},"acmpfcamncegnhjdeiodgilikjafcamg":{"blacklist":true},"aebfkgcamgnimcbnbiopgdakknjgggnm":{"blacklist":true},"aemcjbfajnnmhblifaejadoecfoaebld":{"blacklist":true},"afenhmponmfmdmbmccbmglppcmjhmhmh":{"blacklist":true},"aglmapjbjphdidmnileogpjkgpdoliep":{"blacklist":true},"agmhonoepgcnakccfpidhjehlocaeaaj":{"blacklist":true},"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"h","page_ordinal":"n"},"ahjfgnikolodijnpakeknpilnemojlhc":{"blacklist":true},"aieglpnmmhleoenpbmfaffppfomgjmba":{"blacklist":true},"aieihijcjcccdiepockaiekhpflicdii":{"blacklist":true},"aifmjmboebdkdelpjenakhaodgneempp":{"blacklist":true},"ajlkjjdbgcjdiklbcomhnfghjigfccoh":{"blacklist":true},"alcbnnpmipohgdllkkglhkbncijplago":{"blacklist":true},"aldalonecchncedclgcndcndgilaclnk":{"blacklist":true},"alfahpoknocfdebmiclonikapcnljlob":{"blacklist":true},"aljdncnajablgppdcfbehhmidlmbndda":{"blacklist":true},"amfgdngndpfldigimkcindjalokfnmem":{"blacklist":true},"amoobcjlpgloocplpikcldcpjjdnoeii":{"blacklist":true},"anmjpohfnlopdfaojooicpemopnliimn":{"blacklist":true},"apdmgffkfhjfeejmbjidennfjdkmmmbl":{"blacklist":true},"aphncaagnlabkeipnbbicmcahnamibgb":{"blacklist":true},"bcddmcejgphfgofbpoocakaeapfomlek":{"blacklist":true},"benclngoadbppljglhphhnfknoppmjoa":{"blacklist":true},"bhdkpmneahdelgdgfhddianklldfoell":{"blacklist":true},"bilgncckogfgfipdlejkffnbkgjkmflh":{"blacklist":true},"bioeopenmokdgbekbgpgnacecjmpckbb":{"blacklist":true},"bjihddggcgnblgojnmhpnngonofbnkaj":{"blacklist":true},"bkhafliomebnpccanacmlfaemgfiofko":{"blacklist":true},"bkkchglolnigbfncnbnnbhhempjkdpkf":{"blacklist":true},"bkplhcigeaiiliajeehehiikokgocbhb":{"blacklist":true},"bldgnkigdcpgnbfehgbameigoohecdfl":{"blacklist":true},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_permissions":{"api":["appNotifications"]},"app_launcher_ordinal":"n","events":["experimental.runtime.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12986266299858537","lastpingday":"12994498803849750","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"en_US","default_locale":"en","description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","name":"YouTube","permissions":["appNotifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.5"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.5_0","state":1},"bndahdijlcnncjbpammoedeapmlobllc":{"blacklist":true},"bnffnggkphadlnoopcoakdnkellnifjp":{"blacklist":true},"boaoagnmpennjoigkkmnjhecapibhfko":{"blacklist":true},"boclfockfmgcppbajihcgajhpggaakgl":{"blacklist":true},"bokkificjhapflinbdejegngffgkcgfe":{"blacklist":true},"caphkimknlmnhpjoneddiaakmcaajagb":{"blacklist":true},"cbbbpmlnlpnjojeplppgeilanlihoojg":{"blacklist":true},"cbbjhegipokkofhhicbckicchjpcpeni":{"blacklist":true},"cdogaeccgljmkecjmoedambgiekkllij":{"blacklist":true},"cekdjgnecpoooikhmceokdhojckkkhmh":{"blacklist":true},"cepfogmgfkddnllaopgknbdfkceejmhk":{"blacklist":true},"cfbdodejdeejbkffcmiaknpmojjeibpn":{"blacklist":true},"cgnegjfmdfenjojhjffejinpnpoglmlh":{"blacklist":true},"cgnkbnaiipmfbakpmhllalggoepniemh":{"blacklist":true},"cihlkpohodpdkdnfalhdkhhlhmhffmbe":{"blacklist":true},"cjhklhdjonhcohlacgggcbklpnldleck":{"blacklist":true},"cjohbbapkbkkhpohinffggbphnhoblea":{"blacklist":true},"ckckpgefkpjfopjppjfcikppehdhceah":{"blacklist":true},"ckphhghhpjbfddcgkpfbelfeojcciglo":{"blacklist":true},"clapnamcglekekmamicmbahkghdcjaeh":{"blacklist":true},"cmjphjljejnfgdbkdgdlclaabimpknna":{"blacklist":true},"cmlokmkdolieoaoddlfhaidnlmiadhik":{"blacklist":true},"coajchbkdbfhmhbgcjepiofllfjjcpfp":{"blacklist":true},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"active_bit":true,"app_launcher_ordinal":"w","events":["experimental.runtime.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12986266300662537","lastpingday":"12994498803849750","location":2,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","name":"Google Search","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.19"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.19_0","state":1},"copjbedljgpkaakkmbhgkpoaadeahido":{"blacklist":true},"cpiiakoibaohkfoaijaigdnocfolnmll":{"blacklist":true},"dadcalgappognjbjpalfophhcfakoeac":{"blacklist":true},"danapgfidmepmcfbjjacceiaiiioieio":{"blacklist":true},"dbanhghadfmjndnjmmejdgfdmgidlbpm":{"blacklist":true},"dbiblcmlcgdjjbdpbmbcpineegngkiip":{"blacklist":true},"dbmdicehacbaohlockjgdglcobimmjkh":{"blacklist":true},"dejippphmhbpgckbhdidnjmdcpfccbaj":{"blacklist":true},"dfafokiagoiocidlpglcanjkcdbdnioi":{"blacklist":true},"dfoegfajplmijblljfancdapbdaopebb":{"blacklist":true},"dgaehaeahdegbdlenicbmkbakhdgoeml":{"blacklist":true},"dgcfmgdfbfbgcpbendbhbkfjppboebed":{"blacklist":true},"dgkemngdheppgohkjjelnkjmdeimmfml":{"blacklist":true},"dhclobcklknojliojkkclgjndemadnig":{"blacklist":true},"diinokaoicgobepmadnmedlhdfnpehcj":{"blacklist":true},"dinhjcapnfbffhiihdlnbdfjdjjfhcbk":{"blacklist":true},"djnahdkbfgnhgpakidinfonfcjbagkgp":{"blacklist":true},"dlobhinihbmedmheccecfnkcadpehmbf":{"blacklist":true},"dmhgenmamfphbclmhdgmffajkfommkom":{"blacklist":true},"dmhjdbigobajgnfoabodjgmcdgoeoljm":{"blacklist":true},"dmkdhgkknhnfpdjeicefnpmhcpbimden":{"blacklist":true},"dnemhlkdpajbbniphgkgceplmnkfnhfo":{"blacklist":true},"doneghboglgnflpdicnkaojmmljgejkj":{"blacklist":true},"dpgenihgggagjjggfocjceeobjkadcbc":{"blacklist":true},"dpmloehicimdjkibmobhmpgdndgbcced":{"blacklist":true},"ebdcdchjcndpjhehacedepnggfdbfkpn":{"blacklist":true},"echngajnlpjeacbanjejlhcajjfoedcc":{"blacklist":true},"edmnikahahfkfilbbjbdoiabnghbkmjc":{"blacklist":true},"efbeabpbbkahnnjalakldjfhljboclkf":{"blacklist":true},"efhjelcghjkfigiagdfbfilndaffpmdj":{"blacklist":true},"efnaljpgehfilpmkhobibbjceeeondmn":{"blacklist":true},"egljdhfnbjahogjahnigfnbpidlmdagi":{"blacklist":true},"ehgoiaffgjoinpkllmmnikghgpghnabc":{"blacklist":true},"ehmjnpjodmgeocfphkjjnheiheehcoid":{"blacklist":true},"ehomcoocpagnlcakcbecdaknmacmedld":{"blacklist":true},"eihjeehdobnpkonebmpanonopghepfle":{"blacklist":true},"eijbdinddjecmebnlienfoijpjjobkjh":{"blacklist":true},"ejijgghlncnaphklndknkbkclebfboca":{"blacklist":true},"ejlekamipdcfcfpgfepjmklllbpeecaj":{"blacklist":true},"elcaigjcaijbfpjngaekbblphmfjdhfo":{"blacklist":true},"eofejpelggimkodeojpeojnbijgiglgh":{"blacklist":true},"eopmhecjnginkckggjmhombbopmkjpam":{"blacklist":true},"epbmnbdplhcomkedpjfceakddnbgfjmf":{"blacklist":true},"fafoohpbicgbcejffcplajonhhooddle":{"blacklist":true},"fbhiehmngojjcmljddjmgpmcockbccmo":{"blacklist":true},"fcfepemfihgibdacjlnlecebknaaepmj":{"blacklist":true},"ffgfbfakpcnngelphjnppokmoicdollk":{"blacklist":true},"fhlkffpjoajppmhcakbkjndbjfljccpi":{"blacklist":true},"fiapkdjniadkodmdibdnchoifkpfoiid":{"blacklist":true},"fibgploapkhokkbncddlkcmbmiengcfp":{"blacklist":true},"fihepkmlkmciffbhijldnpmifhbkiinp":{"blacklist":true},"fjhfnfakmfcejgmfkmnapemgblmehppf":{"blacklist":true},"fjjeecfjmgfnleghoellhldedkaocjfc":{"blacklist":true},"fleljamdchegbjeiipbnmiebnhgheeld":{"blacklist":true},"flmmgcfcpbfddenepkfmgfpbaceolcoe":{"blacklist":true},"fmcccidacjgnfiafddkngmeolkoiihil":{"blacklist":true},"fmonlemffgbabjifjfaoamdflijecdbk":{"blacklist":true},"fngolbdmkneakeaoiieafkilnogbocda":{"blacklist":true},"fnhcgnmfccojojojacgeiaaeacefdohb":{"blacklist":true},"fnkaadkanmfgpfbmdcllhjdgmdbgljpi":{"blacklist":true},"fnnmbghphdnmmjdapccfobgjemjadeli":{"blacklist":true},"fnoadkjdjfgafomgmablhmffooijcfbn":{"blacklist":true},"foenbafkkmajnmfnlcmejonkfaipdmme":{"blacklist":true},"fommcgokigkhmnhlhlkckfjhefnmfohd":{"blacklist":true},"fpbippbofbmgmbojjmgfcifpmdaelcmd":{"blacklist":true},"fpjdackpllilinpkgmhkpidkanmccblc":{"blacklist":true},"fpmajanjndhgpifbcbnklbiehgnpkgmf":{"blacklist":true},"fpoajjnnpmledpmohlgpgbmlhbgkgahg":{"blacklist":true},"fpokembamndopkflopmplkklbdngnknd":{"blacklist":true},"gaicmfjflflabagobdiodejfpjikheeo":{"blacklist":true},"gandihaiobadcggbfkhpbkocmiemjlnf":{"blacklist":true},"gbenikfjhilhpgagllmfgggdjaflbmbi":{"blacklist":true},"gdggdkkjecogagaffaemnbfmllcoihjp":{"blacklist":true},"gekkhpjigmckhgmgngadbeknekgpgolb":{"blacklist":true},"ghgphbmpcfgkfneodjpbdanmdoemklio":{"blacklist":true},"ghmaokcegalalefnhlfcnjhnpdbanjkj":{"blacklist":true},"gifglngcdbggmlgkcombebegdaoknkho":{"blacklist":true},"gjkbghdignnlcknknflbigpammebiolo":{"blacklist":true},"gjmhdmobkhfhkpfmfegnkkimlamjdldi":{"blacklist":true},"gkjeccpmibljcfpfapfljciimedljpnm":{"blacklist":true},"gkjmgdpdndoaiholejnmdbbpdaafahmm":{"blacklist":true},"gmghjgfdialcnhadahmjefeflgnhcjeb":{"blacklist":true},"gnapdhmknipknfmhhnhdmhakdfhgeing":{"blacklist":true},"gncfgndgeoddelbfhlndhljnecoednaa":{"blacklist":true},"gngmkbiihflpghldjnbpemaicedhdddk":{"blacklist":true},"gobjcjhhebpjbmjdgmejhebbleadnceo":{"blacklist":true},"goedioiidkokkbobdnopnlnaaalniegm":{"blacklist":true},"gplgjmecjpbfcdikpbicknafcnfcidek":{"blacklist":true},"hbaajkahagmlkdekmbdabikbopdgpaac":{"blacklist":true},"hbdhabpmbbanaopgkbaondabkkepjfaf":{&

Share this post


Link to post
Share on other sites
My attempt to uninstall the Ask Toolbar gave me this error message:

 

Error 1316. A network error occurred while attempting to

read from the file C:\Windows\Installer\AskToolbar.msi

 

and the program was not removed from the program list in the control panel.

We'll see what's left after we are through with a few steps.

 

Now please have AdwCleaner remove everything it found.

If you want to keep the AVG, that's fine, but it's not required and I would read this about it:

Shame on AVG

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

 

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.


  1.  
  2. Tick the box next to YES, I accept the Terms of Use.
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan
    Wait for the scan to finish
  8. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  9. Copy and paste that log as a reply to this topic

 

As administrator, I tried to uninstall Norton Internet Security (it was not updated, but uninstall did not work).....Later, after running AdwCleaner and SecurityCheck (logs attached below, it popped in my brilliant mind to use symantec's Norton Removal Tool to completely remove Norton. Done.

Since you ran that Security Check after the Norton Removal Tool, it seems it was not completely removed. I would run the Norton Removal Tool again, but from Safe Mode.

If this wasn't where you downloaded the Norton Removal Tool from, I would delete your copy and download a new copy from:

ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Now reboot to Safe Mode - Restart your computer and begin tapping the F8 key on your keyboard.

If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

To return to normal mode just restart your computer as you normally would.

Now double click on Norton_Removal_Tool.exe to run it, and when finished, if your system doesn't restart, restart it manually.

 

 

After that, I'd like to see a new log from ComboFix.

 

We need to make sure you have the most recent version of ComboFix.

Delete your current copy of ComboFix.exe.

Download ComboFix© by sUBs from:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Save the file to your Desktop.

Close any open browsers.

Close your AntiVirus and any anti-spyware programs you may be running.

For this next step, please ensure that ComboFix.exe is on your desktop:

 

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that new log in your next reply.

 

 

Does the Ask Toolbar still show up in Control Panel > Programs and Features?

 

Please post the new log from ComboFix, and then in a second reply the new log from AdwCleaner, the log from ESET's online scanner, and note any errors encountered. How is the system running now?

Share this post


Link to post
Share on other sites

ComboFix 12-11-16.02 - Ramon 11/17/2012 23:47:34.2.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1700 [GMT -5:00]

Running from: c:\users\Ramon\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

F:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))

.

.

2012-11-18 05:01 . 2012-11-18 05:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-17 18:18 . 2012-11-17 18:18 -------- d-----w- c:\program files (x86)\ESET

2012-11-17 18:18 . 2012-11-17 18:18 -------- d--h--w- c:\windows\AxInstSV

2012-11-16 04:39 . 2012-11-16 04:40 -------- d-----w- c:\users\Ramon-Leticia

2012-11-16 02:53 . 2012-11-16 02:53 -------- d-----w- c:\users\Guest

2012-11-15 08:02 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-15 08:02 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-15 08:02 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-15 08:02 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-15 08:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-15 08:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-15 08:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-15 08:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-15 08:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-15 08:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-15 08:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-15 02:30 . 2012-11-15 02:30 -------- d-----w- c:\users\Ramon\AppData\Roaming\AVG2013

2012-11-15 02:26 . 2012-11-15 02:26 -------- d-----w- c:\users\Ramon\AppData\Roaming\TuneUp Software

2012-11-15 02:25 . 2012-11-15 02:24 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-11-15 02:24 . 2012-11-17 18:05 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-11-15 02:19 . 2012-11-15 02:27 -------- d-----w- c:\programdata\AVG2013

2012-11-15 01:59 . 2012-11-18 04:02 -------- d-----w- c:\users\Ramon\AppData\Local\Avg2013

2012-11-15 01:59 . 2012-11-15 01:59 -------- d-----w- c:\users\Ramon\AppData\Local\MFAData

2012-11-14 23:48 . 2012-11-14 23:48 -------- d-----w- c:\users\Ramon\AppData\Local\Symantec

2012-11-14 21:16 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-11-14 21:16 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-11-14 21:16 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-11-14 21:16 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-11-14 21:16 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-11-14 21:16 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-11-14 21:16 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-11-14 21:16 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll

2012-11-14 21:16 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-11-14 21:16 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll

2012-11-14 21:16 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-11-14 21:16 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-11-14 21:15 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-11-14 21:15 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-11-14 21:15 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-11-14 21:15 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-11-14 21:15 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-11-14 21:15 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-14 21:15 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-05 22:44 . 2012-11-05 22:44 388096 ----a-r- c:\users\Ramon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-05 22:44 . 2012-11-05 22:44 -------- d-----w- c:\program files (x86)\Trend Micro

2012-11-04 17:25 . 2012-11-04 17:25 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE

2012-10-27 01:25 . 2012-10-27 01:25 -------- d-----w- c:\windows\SysWow64\Extensions

2012-10-27 01:25 . 2012-10-27 01:25 -------- d-----w- c:\windows\SysWow64\searchplugins

2012-10-25 23:23 . 2012-10-25 23:23 -------- d-----w- c:\programdata\Kaspersky Lab

2012-10-25 23:23 . 2012-10-25 23:23 -------- d-----w- c:\program files (x86)\Kaspersky Lab

2012-10-25 20:19 . 2012-10-25 21:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-10-25 20:19 . 2012-10-25 21:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-10-24 03:08 . 2012-10-24 03:08 -------- d-----w- c:\users\Ramon\AppData\Roaming\Malwarebytes

2012-10-24 03:08 . 2012-11-08 05:14 -------- d-----w- c:\programdata\Malwarebytes

2012-10-24 03:07 . 2012-10-24 03:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-24 03:07 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2012-10-21 04:07 . 2012-10-21 04:07 -------- d-----w- c:\programdata\CPA_VA

2012-10-21 04:00 . 2012-11-14 23:53 -------- d-----w- c:\programdata\Comodo

2012-10-21 04:00 . 2012-10-21 04:00 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll

2012-10-21 03:32 . 2012-10-21 03:32 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-14 21:11 . 2011-06-17 19:04 66395536 ----a-w- c:\windows\system32\MRT.exe

2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-10-09 21:36 . 2012-07-15 19:06 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 21:36 . 2011-06-26 01:25 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2012-10-02 08:30 . 2012-10-02 08:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-09-21 08:46 . 2012-09-21 08:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-09-21 08:46 . 2012-09-21 08:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys

2012-09-14 19:19 . 2012-10-09 19:47 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:28 . 2012-10-09 19:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-14 08:05 . 2012-09-14 08:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2012-08-31 18:19 . 2012-10-09 19:48 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-08-30 18:03 . 2012-10-09 19:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-09 19:48 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-08-30 17:12 . 2012-10-09 19:48 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-08-24 18:05 . 2012-10-09 19:47 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-08-24 16:57 . 2012-10-09 19:47 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-22 18:12 . 2012-09-12 16:17 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 16:17 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 16:17 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-21 21:01 . 2012-09-26 01:10 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-08-21 17:01 . 2012-09-26 20:10 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 17:01 . 2012-08-21 17:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll

2012-08-21 17:01 . 2012-08-21 17:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll

2012-08-20 18:48 . 2012-10-09 19:48 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-08-20 18:48 . 2012-10-09 19:48 243200 ----a-w- c:\windows\system32\wow64.dll

2012-08-20 18:48 . 2012-10-09 19:48 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-08-20 18:48 . 2012-10-09 19:48 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 18:48 . 2012-10-09 19:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-08-20 18:48 . 2012-10-09 19:48 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 18:48 . 2012-10-09 19:48 1162240 ----a-w- c:\windows\system32\kernel32.dll

2012-08-20 18:46 . 2012-10-09 19:48 338432 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 18:38 . 2012-10-09 19:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-08-20 17:40 . 2012-10-09 19:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2012-08-20 17:38 . 2012-10-09 19:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-20 17:38 . 2012-10-09 19:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2012-08-20 17:37 . 2012-10-09 19:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-08-20 17:37 . 2012-10-09 19:48 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-08-20 17:32 . 2012-10-09 19:48 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-08-20 17:32 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2012-08-20 15:38 . 2012-10-09 19:48 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2012-08-20 15:38 . 2012-10-09 19:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2012-08-20 15:33 . 2012-10-09 19:47 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33 . 2012-10-09 19:47 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-26 39408]

"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~3\FFDSHO~1\22639~1.201\{16CDF~1\ffdshowmngr.dll c:\progra~3\FFDSHO~1\22639~1.201\{16CDF~1\ffdshowmngr.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]

R2 CLKMSVC10_C6F09094;CyberLink Product - 2010/10/20 19:52;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-06-30 245232]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 ffdshow manager;ffdshow manager;c:\programdata\ffdshow manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [2012-10-25 1698848]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-08 1255736]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-15 30568]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]

S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]

S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-15 711112]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-05-14 329952]

S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-05-14 6465760]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_C6F09094

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 21:36]

.

2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 01:24]

.

2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 01:24]

.

2012-11-17 c:\windows\Tasks\HPCeeScheduleForRamon.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]

"LXCRCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll" [2006-02-24 30720]

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{608E1190-54D3-44A5-AAC7-2EDD6D2650D3}: NameServer = 8.26.56.26,156.154.70.22

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe

Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-18 00:23:10

ComboFix-quarantined-files.txt 2012-11-18 05:23

ComboFix2.txt 2012-11-15 06:21

.

Pre-Run: 428,232,380,416 bytes free

Post-Run: 427,982,589,952 bytes free

.

- - End Of File - - 6B2CBDBFEB44B8677B696C6F59A467CC

Share this post


Link to post
Share on other sites

Okay, per your instructions: I had AdwCleaner remove all it found. Log posted below.

I downloaded AVG for the resident anti-virus after reading from reviews on CNET. I will see about getting the updated Norton Internet Security, but in the meanwhile, what free anti-virus do you like/recommend?

 

I ran an online scan with ESET, but did not find a log at C:\Program Files\EsetOnlineScanner. I found a "CAB hook log" at C:\Program Files (x86)\ESET\ESET Online Scanner. So I ran it ESET again, and same result. Both CAB hook logs are below. I also posted the list on ESET screen 4, in the event that was what you wanted to see. (I apologize if I misunderstood.)

 

I could not find Norton Removal Tool on the computer, so I simply downloaded from your link, ran in Safe Mode, and manually restarted.

 

New log from ComboFix follows this reply as well.

 

Ask Toolbar does not show in Control Panel > Programs and Features! Hooray! The system is running much smoother, except the printer won't print. It acts like it is printing, audio says "printing started," printer kicks out blank pages, but nothing prints and no pending documents are in the printer queue. Do I need to uninstall and reinstall/re-load onto the computer?

 

 

# AdwCleaner v2.007 - Logfile created 11/17/2012 at 13:05:11

# Updated 06/11/2012 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Ramon - RAMON-LETICIA

# Boot Mode : Normal

# Running from : C:\Users\Ramon\Downloads\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Deleted : C:\Users\Public\Desktop\eBay.lnk

Folder Deleted : C:\Program Files (x86)\AVG Secure Search

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\IBUpdaterService

Folder Deleted : C:\Users\Ramon\AppData\Local\APN

Folder Deleted : C:\Users\Ramon\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\Ramon\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\Ramon\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Ramon-Leticia\AppData\Local\AVG Secure Search

Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\bProtector

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

Key Deleted : HKCU\Software\PIP

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\Software\APN

Key Deleted : HKLM\Software\AskToolbar

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\bProtector

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKU\S-1-5-21-997291780-1119377360-3724968778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

-\\ Google Chrome v [unable to get version]

 

File : C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Deleted [l.1] : icon_url ={"backup":{"_signature":"gM0R5WbX/apkjfAyrD7crq41O1h9aJ7lCwE/NqbW4fA=","_version":4,"extensions":{"ids":["aaaanijiojpcccpkjdjjmjghddcgcbfj","ahfgeienlihckogmohjhadlkjgocpleb","blpcfgokakmgnkcojhhkbfbldkacnbeo","coobgpohoikkiipiblmjeljniedjpjpf","hgojaaaiddhmiiakpejiklijbalpckih","jmfkcklnlgedgbglfkkgedjfmejoahla","pjkljhegncpnkpknbcohdijeoejaedia"],"settings":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"ndibdjnfmopecpmkdieinmbadjfpblof":{"location":1,"manifest":{"background_page":"content/background.html","browser_action":{"default_icon":"content/icons/avg_icon_16.png","default_title":"AVG Do Not Track"},"chrome_url_overrides":{"newtab":"content/redirect.html"},"content_scripts":[{"all_frames":true,"js":["content/js/content.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"js":["content/js/ntinject.js"],"matches":["hxxp://toolbar.avg.com/*"]}],"default_locale":"en","description":"AVG Secure Search","icons":{"128":"content/icons/128-AVG-logo.png","16":"content/icons/16-AVG-logo.png","48":"content/icons/48-AVG-logo.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQAB","name":"AVG Secure Search","options_page":"content/options.html","permissions":["tabs","plugin","webRequest","webRequestBlocking","hxxp://*/*","hxxps://*/*","hxxp://dnt.cloud.avg.com/","hxxp://dntf.cloud.avg.com/"],"version":"13.2.0.4"},"path":"ndibdjnfmopecpmkdieinmbadjfpblof\\13.2.0.4","state":0},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"hgojaaaiddhmiiakpejiklijbalpckih":{"location":1,"manifest":{"background":{"page":"background.html"},"content_scripts":[{"all_frames":false,"js":["ci.content.pack.js","content.js"],"matches":["<all_urls>"],"run_at":"document_start"},{"all_frames":false,"js":["ci.browser.helper.js"],"matches":["<all_urls>"],"run_at":"document_end"}],"description":"Add Smileys to Facebook Chat","homepage_url":"hxxp://www.statuswinks.com/","icons":{"128":"icon128.png","16":"icon16.png","48":"icon48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1jsAQ41OnoYhcGAqBDS8kBfewrqtzggICVCuEcyjE+aa+/8YI5ibjJon6ZOLZ2L2qyEBXZN5U+pR7Sq+1VxiVtWOEyf7l7GVDRoeSfhKelQgKPM0uKK/EPszhzJKlgTXWzY3E3IsKRG3dbBqXpySRq2sV6pgYSBhdCyfZIVx6EwIDAQAB","manifest_version":2,"name":"Smiley Bar for Facebook","permissions":["tabs","webNavigation","<all_urls>"],"update_url":"hxxp://dd50w6dldw3pf.cloudfront.net/statuswinks/chrome/update.xml","version":"1.0.0.0"},"path":"hgojaaaiddhmiiakpejiklijbalpckih\\1.0.0.0","state":0}}},"homepage":"hxxp://search.babylon.com/?affID=115851&tt=021012_IKAN_4012_8&babsrc=HP_ss&mntrId=9c675ee6000000000000643150210246","homepage_is_newtabpage":false,"session":{"restore_on_startup":5,"urls_to_restore_on_startup":["hxxp://search.babylon.com/?affID=115851&tt=021012_IKAN_4012_8&babsrc=HP_ss&mntrId=9c675ee6000000000000643150210246"]}},"browser":{"check_default_browser":true,"clear_lso_data_enabled":true,"last_known_google_url":"hxxp://www.google.com/","last_prompted_google_url":"hxxp://www.google.com/","pepper_flash_settings_enabled":true,"window_placement":{"bottom":852,"left":43,"maximized":true,"right":1158,"top":42,"work_area_bottom":860,"work_area_left":0,"work_area_right":1600,"work_area_top":0}},"cloud_print":{"email":""},"countryid_at_install":21843,"default_apps_install_state":1,"default_search_provider":{"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.ico","id":"2","instant_url":"{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&ie={inputEncoding}{google:instantEnabledParameter}{searchTerms}","keyword":"google.com","name":"Google","prepopulate_id":"1","search_url":"{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}","suggest_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}"},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":true,"show_welcome_page":true,"skip_first_run_ui":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://ad.doubleclick.net/",["hxxp://s0.2mdn.net/",2.27338020]],["hxxp://ad.turn.com/",["hxxp://cdn.turn.com/",2.319614810014193]],["hxxp://ads.pubmatic.com/",["hxxp://ad.turn.com/",2.319614810014193,"hxxp://adadvisor.net/",2.613894300836889,"hxxp://aud.pubmatic.com/",2.908173791659586,"hxxp://ib.adnxs.com/",2.319614810014193,"hxxp://idpix.media6degrees.com/",2.319614810014193,"hxxp://image2.pubmatic.com/",3.496732773304977,"hxxp://pixel.quantserve.com/",2.025335319191497,"hxxp://pixel.rubiconproject.com/",2.025335319191497,"hxxp://sync.mathtag.com/",2.319614810014193,"hxxp://www.adadvisor.net/",2.025335319191497]],["hxxp://blogs.computerworld.com/",["hxxp://a0.twimg.com/",4.585621599999999,"hxxp://idg-computerworldblogs.disqus.com/",2.60370040,"hxxp://images.industrybrains.com/",3.594660999999999,"hxxp://mediacdn.disqus.com/",6.897862999999998,"hxxp://now.eloqua.com/",3.264340799999999,"hxxp://ping.chartbeat.net/",2.27338020,"hxxp://static.chartbeat.com/",2.27338020,"hxxp://w.sharethis.com/",4.585621599999999,"hxxp://www.computerworld.com/",12.381310448080,"hxxp://www.facebook.com/",4.585621599999999]],["hxxp://cdn.assets.gorillanation.com/",["hxxp://analytics.springboardvideo.com/",2.025335319191497,"hxxp://analytics.stg.springboardvideo.com/",2.025335319191497,"hxxp://b.scorecardresearch.com/",2.319614810014193,"hxxp://cdn.springboard.gorillanation.com/",2.319614810014193,"hxxp://cms.springboard.gorillanation.com/",2.319614810014193,"hxxp://si-general.springboardplatform.com/",2.025335319191497,"hxxp://streaming.springboardvideo.com/",2.319614810014193,"hxxp://webservices.evolvemediacorp.com/",2.025335319191497,"hxxp://www.google.com/",2.613894300836889,"hxxp://www.springboardplatform.com/",3.202453282482282]],["hxxp://cdn.turn.com/",["hxxp://image2.pubmatic.com/",2.025335319191497]],["hxxp://core.saymedia.com/",["hxxp://b.scorecardresearch.com/",1.151398295090829,"hxxp://pixel.quantserve.com/",1.151398295090829,"hxxp://tag.admeld.com/",2.025335319191497]],["hxxp://ct1.addthis.com/",["hxxp://adx.adnxs.com/",2.025335319191497,"hxxp://aidps.atdmt.com/",2.025335319191497,"hxxp://cspix.media6degrees.com/",2.025335319191497,"hxxp://ds.addthis.com/",2.025335319191497,"hxxp://ds.reson8.com/",2.319614810014193,"hxxp://ib.adnxs.com/",0.3857109649737093,"hxxp://m.addthisedge.com/",0.8618217694195256,"hxxp://segment-pixel.invitemedia.com/",0.07084425480575195,"hxxp://sync.mathtag.com/",2.025335319191497,"hxxp://view.atdmt.com/",0.07084425480575195]],["hxxp://d.xp1.ru4.com/",["hxxp://d.xp1.ru4.com/",2.025335319191497,"hxxp://hxxp.content.ru4.com/",2.319614810014193,"hxxp://idsync.rlcdn.com/",2.319614810014193,"hxxp://image2.pubmatic.com/",2.025335319191497,"hxxp://loadm.exelator.com/",2.025335319191497,"hxxp://m.xp1.ru4.com/",2.319614810014193,"hxxp://pixel.exelator.com/",2.025335319191497,"hxxp://r.nexac.com/",2.025335319191497,"hxxp://r.openx.net/",2.319614810014193,"hxxp://tags.bluekai.com/",2.025335319191497]],["hxxp://dan-ball.jp/",["hxxp://dan-ball.jp/",7.852488223133726,"hxxp://pagead2.googlesyndication.com/",1.151398295090829,"hxxp://www.google-analytics.com/",1.151398295090829]],["hxxp://edge.sharethis.com/",["hxxp://edge.sharethis.com/",2.27338020,"hxxp://w.sharethis.com/",2.60370040]],["hxxp://google.com/",["hxxp://www.google.com/",2.066525344788971]],["hxxp://googleads.g.doubleclick.net/",["hxxp://amch.questionmarket.com/",0.08351555225096762,"hxxp://cheetah.vizu.com/",0.9001873533091516,"hxxp://googleads.g.doubleclick.net/",2.319614810014193,"hxxp://i1.ytimg.com/",0.3077220011432548,"hxxp://pagead2.googlesyndication.com/",0.6826697905252139,"hxxp://puma.vizu.com/",1.19642002939210,"hxxp://s0.2mdn.net/",0.3353495960346131,"hxxp://www.google.com/",2.319614810014193,"hxxp://www.gstatic.com/",0.9001873533091516,"hxxps://googleads.g.doubleclick.net/",2.319614810014193]],["hxxp://i.notdoppler.com/",["hxxp://gd31b7d91cc574d63.api.playtomic.com/",2.025335319191497]],["hxxp://ipchicken.com/",["hxxp://ipchicken.com/",4.426065477271901,"hxxp://pagead2.googlesyndication.com/",1.804354218957534,"hxxp://www.google-analytics.com/",2.066525344788971,"hxxp://www.kqzyfj.com/",1.804354218957534,"hxxp://www.yceml.net/",1.804354218957534]],["hxxp://mediacdn.disqus.com/",["hxxp://b.scorecardresearch.com/",1.320604615120,"hxxp://mediacdn.disqus.com/",2.27338020]],["hxxp://news.google.com/",["hxxp://csi.gstatic.com/",1.857229544077419,"hxxp://i.ytimg.com/",3.746206601728809,"hxxp://news.google.com/",1.857229544077419,"hxxp://nt0.ggpht.com/",3.476352736350040,"hxxp://nt1.ggpht.com/",4.555768197865120,"hxxp://nt2.ggpht.com/",4.555768197865120,"hxxp://nt3.ggpht.com/",5.365329794001430,"hxxp://ssl.gstatic.com/",2.666791140213729,"hxxp://www.gstatic.com/",2.666791140213729,"hxxps://plusone.google.com/",2.127083409456189]],["hxxp://puma.vizu.com/",["hxxp://cheetah.vizu.com/",1.151398295090829,"hxxp://puma.vizu.com/",1.151398295090829]],["hxxp://seg.sharethis.com/",["hxxp://b.scorecardresearch.com/",2.27338020]],["hxxp://support.google.com/",["hxxp://fonts.googleapis.com/",2.084686339270529,"hxxp://support.google.com/",3.599202055834588,"hxxp://www.google.com/",3.296298912521777,"hxxps://plusone.google.com/",2.084686339270529]],["hxxp://tap2-cdn.rubiconproject.com/",["hxxp://d.agkn.com/",1.967674022654115,"hxxp://ib.adnxs.com/",2.253575376373089,"hxxp://image2.pubmatic.com/",1.967674022654115,"hxxp://match.adsrvr.org/",2.253575376373089,"hxxp://matcher-pbm.bidder7.mookie1.com/",1.967674022654115,"hxxp://matcher-rbc.bidder7.mookie1.com/",2.253575376373089,"hxxp://matcher.bidder8.mookie1.com/",2.253575376373089,"hxxp://p.rightaction.com/",2.539476730092063,"hxxp://pixel.rubiconproject.com/",2.253575376373089,"hxxp://rc.rlcdn.com/",2.253575376373089]],["hxxp://view.atdmt.com/",["hxxp://b.scorecardresearch.com/",2.27338020,"hxxp://b.voicefive.com/",1.320604615120,"hxxp://core.insightexpressai.com/",1.981245015120,"hxxp://rmd.atdmt.com/",0.990284415120]],["hxxp://webservices.evolvemediacorp.com/",["hxxp://cdn.assets.gorillanation.com/",2.319614810014193,"hxxp://webservices.evolvemediacorp.com/",3.791012264127673,"hxxp://www.google-analytics.com/",2.613894300836889]],["hxxp://www.alumniclass.com/",["hxxp://www.alumniclass.com/",10.53138520,"hxxp://www.google-analytics.com/",2.60370040]],["hxxp://www.ask.com/",["hxxp://ak.imgfarm.com/",2.27338020,"hxxp://b.scorecardresearch.com/",2.60370040,"hxxp://img.youtube.com/",2.27338020,"hxxp://sp.ask.com/",6.567542799999998,"hxxp://tbr.ask.com/",2.27338020,"hxxp://www.ask.com/",7.228183199999998,"hxxp://www.google-analytics.com/",2.60370040,"hxxp://wzpo1.ask.com/",2.60370040]],["hxxp://www.easports.com/",["hxxp://cdn.content.easports.com/",4.585621599999999,"hxxp://cdn.www.easports.com/",9.870744799999997,"hxxp://dnn506yrbagrg.cloudfront.net/",2.27338020,"hxxp://eaeacom.112.2o7.net/",2.60370040,"hxxp://resources.ea.com/",2.60370040,"hxxp://www.easports.com/",11.52234580,"hxxp://www.gaiaflashframework.com/",2.27338020,"hxxp://www.google-analytics.com/",2.93402060]],["hxxp://www.facebook.com/",["hxxp://static.ak.fbcdn.net/",0.8243654771309440]],["hxxp://www.frostwire.com/",["hxxp://static.frostwire.com/",7.985144776013998,"hxxp://www.google-analytics.com/",2.5295730496120,"hxxps://apis.google.com/",2.5295730496120,"hxxps://ssl.gstatic.com/",2.2086570657060]],["hxxp://www.google.com/",["hxxp://id.google.com/",0.4313678912262720,"hxxp://lh4.googleusercontent.com/",0.65358771397920,"hxxp://news.google.com/",0.65358771397920,"hxxp://p5-jw2y3q2ant4ta-exsacsz3lrzhy2jr-582265-i1-v6exp3-v4.metric.gstatic.com/",0.65358771397920,"hxxp://p5-jw2y3q2ant4ta-exsacsz3lrzhy2jr-582265-i2-v6exp3-ds.metric.gstatic.com/",0.65358771397920,"hxxp://ssl.gstatic.com/",0.3465408968816255,"hxxp://www.google.com/",2.748303444257430]],["hxxp://www.notdoppler.com/",["hxxp://ads.intergi.com/",2.613894300836889,"hxxp://adserver.adtechus.com/",2.319614810014193,"hxxp://beacon.saymedia.com/",3.791012264127673,"hxxp://core.saymedia.com/",2.613894300836889,"hxxp://ct1.addthis.com/",2.613894300836889,"hxxp://i.notdoppler.com/",14.53144202176024,"hxxp://pagead2.googlesyndication.com/",2.025335319191497,"hxxp://pixel.quantserve.com/",2.319614810014193,"hxxp://www.notdoppler.com/",4.673850736595761,"hxxps://plusone.google.com/",2.319614810014193]],["hxxp://www.pfaff.com/",["hxxp://www.google-analytics.com/",2.189416085407748,"hxxp://www.pfaff.com/",4.967033507193693]],["hxxp://www.springboardplatform.com/",["hxxp://analytics.springboardvideo.com/",2.025335319191497,"hxxp://analytics.stg.springboardvideo.com/",2.025335319191497,"hxxp://streaming.springboardvideo.com/",2.908173791659586]],["hxxp://www.verdugohs.org/",["hxxp://counter.edlio.com/",1.538615947120,"hxxp://www.verdugohs.org/",55.99057963632034,"hxxps://www.paypalobjects.com/",2.230834958240]],["hxxp://www.youtube.com/",["hxxp://s.ytimg.com/",1.857229544077419]],["hxxps://plusone.google.com/",["hxxps://plusone.google.com/",1.241244702449474,"hxxps://ssl.gstatic.com/",0.5281470911240961]]],"startup_list":[1,"hxxp://cdn.www.easports.com/","hxxp://id.google.com/","hxxp://p5-etcqmcm5466xw-qvn6y5g2umf73cqy-446960-i1-v6exp3-v4.metric.gstatic.com/","hxxp://p5-etcqmcm5466xw-qvn6y5g2umf73cqy-446960-i2-v6exp3-ds.metric.gstatic.com/","hxxp://p5-etcqmcm5466xw-qvn6y5g2umf73cqy-446960-s1-v6exp3-v4.metric.gstatic.com/","hxxp://sp.ask.com/","hxxp://ssl.gstatic.com/","hxxp://websearch.ask.com/","hxxp://www.easports.com/","hxxp://www.google.com/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"alerts":{"initialized":true},"autoupdate":{"last_check":"12994569243900750","next_check":"12995522347596491"},"blacklistupdate":{"lastpingday":"12994498804307750","version":"0.0.0.129"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"],"newtab":["chrome-extension://aaaanijiojpcccpkjdjjmjghddcgcbfj/config/skin/new-tab.html"]},"settings":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"ack_external":true,"active_permissions":{"api":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","plugin","tabs","unlimitedStorage"],"explicit_host":["chrome://favicon/*","hxxp://*/*","hxxps://*/*"],"scriptable_host":["*://*.ask.com/","*://*.bagsbuy.com/*","*://*.childrenschorus.org/*","*://*.csaa.com/*","*://*.facebook.com/*","*://*.google.com/*","*://*.google.com/imgres*","*://*.mercurynews.com/*","*://*.usnews.com/*","*://*.wikipedia.org/*","*://*/*","*://codesearch.google.com/*","*://images.google.com/*"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12993415288035891","location":3,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.23076"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.23076_0","state":1,"update_url_data":""},"aakhlmakppmkkmfkoibponkmmpgpmjgl":{"blacklist":true},"aandpgohbohmlknpjbblpmoladhoochg":{"blacklist":true},"abciiempgohamehppammbkhkicmkgkob":{"blacklist":true},"abfclfmhaemoockhhinpplncjehfpdbd":{"blacklist":true},"acmpfcamncegnhjdeiodgilikjafcamg":{"blacklist":true},"aebfkgcamgnimcbnbiopgdakknjgggnm":{"blacklist":true},"aemcjbfajnnmhblifaejadoecfoaebld":{"blacklist":true},"afenhmponmfmdmbmccbmglppcmjhmhmh":{"blacklist":true},"aglmapjbjphdidmnileogpjkgpdoliep":{"blacklist":true},"agmhonoepgcnakccfpidhjehlocaeaaj":{"blacklist":true},"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"h","page_ordinal":"n"},"ahjfgnikolodijnpakeknpilnemojlhc":{"blacklist":true},"aieglpnmmhleoenpbmfaffppfomgjmba":{"blacklist":true},"aieihijcjcccdiepockaiekhpflicdii":{"blacklist":true},"aifmjmboebdkdelpjenakhaodgneempp":{"blacklist":true},"ajlkjjdbgcjdiklbcomhnfghjigfccoh":{"blacklist":true},"alcbnnpmipohgdllkkglhkbncijplago":{"blacklist":true},"aldalonecchncedclgcndcndgilaclnk":{"blacklist":true},"alfahpoknocfdebmiclonikapcnljlob":{"blacklist":true},"aljdncnajablgppdcfbehhmidlmbndda":{"blacklist":true},"amfgdngndpfldigimkcindjalokfnmem":{"blacklist":true},"amoobcjlpgloocplpikcldcpjjdnoeii":{"blacklist":true},"anmjpohfnlopdfaojooicpemopnliimn":{"blacklist":true},"apdmgffkfhjfeejmbjidennfjdkmmmbl":{"blacklist":true},"aphncaagnlabkeipnbbicmcahnamibgb":{"blacklist":true},"bcddmcejgphfgofbpoocakaeapfomlek":{"blacklist":true},"benclngoadbppljglhphhnfknoppmjoa":{"blacklist":true},"bhdkpmneahdelgdgfhddianklldfoell":{"blacklist":true},"bilgncckogfgfipdlejkffnbkgjkmflh":{"blacklist":true},"bioeopenmokdgbekbgpgnacecjmpckbb":{"blacklist":true},"bjihddggcgnblgojnmhpnngonofbnkaj":{"blacklist":true},"bkhafliomebnpccanacmlfaemgfiofko":{"blacklist":true},"bkkchglolnigbfncnbnnbhhempjkdpkf":{"blacklist":true},"bkplhcigeaiiliajeehehiikokgocbhb":{"blacklist":true},"bldgnkigdcpgnbfehgbameigoohecdfl":{"blacklist":true},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_permissions":{"api":["appNotifications"]},"app_launcher_ordinal":"n","events":["experimental.runtime.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12986266299858537","lastpingday":"12994498803849750","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"en_US","default_locale":"en","description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","name":"YouTube","permissions":["appNotifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.5"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.5_0","state":1},"bndahdijlcnncjbpammoedeapmlobllc":{"blacklist":true},"bnffnggkphadlnoopcoakdnkellnifjp":{"blacklist":true},"boaoagnmpennjoigkkmnjhecapibhfko":{"blacklist":true},"boclfockfmgcppbajihcgajhpggaakgl":{"blacklist":true},"bokkificjhapflinbdejegngffgkcgfe":{"blacklist":true},"caphkimknlmnhpjoneddiaakmcaajagb":{"blacklist":true},"cbbbpmlnlpnjojeplppgeilanlihoojg":{"blacklist":true},"cbbjhegipokkofhhicbckicchjpcpeni":{"blacklist":true},"cdogaeccgljmkecjmoedambgiekkllij":{"blacklist":true},"cekdjgnecpoooikhmceokdhojckkkhmh":{"blacklist":true},"cepfogmgfkddnllaopgknbdfkceejmhk":{"blacklist":true},"cfbdodejdeejbkffcmiaknpmojjeibpn":{"blacklist":true},"cgnegjfmdfenjojhjffejinpnpoglmlh":{"blacklist":true},"cgnkbnaiipmfbakpmhllalggoepniemh":{"blacklist":true},"cihlkpohodpdkdnfalhdkhhlhmhffmbe":{"blacklist":true},"cjhklhdjonhcohlacgggcbklpnldleck":{"blacklist":true},"cjohbbapkbkkhpohinffggbphnhoblea":{"blacklist":true},"ckckpgefkpjfopjppjfcikppehdhceah":{"blacklist":true},"ckphhghhpjbfddcgkpfbelfeojcciglo":{"blacklist":true},"clapnamcglekekmamicmbahkghdcjaeh":{"blacklist":true},"cmjphjljejnfgdbkdgdlclaabimpknna":{"blacklist":true},"cmlokmkdolieoaoddlfhaidnlmiadhik":{"blacklist":true},"coajchbkdbfhmhbgcjepiofllfjjcpfp":{"blacklist":true},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"active_bit":true,"app_launcher_ordinal":"w","events":["experimental.runtime.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12986266300662537","lastpingday":"12994498803849750","location":2,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","name":"Google Search","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.19"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.19_0","state":1},"copjbedljgpkaakkmbhgkpoaadeahido":{"blacklist":true},"cpiiakoibaohkfoaijaigdnocfolnmll":{"blacklist":true},"dadcalgappognjbjpalfophhcfakoeac":{"blacklist":true},"danapgfidmepmcfbjjacceiaiiioieio":{"blacklist":true},"dbanhghadfmjndnjmmejdgfdmgidlbpm":{"blacklist":true},"dbiblcmlcgdjjbdpbmbcpineegngkiip":{"blacklist":true},"dbmdicehacbaohlockjgdglcobimmjkh":{"blacklist":true},"dejippphmhbpgckbhdidnjmdcpfccbaj":{"blacklist":true},"dfafokiagoiocidlpglcanjkcdbdnioi":{"blacklist":true},"dfoegfajplmijblljfancdapbdaopebb":{"blacklist":true},"dgaehaeahdegbdlenicbmkbakhdgoeml":{"blacklist":true},"dgcfmgdfbfbgcpbendbhbkfjppboebed":{"blacklist":true},"dgkemngdheppgohkjjelnkjmdeimmfml":{"blacklist":true},"dhclobcklknojliojkkclgjndemadnig":{"blacklist":true},"diinokaoicgobepmadnmedlhdfnpehcj":{"blacklist":true},"dinhjcapnfbffhiihdlnbdfjdjjfhcbk":{"blacklist":true},"djnahdkbfgnhgpakidinfonfcjbagkgp":{"blacklist":true},"dlobhinihbmedmheccecfnkcadpehmbf":{"blacklist":true},"dmhgenmamfphbclmhdgmffajkfommkom":{"blacklist":true},"dmhjdbigobajgnfoabodjgmcdgoeoljm":{"blacklist":true},"dmkdhgkknhnfpdjeicefnpmhcpbimden":{"blacklist":true},"dnemhlkdpajbbniphgkgceplmnkfnhfo":{"blacklist":true},"doneghboglgnflpdicnkaojmmljgejkj":{"blacklist":true},"dpgenihgggagjjggfocjceeobjkadcbc":{"blacklist":true},"dpmloehicimdjkibmobhmpgdndgbcced":{"blacklist":true},"ebdcdchjcndpjhehacedepnggfdbfkpn":{"blacklist":true},"echngajnlpjeacbanjejlhcajjfoedcc":{"blacklist":true},"edmnikahahfkfilbbjbdoiabnghbkmjc":{"blacklist":true},"efbeabpbbkahnnjalakldjfhljboclkf":{"blacklist":true},"efhjelcghjkfigiagdfbfilndaffpmdj":{"blacklist":true},"efnaljpgehfilpmkhobibbjceeeondmn":{"blacklist":true},"egljdhfnbjahogjahnigfnbpidlmdagi":{"blacklist":true},"ehgoiaffgjoinpkllmmnikghgpghnabc":{"blacklist":true},"ehmjnpjodmgeocfphkjjnheiheehcoid":{"blacklist":true},"ehomcoocpagnlcakcbecdaknmacmedld":{"blacklist":true},"eihjeehdobnpkonebmpanonopghepfle":{"blacklist":true},"eijbdinddjecmebnlienfoijpjjobkjh":{"blacklist":true},"ejijgghlncnaphklndknkbkclebfboca":{"blacklist":true},"ejlekamipdcfcfpgfepjmklllbpeecaj":{"blacklist":true},"elcaigjcaijbfpjngaekbblphmfjdhfo":{"blacklist":true},"eofejpelggimkodeojpeojnbijgiglgh":{"blacklist":true},"eopmhecjnginkckggjmhombbopmkjpam":{"blacklist":true},"epbmnbdplhcomkedpjfceakddnbgfjmf":{"blacklist":true},"fafoohpbicgbcejffcplajonhhooddle":{"blacklist":true},"fbhiehmngojjcmljddjmgpmcockbccmo":{"blacklist":true},"fcfepemfihgibdacjlnlecebknaaepmj":{"blacklist":true},"ffgfbfakpcnngelphjnppokmoicdollk":{"blacklist":true},"fhlkffpjoajppmhcakbkjndbjfljccpi":{"blacklist":true},"fiapkdjniadkodmdibdnchoifkpfoiid":{"blacklist":true},"fibgploapkhokkbncddlkcmbmiengcfp":{"blacklist":true},"fihepkmlkmciffbhijldnpmifhbkiinp":{"blacklist":true},"fjhfnfakmfcejgmfkmnapemgblmehppf":{"blacklist":true},"fjjeecfjmgfnleghoellhldedkaocjfc":{"blacklist":true},"fleljamdchegbjeiipbnmiebnhgheeld":{"blacklist":true},"flmmgcfcpbfddenepkfmgfpbaceolcoe":{"blacklist":true},"fmcccidacjgnfiafddkngmeolkoiihil":{"blacklist":true},"fmonlemffgbabjifjfaoamdflijecdbk":{"blacklist":true},"fngolbdmkneakeaoiieafkilnogbocda":{"blacklist":true},"fnhcgnmfccojojojacgeiaaeacefdohb":{"blacklist":true},"fnkaadkanmfgpfbmdcllhjdgmdbgljpi":{"blacklist":true},"fnnmbghphdnmmjdapccfobgjemjadeli":{"blacklist":true},"fnoadkjdjfgafomgmablhmffooijcfbn":{"blacklist":true},"foenbafkkmajnmfnlcmejonkfaipdmme":{"blacklist":true},"fommcgokigkhmnhlhlkckfjhefnmfohd":{"blacklist":true},"fpbippbofbmgmbojjmgfcifpmdaelcmd":{"blacklist":true},"fpjdackpllilinpkgmhkpidkanmccblc":{"blacklist":true},"fpmajanjndhgpifbcbnklbiehgnpkgmf":{"blacklist":true},"fpoajjnnpmledpmohlgpgbmlhbgkgahg":{"blacklist":true},"fpokembamndopkflopmplkklbdngnknd":{"blacklist":true},"gaicmfjflflabagobdiodejfpjikheeo":{"blacklist":true},"gandihaiobadcggbfkhpbkocmiemjlnf":{"blacklist":true},"gbenikfjhilhpgagllmfgggdjaflbmbi":{"blacklist":true},"gdggdkkjecogagaffaemnbfmllcoihjp":{"blacklist":true},"gekkhpjigmckhgmgngadbeknekgpgolb":{"blacklist":true},"ghgphbmpcfgkfneodjpbdanmdoemklio":{"blacklist":true},"ghmaokcegalalefnhlfcnjhnpdbanjkj":{"blacklist":true},"gifglngcdbggmlgkcombebegdaoknkho":{"blacklist":true},"gjkbghdignnlcknknflbigpammebiolo":{"blacklist":true},"gjmhdmobkhfhkpfmfegnkkimlamjdldi":{"blacklist":true},"gkjeccpmibljcfpfapfljciimedljpnm":{"blacklist":true},"gkjmgdpdndoaiholejnmdbbpdaafahmm":{"blacklist":true},"gmghjgfdialcnhadahmjefeflgnhcjeb":{"blacklist":true},"gnapdhmknipknfmhhnhdmhakdfhgeing":{"blacklist":true},"gncfgndgeoddelbfhlndhljnecoednaa":{"blacklist":true},"gngmkbiihflpghldjnbpemaicedhdddk":{"blacklist":true},"gobjcjhhebpjbmjdgmejhebbleadnceo":{"blacklist":true},"goedioiidkokkbobdnopnlnaaalniegm":{"blacklist":true},"gplgjmecjpbfcdikpbicknafcnfcidek":{"blacklist":true},"hbaajkahagmlkdekmbdabikbopdgpaac":{"blacklist":true},"hbdhabpmbbanaopgkbaondabkkepjfaf":{"blacklist":true},"hbmlheccjkodhfejcmblndjodllmnlnl":{"blacklist":true},"hcapokajkngndbglnfglpfdpoeidmpha":{"blacklist":true},"hcpndbchnlgojmnijaldkicigmihmdca":{"blacklist":true},"hdijkiondgomjpehfhopomicjbiodmcm":{"blacklist":true},"hdnbmmfjbblajkjkcaeofolgfnljpnim":{"blacklist":true},"hecijapnccjhonbmacmkmffooodfokoo":{"blacklist":true},"hefmoncdemhjembgbnkgglhlookbipdc":{"blacklist":true},"hfjpjodbolkmheaehcnmfhjakjileoof":{"blacklist":true},"hfpfbhnmbbig

Share this post


Link to post
Share on other sites
I downloaded AVG for the resident anti-virus after reading from reviews on CNET. I will see about getting the updated Norton Internet Security, but in the meanwhile, what free anti-virus do you like/recommend?

If you look for a new copy of Norton Internet Security, check the holiday sales, you'll likely find it for free after mail-in rebated rebates. Personally, I don't count mail rebates in the cost as it can take so long, and sometimes they never show up. For free antivirus programs you may want to consider, there is Avira Free Antivirus available at http://www.free-av.com, Free avast! at http://www.avast.com/free-antivirus-download, or AVG Anti-Virus Free at http://free.avg.com/us-en/free-downloads, I would recommend them in that order, but any would be a good choice. If you want some information on how they compare to each other, there is information available at AV Comparatives.

 

As you said you uninstalled all Comodo programs, using Windows Exploer, delete the following folder that was left behind:

c:\programdata\Comodo

 

The system is running much smoother, except the printer won't print. It acts like it is printing, audio says "printing started," printer kicks out blank pages, but nothing prints and no pending documents are in the printer queue. Do I need to uninstall and reinstall/re-load onto the computer?

If there is an uninstallable entry for the printer in Control Panel > Programs and Features, I would uninstall it and download the current verison and reinstall it. What is the printer?

 

I see the ESET scan found a few more items. Regardless of what antivirus you have installed as your resident protection, it never hurts to do an occasional scan with a different online scanner. For instance, if you have AVG installed, the online scanners from Kaspersky or ESET, which you just ran, are a good choice, particularly if the system might be as risk, and a system with multiple users can be more at risk that one used by a single person.

 

I see no more malware in your logs, so let's do a bit of cleanup.

 

Go to start > run and copy and paste the next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, implement some cleanup procedures, and reset System Restore points.

 

You can also delete AdwCleaner.exe from your Desktop, and any of the logs as well, along with DDS, SecurityCheck.exe, and the Norton Uninstaller that you no longer need.

 

To help keep malware off your system:

  • Keep Windows updated at Windows Update or Microsoft Update.
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.
  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/winhelp2002/hosts.htm
  • A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacoolsoftware.com/products.html
  • As this is a shared computer, you may want to consider Open DNS Home, a configurable DNS server that allows you to block different categories of information, and will help to protect from phishing sites.
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywareinfoforum.com/index.php?showtopic=60955

 

If you let me know what your printer is I'll look up the current driver for it.

Share this post


Link to post
Share on other sites

Hello Joker,

 

Thank you for pointing me to AV Comparatives (very helpful information) and I'll be on the lookout for sales on Norton Internet Security.

 

I deleted the Comodo folder, and after much mouse clicking, figured out the issue with the printer. On start up, Windows automatically downloaded some printer (it is a Lexmark x2480) stuff, one of which was a driver for the USB composite device for a 32-bit system (?), so I uninstalled all, deleted the download, and re-installed the related current driver and software from the Lexmark website. Then I uninstalled ComboFix and deleted AdwCleaner, DDS, Security Check and related logs. I also uninstalled Hijack This ... now I am thinking you may have wanted me to keep this a bit longer. I apologize if this is the case.

 

Should I keep KSS and ESET? I'd like to leave them as reminders to myself of online scanners to run, knowing I'll have to get and run the most current version at time of use. I updated Windows and other applications through FileHippo (thank you for giving me this!). Hopefully, the teen won't be able to download P2P software now that I've password protected the administrator account (correct?) and gave him his own user account. I'll just have to regularly scan and clean the computer (maybe weekly - in addition to scheduled scans), because the family will no doubt continue clicking on email attachments and links, and my parents only use Internet Explorer and AOL for their email.

 

I greatly appreciate the information you provided to help keep malware off the computer. After reading your article on USB/flash drive safety and Tony Klein's article, I now believe these should be required reading for all computer users! Unfortunately, your link to MVPHOSTS gave me a server error. Would you have a different link to the file or know of safe site from which to download it? I definitely want this file, as well as SpywareGuard, and will look into Open DNS Home.

 

Should I run any final scans or do anything beyond what I just mentioned above? I'll patiently await your response to my questions. You have been so kind to assist me - I wish I could give you some homemade brownies or a dollar to buy yourself the multi-million dollar winning lottery ticket! My thanks and future donation to the forum will simply have to suffice.

 

Auntie Mame

Share this post


Link to post
Share on other sites

I also uninstalled Hijack This ... now I am thinking you may have wanted me to keep this a bit longer. 

No, I should have listed it to remove also, no need for it, and it's not as useful as it used to be.

 

Should I keep KSS and ESET? I'd like to leave them as reminders to myself of online scanners to run,

That's fine, and a good idea. They should update when you run them.

 

Hopefully, the teen won't be able to download P2P software now that I've password protected the administrator account (correct?) and gave him his own user account.

As long as he doesn't get an administrator account (do your parents have an administrator account he might get access to).

 

Unfortunately, your link to MVPHOSTS gave me a server error. Would you have a different link to the file or know of safe site from which to download it?

I fixed the link above (it's also in my signature). The period I had at the end of the line was the problem.

 

I definitely want this file, as well as SpywareGuard

You may want to try SpywareBlaster instead, as it works through settings and doesn't require any memory.

 

Should I run any final scans or do anything beyond what I just mentioned above?

Nothing else to do at this point, you are all through. :thumbup:

 

My thanks and future donation to the forum will simply have to suffice.

And we thank you greatly for that. :D

Share this post


Link to post
Share on other sites

I don't think he has access to an administrator account. The account with which I first posted to this forum was an account my parents had been using. I password-protected it, renamed another account "Ramon-Leticia," and created new user accounts for the teens and a younger grandchild. The Manage Accounts page indicates only 1 Administrator account, with the others as "Standard Users." So, we are good, yes?

 

Again, I thank you (and everyone at this forum) for helping!

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0