Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Babylon.Toolbar, svchost.exe, and others

Started by Auntie Mame, Nov 13 2012 07:23 PM

This topic is locked

13 replies to this topic

#1 Auntie Mame

Member

Full Member
8 posts

Posted 13 November 2012 - 07:23 PM

Hello,

My elderly parents' desktop has become infected with the svchost.exe virus, Babylon.Toolbar and search that appears to go away but does not, and at least one trojan (that I think I got rid of), among others that pop-up. Trying to clean it up, I have read the advice in your forum, as well as forums in Malwarebytes Anti-Malware, bleepingcomputer, and techguy, and ran several scans and removal tools. In between some of these scans, my parents and my teen nephew have continued to use the desktop for their emails, his homework and his music (and who knows what else). Although I have advised them to not open forwarded attachments, they do. At my wits' end, I am now asking for your help.

Here is where I am at now:

- Computer slower than normal in starting up and running.
- Seems as though the mouse onscreen moves on its own.
- I downloaded and ran (in order) Malwarebytes Anti-Malware three times, Spybot Search & Destroy, DDS twice, Kapersky Security Scan once, SSD again, HijackThis, and SSD for the third time. If I was not familiar with a removal/cleanup tool (e.g., HijackThis), I simply ran it and did not fix anything with it.
- In between these scans: I attempted to uninstall Babylon.Toolbar and search, and remove it from Internet Explorer, Chrome, and Firefox. It still lurks on the desktop and in Chrome, though it does not appear in Chrome extensions. I uninstalled Firefox, as I could not remove the Babylon.Toolbar and search from it. I intend on re-installing FF once computer is clean. Also, I disabled auto-run of flash devices. Found some viruses on one flash/usb drive as well. I think I fixed that, but my main focus here is the desktop.
- At least twice when trying to fix problems in SSD, a pop-up noted I could not fix problem since I was not signed in as Administrator. I was.

I would greatly appreciate any help you could give. Logs are attached below.

Auntie Mame

==> MALWAREBYTES ANTI-MALWARE

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ramon :: RAMON-LETICIA [administrator]

10/24/2012 5:12:58 PM
mbam-log-2012-10-24 (17-12-58).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 561866
Time elapsed: 3 hour(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Ramon\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ramon :: RAMON-LETICIA [administrator]

10/24/2012 10:23:03 PM
mbam-log-2012-10-24 (22-23-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 203149
Time elapsed: 8 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ramon :: RAMON-LETICIA [administrator]

10/24/2012 10:31:27 PM
mbam-log-2012-10-24 (22-31-27).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 561562
Time elapsed: 2 hour(s), 49 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

==> SPYBOT SEARCH AND DESTROY - SUMMARY ONLY

First run showed 23 infections. Was unable to fix 15 (or 12?).
Second run showed 15 (or 12?) problems. Was unable to fix 2.
Third run showed 2 problems (both Babylon). Fixed both.

Please read the Instructions and post the other requested logs: DDS and Security Check.
We need the information in order to help you.

Edited by cnm, 13 November 2012 - 07:28 PM.

#2 Auntie Mame

Member

Full Member
8 posts

Posted 13 November 2012 - 07:41 PM

Here are the remainder of the logs:

==> DDS

FIRST DDS LOG
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/3/2010 11:29:28 AM
System Uptime: 10/25/2012 6:14:43 AM (12 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Sempron™ 140 Processor | CPU 1 | 783/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 399.368 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.478 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 466 GiB total, 416.453 GiB free.
.
==== Disabled Device Manager Items =============
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Install Manager
AVG 2011
Bejeweled 2 Deluxe
Blackhawk Striker 2
Bonjour
Build-a-lot 2
CameraHelperMsi
Carbonite Online Backup Setup
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Comodo Dragon
COMODO Internet Security
CyberLink DVD Suite Deluxe
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
DVD Menu Pack for HP MediaSmart Video
erLT
Escape Rosecliff Island
FATE
ffdshow manager
ffdshow v1.2.4422 [2012-04-09]
Final Drive Nitro
FrostWire 5.4.0
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Haali Media Splitter
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
Hulu Desktop
iTunes
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
Lexmark 2400 Series
LightScribe System Software
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
ooVoo
PDF Complete Special Edition
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime amd64
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Toolbars
Skype™ 5.10
Smiley Bar for Facebook
Spybot - Search & Destroy
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Updater Service
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2008 x64 Redistributables
Wheel of Fortune 2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zinio Reader 4
Zuma Deluxe
.
==== End Of File ===========================

SECOND DDS LOG
DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Ramon at 18:09:14 on 2012-10-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1298 [GMT -4:00]
.
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\ProgramData\IBUpdaterService\ibsvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\lxcrcoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe
C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} -
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Smiley Bar for Facebook: {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Program Files (x86)\Smiley Bar for Facebook\ScriptHost.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRunOnce: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{608E1190-54D3-44A5-AAC7-2EDD6D2650D3} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{608E1190-54D3-44A5-AAC7-2EDD6D2650D3} : DHCPNameServer = 65.32.5.111 65.32.5.112
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [LXCRCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXCRtime.dll,RunDLLEntry
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-3-16 37456]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1205000.07D\symds64.sys [2011-1-14 450608]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1205000.07D\symefa64.sys [2011-1-14 802864]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-4-5 377936]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2011-1-25 953904]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2012-3-11 22696]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-3-11 577824]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-3-11 43248]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110203.001\IDSviA64.sys [2011-2-4 476792]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\ironx64.sys [2011-1-14 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1205000.07D\symnets.sys [2011-1-14 382072]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-20 203264]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-9-26 189736]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 IBUpdaterService;Updater Service;C:\ProgramData\IBUpdaterService\ibsvc.exe [2012-10-2 571616]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe [2011-1-14 130000]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-20 635416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-20 6790656]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-20 221184]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-5-27 118864]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-12-14 132656]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-5-14 329952]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-5-14 6465760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-10-20 346144]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-10-20 38456]
S2 CLKMSVC10_C6F09094;CyberLink Product - 2010/10/20 19:52:23;C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-10-20 245232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ffdshow manager;ffdshow manager;C:\ProgramData\ffdshow manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [2012-10-25 1698848]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-25 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-10-25 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-15 250808]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-25 136176]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2010-5-14 271712]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe --> C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-8 1255736]
.
=============== Created Last 30 ================
.
2012-10-25 20:19:28 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-10-25 20:19:28 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-10-24 03:08:31 -------- d-----w- C:\Users\Ramon\AppData\Roaming\Malwarebytes
2012-10-24 03:08:00 -------- d-----w- C:\ProgramData\Malwarebytes
2012-10-24 03:07:59 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-10-24 03:07:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-23 19:35:43 -------- d-----w- C:\Users\Ramon\AppData\Local\Comodo
2012-10-23 18:36:22 -------- d-----w- C:\Program Files\COMODO
2012-10-21 04:22:36 -------- d-----w- C:\Program Files (x86)\COMODO
2012-10-21 04:07:06 -------- d-----w- C:\ProgramData\CPA_VA
2012-10-21 04:00:40 -------- d-----w- C:\ProgramData\Comodo
2012-10-21 04:00:37 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-10-21 03:32:42 163056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-09 19:47:59 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-02 19:23:48 -------- d-----w- C:\Users\Ramon\AppData\Roaming\StatusWinks
2012-10-02 19:22:31 -------- d-----w- C:\Program Files (x86)\Smiley Bar for Facebook
2012-10-02 19:22:26 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-10-02 19:22:26 -------- d-----w- C:\Program Files (x86)\Haali
2012-10-02 19:22:25 -------- d-----w- C:\Program Files (x86)\ffdshow
2012-10-02 19:22:10 -------- d-----w- C:\ProgramData\ffdshow manager
2012-10-02 19:22:05 -------- d-----w- C:\ProgramData\IBUpdaterService
2012-09-26 20:16:18 -------- d-----w- C:\Users\Ramon\FrostWire
2012-09-26 20:16:06 -------- d-----w- C:\Users\Ramon\.frostwire5
2012-09-26 20:15:33 -------- d-----w- C:\Program Files (x86)\FrostWire 5
2012-09-26 20:10:59 -------- d-----w- C:\Users\Ramon\AppData\Local\Apple Computer
2012-09-26 20:10:44 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-26 20:10:00 -------- d-----w- C:\Program Files\iPod
2012-09-26 20:09:59 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-26 20:09:59 -------- d-----w- C:\Program Files\iTunes
2012-09-26 20:09:59 -------- d-----w- C:\Program Files (x86)\iTunes
2012-09-26 20:09:17 -------- d-----w- C:\Users\Ramon\AppData\Local\Apple
2012-09-26 20:07:55 -------- d-----w- C:\Program Files\Bonjour
2012-09-26 20:07:55 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-09-26 01:10:57 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
.
==================== Find3M ====================
.
2012-10-09 21:36:17 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 21:36:17 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
.
============= FINISH: 18:11:54.47 ===============

==>SECURITY CHECK (DDS)

Results of screen317's Security Check version 0.99.53
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
COMODO Antivirus
Norton Internet Security
AVG Anti-Virus Free Edition 2011
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Flash Player 11.4.402.287
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

==> KAPERSKY SECURITY SCAN (KSS)

Detailed report
Problems found
Scanning date:

Database update date:

Product version: 11/04/2012 12:06 PM

11/04/2012 03:04 AM

12.0.1.117 (a)

Computer protection (0)
Information about anti-virus software and firewalls installed on the computer.
Malware (0)
Information about malware detected on the computer.
Vulnerabilities (0)
Information about applications and operating system components in which vulnerabilities have been detected.
Other issues (12)
Information about vulnerabilities associated with the settings of installed applications and the operating system.
"Autorun from hard drives is allowed"
"Autorun from network drives is enabled"
"CD/DVD autorun is enabled"
"Removable media autorun is enabled"
"Windows Explorer - show extensions of known file types"
"Microsoft Internet Explorer: clear history of typed URLs"
"Microsoft Internet Explorer - disable caching data received via protected channel"
"Microsoft Internet Explorer: disable sending error reports"
"Microsoft Internet Explorer: delete cookies"
"Microsoft Internet Explorer: clear the list of trusted domains"
"Windows Explorer: display of known file types extensions is disabled"
"Microsoft Internet Explorer: start page reset"

==> SPYBOT SEARCH AND DESTROY - SUMMARY ONLY

First run showed 2 problems: Babylon Toolbar (2 entries Adware) and DoubleClick (1 entries Browser).
Clicked fix selected problems. Was told I was not an administrator. DoubleClick was fixed.
Second run showed 1 problem: Babylon Toolbar. Again, was told I was not administrator and could not fix.

==> HIJACK THIS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:47:04 PM, on 11/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Logitech\LWS\LU\LULnchr.exe
C:\Program Files (x86)\Logitech\LWS\LU\LogitechUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Seagate\SeagateManager\ManagerApp\UpdateCheck.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Smiley Bar for Facebook - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Program Files (x86)\Smiley Bar for Facebook\ScriptHost.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{608E1190-54D3-44A5-AAC7-2EDD6D2650D3}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{608E1190-54D3-44A5-AAC7-2EDD6D2650D3}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{608E1190-54D3-44A5-AAC7-2EDD6D2650D3}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~3\ffdsho~1\22639~1.201\{16cdf~1\ffdsho~1.dll C:\Windows\SysWOW64\guard32.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: CyberLink Product - 2010/10/20 19:52:23 (CLKMSVC10_C6F09094) - CyberLink - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ffdshow manager - Unknown owner - C:\ProgramData\ffdshow manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\ProgramData\IBUpdaterService\ibsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxcr_device - Unknown owner - C:\Windows\system32\lxcrcoms.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15170 bytes

==> SPYBOT SEARCH AND DESTROY (SSD)

Ran 11/08/2012 12:45 PM
First run showed 23 problems: Babylon.Toolbar (2 entries Adware); CasaleMedia (7 entries Browser); DoubleClick (2 entries Browser);
FastClick (1 entry browser);MediaPlex (4 entries Browser); W3i.IQ5.fraud (1 entry adware); and Zedo (5 entries Browser).
Clicked fix selected problems. Warning pop-up noted: 'This action may not be performed completely since you are not an administrator.
If you want this performed for all users, please run this application elevated as an administrator.' [OK]
Second Warning pop-up noted: 'Some problems couldn't be fized; the reason could be that the associated files are still in use (in
memory). This could be fixed after a restart. May Spybot-S&D run on your next system startup?' [Yes]
Confirmation pop-up noted: '21 problems fixed. 1 problem could not be fixed You should have an administrator scan and fix again!'[OK]
Babylon.Toolbar was not fixed.

#3 TheJoker

Forum Deity

Global Moderator
12,506 posts

Posted 13 November 2012 - 11:00 PM

Hi Auntie Mame, and Welcome to SWI.

I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed.

It sounds like the first thing you need to do is ensure that everyone is logging on with their own account, and that it is NOT an administrator account, but a limited rights account. You should never be using an administrator account for day to day use, its a security risk.

I see this error in your Spybot Search & Destroy log:

'This action may not be performed completely since you are not an administrator.
If you want this performed for all users, please run this application elevated as an administrator.'

You will need to either be logged in on an administrator account or be able to run all the utilities requested as administrator (requires Administrator User ID and password).

The first problem I see is that you have too many antivirus programs installed. It is never recommended to run more than one antivirus program resident, as they can conflict with each other, and you actually end up with less protection, not more. You should decide which you want to keep, and completely uninstall the other. The same guidelines apply for software firewalls, more is not better. For antivirus programs, I see AVG Free 2011 (outdated by two version), Comodo Internet Security (not a program I would ever recommend for their antivirus), Norton Internet Security (both an antivirus and firewall program). The best of all those is Norton Internet Security, but I don't know if it's a current version. From the folder dates it looks like you may have installed Comodo's antivirus as an additional cleaning too.

I would make sure you have only one installed resident antivirus program, and uninstall the others. If Norton Internet Security is updated, I would recommend keeping that as your security software.

The next thing I would do is uninstall a foistware program, and a questionable program.

I recommend you uninstall the questionable Ask Toolbar, (which appears already partially uninstalled by one of the scanners you used). It was likely installed with another program and you didn't see the notice that it was an optional component at the start of the install process. Many programs (even widely known legitimate programs) have toolbars as optional bundled installs these days because they get money from the business relationship. You can read more about Ask.com here.

If you uninstalled the Ask Toolbar as recommended, using Windows Explorer delete the following folder if still found:
C:\Program Files (x86)\Ask.com

Next, I recommend you uninstall Smiley Bar for Facebook. In general, it can be difficult to find a smiley program that isn't infected or adware, and I found little information on this program, which is not a good sign, and there was no information about their site atWorld or Trust.

If you uninstall Smiley Bar for Facebook as recommended, delete the following folders if still found:
C:\Program Files (x86)\Smiley Bar for Facebook
C:\Users\Ramon\AppData\Roaming\StatusWinks

You are running FrostWire. while the program is clean, just because the P2P client is clean, doesn't mean that the files you download are. Many P2P networks are riddled with malware, and it's often some of the most recent and therefore sometimes the most difficult to remove. I would recommend it's removal. Some help sites feel so strongly about it that they won't provide removal assistance unless P2P programs are uninstalled, as the chance of reinfection is so high from P2P downloaded software. Please let me know what you chose to do.

Please download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[R1].txt as well.

Now that you should have only one antivirus program installed, please rerun SecurityCheck that you previously downloaded:

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Download ComboFix© by sUBs from one of these locations:

http://download.blee...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Familiarize yourself with ComboFix before running it:
http://www.bleepingc...to-use-combofix

Disable your AntiVirus and any AntiSpyware programs you may be running (usually via a right click on the System Tray icon) to prevent them from interfering.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. There are some difficult to remove infections that will only be fixed if you have the Recovery Console installed.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware. When finished, it will save a log.
Please include the contents of the log at C:\ComboFix.txt in your next reply, and in a second reply the log from AdwCleaner, the new log from SecurityCheck, and note any errors encountered.

Free Tools for Fighting Malware
Anti-Virus: Avira AntiVir PersonalEdition Classic / AVG Anti-Virus Free / avast! Free Antivirus
OnLine Anti-Virus: BitDefender / ESET / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: Spybot S & D / MVPS HOSTS File / SpywareBlaster
Firewall: ZoneAlarm firewall / Agnitum Outpost Free
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005

#4 Auntie Mame

Member

Full Member
8 posts

Posted 15 November 2012 - 01:31 AM

ComboFix 12-11-14.01 - Ramon 11/15/2012 0:04.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1832 [GMT -5:00]
Running from: c:\users\Ramon\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
F:\Autorun.inf
F:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-15 to 2012-11-15 )))))))))))))))))))))))))))))))
.
.
2012-11-15 05:56 . 2012-11-15 05:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-15 02:30 . 2012-11-15 02:30 -------- d-----w- c:\users\Ramon\AppData\Roaming\AVG2013
2012-11-15 02:26 . 2012-11-15 02:26 -------- d-----w- c:\users\Ramon\AppData\Local\AVG Secure Search
2012-11-15 02:26 . 2012-11-15 02:26 -------- d-----w- c:\users\Ramon\AppData\Roaming\TuneUp Software
2012-11-15 02:25 . 2012-11-15 02:25 -------- d-----w- c:\programdata\AVG Secure Search
2012-11-15 02:25 . 2012-11-15 02:24 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-15 02:24 . 2012-11-15 02:25 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-11-15 02:24 . 2012-11-15 02:25 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-11-15 02:19 . 2012-11-15 02:27 -------- d-----w- c:\programdata\AVG2013
2012-11-15 01:59 . 2012-11-15 01:59 -------- d-----w- c:\users\Ramon\AppData\Local\Avg2013
2012-11-15 01:59 . 2012-11-15 01:59 -------- d-----w- c:\users\Ramon\AppData\Local\MFAData
2012-11-14 23:48 . 2012-11-14 23:48 -------- d-----w- c:\users\Ramon\AppData\Local\Symantec
2012-11-05 22:44 . 2012-11-05 22:44 388096 ----a-r- c:\users\Ramon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-05 22:44 . 2012-11-05 22:44 -------- d-----w- c:\program files (x86)\Trend Micro
2012-11-04 17:25 . 2012-11-04 17:25 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-10-27 01:25 . 2012-10-27 01:25 -------- d-----w- c:\windows\SysWow64\Extensions
2012-10-27 01:25 . 2012-10-27 01:25 -------- d-----w- c:\windows\SysWow64\searchplugins
2012-10-25 23:23 . 2012-10-25 23:23 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-25 23:23 . 2012-10-25 23:23 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-10-25 20:19 . 2012-10-25 21:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-10-25 20:19 . 2012-10-25 21:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-24 03:08 . 2012-10-24 03:08 -------- d-----w- c:\users\Ramon\AppData\Roaming\Malwarebytes
2012-10-24 03:08 . 2012-11-08 05:14 -------- d-----w- c:\programdata\Malwarebytes
2012-10-24 03:07 . 2012-10-24 03:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-24 03:07 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-21 04:07 . 2012-10-21 04:07 -------- d-----w- c:\programdata\CPA_VA
2012-10-21 04:00 . 2012-11-14 23:53 -------- d-----w- c:\programdata\Comodo
2012-10-21 04:00 . 2012-10-21 04:00 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-10-21 03:32 . 2012-10-21 03:32 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 21:11 . 2011-06-17 19:04 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-09 21:36 . 2012-07-15 19:06 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 21:36 . 2011-06-26 01:25 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 08:30 . 2012-10-02 08:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-21 08:46 . 2012-09-21 08:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 08:46 . 2012-09-21 08:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-09-14 19:19 . 2012-10-09 19:47 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-09 19:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-14 08:05 . 2012-09-14 08:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-08-31 18:19 . 2012-10-09 19:48 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-09 19:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-09 19:48 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-09 19:48 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-24 18:05 . 2012-10-09 19:47 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-09 19:47 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-22 03:00 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 03:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 03:01 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 03:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 03:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 03:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 03:01 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 03:00 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 03:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 03:00 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 03:00 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 03:00 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 03:01 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 03:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 03:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 03:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 03:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 03:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 03:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 03:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 03:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 03:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 16:17 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 16:17 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 16:17 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 16:17 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 01:10 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 17:01 . 2012-09-26 20:10 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-08-21 17:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-08-21 17:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 18:48 . 2012-10-09 19:48 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-09 19:48 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-09 19:48 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-09 19:48 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-09 19:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-09 19:48 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-09 19:48 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-09 19:48 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-09 19:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-09 19:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-09 19:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-09 19:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-09 19:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-09 19:48 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-09 19:48 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-15 02:24 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll" [2012-11-15 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-26 39408]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-15 997320]
"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-11-15 1020512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\ffdsho~1\22639~1.201\{16cdf~1\ffdsho~1.dll c:\progra~3\ffdsho~1\22639~1.201\{16cdf~1\ffdshowmngr.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
R2 CLKMSVC10_C6F09094;CyberLink Product - 2010/10/20 19:52;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-06-30 245232]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-08 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-15 30568]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ffdshow manager;ffdshow manager;c:\programdata\ffdshow manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [2012-10-25 1698848]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-15 711112]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-05-14 329952]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-05-14 6465760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_C6F09094
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 21:36]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 01:24]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 01:24]
.
2012-10-20 c:\windows\Tasks\HPCeeScheduleForRamon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll" [2006-02-24 30720]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{608E1190-54D3-44A5-AAC7-2EDD6D2650D3}: NameServer = 8.26.56.26,156.154.70.22
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-AVG_TRAY - c:\program files (x86)\AVG\AVG10\avgtray.exe
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-15 01:21:33
ComboFix-quarantined-files.txt 2012-11-15 06:21
.
Pre-Run: 429,008,822,272 bytes free
Post-Run: 428,909,871,104 bytes free
.
- - End Of File - - 0291687F689F79EB4489DF6250FF7A8D

Edited by Auntie Mame, 15 November 2012 - 01:32 AM.

#5 Auntie Mame

Member

Full Member
8 posts

Posted 15 November 2012 - 01:52 AM

The Joker,

Thank you for your kind welcome. First, I created new user accounts, and with the Administrator account, changed the name and added a password. As administrator, I tried to uninstall Norton Internet Security (it was not updated, but uninstall did not work), uninstalled all Comodo programs (it was for additonal cleaning), and downloaded AVG Anti-Virus Free 2013 to be the resident anti-virus program. My attempt to uninstall the Ask Toolbar gave me this error message:

Error 1316. A network error occurred while attempting to
read from the file C:\Windows\Installer\AskToolbar.msi

and the program was not removed from the program list in the control panel. Uninstalled Smiley Bar for Facebook and FrostWire. Later, after running AdwCleaner and SecurityCheck (logs attached below, it popped in my brilliant mind to use symantec's Norton Removal Tool to completely remove Norton. Done. Then I re-ran SecurityCheck. Log attached below.

I downloaded and ran ComboFix. Log attached in another reply. I did not see any prompts regarding Microsoft Windows Recovery Console. Nor could I locate, and thus do not know if I have the, Windows 7 System Recovery Environment. I appreciate your help!

# AdwCleaner v2.007 - Logfile created 11/14/2012 at 21:49:32
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ramon - RAMON-LETICIA
# Boot Mode : Normal
# Running from : C:\Users\Ramon\Downloads\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\IBUpdaterService
Folder Found : C:\Users\Ramon\AppData\Local\APN
Folder Found : C:\Users\Ramon\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Ramon\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Ramon\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Ramon\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\bProtector
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\bProtector
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKU\S-1-5-21-997291780-1119377360-3724968778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-997291780-1119377360-3724968778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D0F4A166-B8D4-48b8-9D63-80849FE137CB}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.1] : icon_url ={"backup":{"_signature":"gM0R5WbX/apkjfAyrD7crq41O1h9aJ7lCwE/NqbW4fA=","_version":4,"extensions":{"ids":["aaaanijiojpcccpkjdjjmjghddcgcbfj","ahfgeienlihckogmohjhadlkjgocpleb","blpcfgokakmgnkcojhhkbfbldkacnbeo","coobgpohoikkiipiblmjeljniedjpjpf","hgojaaaiddhmiiakpejiklijbalpckih","jmfkcklnlgedgbglfkkgedjfmejoahla","pjkljhegncpnkpknbcohdijeoejaedia"],"settings":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"ndibdjnfmopecpmkdieinmbadjfpblof":{"location":1,"manifest":{"background_page":"content/background.html","browser_action":{"default_icon":"content/icons/avg_icon_16.png","default_title":"AVG Do Not Track"},"chrome_url_overrides":{"newtab":"content/redirect.html"},"content_scripts":[{"all_frames":true,"js":["content/js/content.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"js":["content/js/ntinject.js"],"matches":["hxxp://toolbar.avg.com/*"]}],"default_locale":"en","description":"AVG Secure Search","icons":{"128":"content/icons/128-AVG-logo.png","16":"content/icons/16-AVG-logo.png","48":"content/icons/48-AVG-logo.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQAB","name":"AVG Secure Search","options_page":"content/options.html","permissions":["tabs","plugin","webRequest","webRequestBlocking","hxxp://*/*","hxxps://*/*","hxxp://dnt.cloud.avg.com/","hxxp://dntf.cloud.avg.com/"],"version":"13.2.0.4"},"path":"ndibdjnfmopecpmkdieinmbadjfpblof\\13.2.0.4","state":0},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"hgojaaaiddhmiiakpejiklijbalpckih":{"location":1,"manifest":{"background":{"page":"background.html"},"content_scripts":[{"all_frames":false,"js":["ci.content.pack.js","content.js"],"matches":["<all_urls>"],"run_at":"document_start"},{"all_frames":false,"js":["ci.browser.helper.js"],"matches":["<all_urls>"],"run_at":"document_end"}],"description":"Add Smileys to Facebook Chat","homepage_url":"hxxp://www.statuswinks.com/","icons":{"128":"icon128.png","16":"icon16.png","48":"icon48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1jsAQ41OnoYhcGAqBDS8kBfewrqtzggICVCuEcyjE+aa+/8YI5ibjJon6ZOLZ2L2qyEBXZN5U+pR7Sq+1VxiVtWOEyf7l7GVDRoeSfhKelQgKPM0uKK/EPszhzJKlgTXWzY3E3IsKRG3dbBqXpySRq2sV6pgYSBhdCyfZIVx6EwIDAQAB","manifest_version":2,"name":"Smiley Bar for Facebook","permissions":["tabs","webNavigation","<all_urls>"],"update_url":"hxxp://dd50w6dldw3pf.cloudfront.net/statuswinks/chrome/update.xml","version":"1.0.0.0"},"path":"hgojaaaiddhmiiakpejiklijbalpckih\\1.0.0.0","state":0}}},"homepage":"hxxp://search.babylon.com/?affID=115851&tt=021012_IKAN_4012_8&babsrc=HP_ss&mntrId=9c675ee6000000000000643150210246","homepage_is_newtabpage":false,"session":{"restore_on_startup":5,"urls_to_restore_on_startup":["hxxp://search.babylon.com/?affID=115851&tt=021012_IKAN_4012_8&babsrc=HP_ss&mntrId=9c675ee6000000000000643150210246"]}},"browser":{"check_default_browser":true,"clear_lso_data_enabled":true,"last_known_google_url":"hxxp://www.google.com/","last_prompted_google_url":"hxxp://www.google.com/","pepper_flash_settings_enabled":true,"window_placement":{"bottom":852,"left":43,"maximized":true,"right":1158,"top":42,"work_area_bottom":860,"work_area_left":0,"work_area_right":1600,"work_area_top":0}},"cloud_print":{"email":""},"countryid_at_install":21843,"default_apps_install_state":1,"default_search_provider":{"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.ico","id":"2","instant_url":"{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&ie={inputEncoding}{google:instantEnabledParameter}{searchTerms}","keyword":"google.com","name":"Google","prepopulate_id":"1","search_url":"{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}","suggest_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}"},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":true,"show_welcome_page":true,"skip_first_run_ui":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://ad.doubleclick.net/",["hxxp://s0.2mdn.net/",2.27338020]],["hxxp://ad.turn.com/",["hxxp://cdn.turn.com/",2.319614810014193]],["hxxp://ads.pubmatic.com/",["hxxp://ad.turn.com/",2.319614810014193,"hxxp://adadvisor.net/",2.613894300836889,"hxxp://aud.pubmatic.com/",2.908173791659586,"hxxp://ib.adnxs.com/",2.319614810014193,"hxxp://idpix.media6degrees.com/",2.319614810014193,"hxxp://image2.pubmatic.com/",3.496732773304977,"hxxp://pixel.quantserve.com/",2.025335319191497,"hxxp://pixel.rubiconproject.com/",2.025335319191497,"hxxp://sync.mathtag.com/",2.319614810014193,"hxxp://www.adadvisor.net/",2.025335319191497]],["hxxp://blogs.computerworld.com/",["hxxp://a0.twimg.com/",4.585621599999999,"hxxp://idg-computerworldblogs.disqus.com/",2.60370040,"hxxp://images.industrybrains.com/",3.594660999999999,"hxxp://mediacdn.disqus.com/",6.897862999999998,"hxxp://now.eloqua.com/",3.264340799999999,"hxxp://ping.chartbeat.net/",2.27338020,"hxxp://static.chartbeat.com/",2.27338020,"hxxp://w.sharethis.com/",4.585621599999999,"hxxp://www.computerworld.com/",12.381310448080,"hxxp://www.facebook.com/",4.585621599999999]],["hxxp://cdn.assets.gorillanation.com/",["hxxp://analytics.springboardvideo.com/",2.025335319191497,"hxxp://analytics.stg.springboardvideo.com/",2.025335319191497,"hxxp://b.scorecardresearch.com/",2.319614810014193,"hxxp://cdn.springboard.gorillanation.com/",2.319614810014193,"hxxp://cms.springboard.gorillanation.com/",2.319614810014193,"hxxp://si-general.springboardplatform.com/",2.025335319191497,"hxxp://streaming.springboardvideo.com/",2.319614810014193,"hxxp://webservices.evolvemediacorp.com/",2.025335319191497,"hxxp://www.google.com/",2.613894300836889,"hxxp://www.springboardplatform.com/",3.202453282482282]],["hxxp://cdn.turn.com/",["hxxp://image2.pubmatic.com/",2.025335319191497]],["hxxp://core.saymedia.com/",["hxxp://b.scorecardresearch.com/",1.151398295090829,"hxxp://pixel.quantserve.com/",1.151398295090829,"hxxp://tag.admeld.com/",2.025335319191497]],["hxxp://ct1.addthis.com/",["hxxp://adx.adnxs.com/",2.025335319191497,"hxxp://aidps.atdmt.com/",2.025335319191497,"hxxp://cspix.media6degrees.com/",2.025335319191497,"hxxp://ds.addthis.com/",2.025335319191497,"hxxp://ds.reson8.com/",2.319614810014193,"hxxp://ib.adnxs.com/",0.3857109649737093,"hxxp://m.addthisedge.com/",0.8618217694195256,"hxxp://segment-pixel.invitemedia.com/",0.07084425480575195,"hxxp://sync.mathtag.com/",2.025335319191497,"hxxp://view.atdmt.com/",0.07084425480575195]],["hxxp://d.xp1.ru4.com/",["hxxp://d.xp1.ru4.com/",2.025335319191497,"hxxp://hxxp.content.ru4.com/",2.319614810014193,"hxxp://idsync.rlcdn.com/",2.319614810014193,"hxxp://image2.pubmatic.com/",2.025335319191497,"hxxp://loadm.exelator.com/",2.025335319191497,"hxxp://m.xp1.ru4.com/",2.319614810014193,"hxxp://pixel.exelator.com/",2.025335319191497,"hxxp://r.nexac.com/",2.025335319191497,"hxxp://r.openx.net/",2.319614810014193,"hxxp://tags.bluekai.com/",2.025335319191497]],["hxxp://dan-ball.jp/",["hxxp://dan-ball.jp/",7.852488223133726,"hxxp://pagead2.googlesyndication.com/",1.151398295090829,"hxxp://www.google-analytics.com/",1.151398295090829]],["hxxp://edge.sharethis.com/",["hxxp://edge.sharethis.com/",2.27338020,"hxxp://w.sharethis.com/",2.60370040]],["hxxp://google.com/",["hxxp://www.google.com/",2.066525344788971]],["hxxp://googleads.g.doubleclick.net/",["hxxp://amch.questionmarket.com/",0.08351555225096762,"hxxp://cheetah.vizu.com/",0.9001873533091516,"hxxp://googleads.g.doubleclick.net/",2.319614810014193,"hxxp://i1.ytimg.com/",0.3077220011432548,"hxxp://pagead2.googlesyndication.com/",0.6826697905252139,"hxxp://puma.vizu.com/",1.19642002939210,"hxxp://s0.2mdn.net/",0.3353495960346131,"hxxp://www.google.com/",2.319614810014193,"hxxp://www.gstatic.com/",0.9001873533091516,"hxxps://googleads.g.doubleclick.net/",2.319614810014193]],["hxxp://i.notdoppler.com/",["hxxp://gd31b7d91cc574d63.api.playtomic.com/",2.025335319191497]],["hxxp://ipchicken.com/",["hxxp://ipchicken.com/",4.426065477271901,"hxxp://pagead2.googlesyndication.com/",1.804354218957534,"hxxp://www.google-analytics.com/",2.066525344788971,"hxxp://www.kqzyfj.com/",1.804354218957534,"hxxp://www.yceml.net/",1.804354218957534]],["hxxp://mediacdn.disqus.com/",["hxxp://b.scorecardresearch.com/",1.320604615120,"hxxp://mediacdn.disqus.com/",2.27338020]],["hxxp://news.google.com/",["hxxp://csi.gstatic.com/",1.857229544077419,"hxxp://i.ytimg.com/",3.746206601728809,"hxxp://news.google.com/",1.857229544077419,"hxxp://nt0.ggpht.com/",3.476352736350040,"hxxp://nt1.ggpht.com/",4.555768197865120,"hxxp://nt2.ggpht.com/",4.555768197865120,"hxxp://nt3.ggpht.com/",5.365329794001430,"hxxp://ssl.gstatic.com/",2.666791140213729,"hxxp://www.gstatic.com/",2.666791140213729,"hxxps://plusone.google.com/",2.127083409456189]],["hxxp://puma.vizu.com/",["hxxp://cheetah.vizu.com/",1.151398295090829,"hxxp://puma.vizu.com/",1.151398295090829]],["hxxp://seg.sharethis.com/",["hxxp://b.scorecardresearch.com/",2.27338020]],["hxxp://support.google.com/",["hxxp://fonts.googleapis.com/",2.084686339270529,"hxxp://support.google.com/",3.599202055834588,"hxxp://www.google.com/",3.296298912521777,"hxxps://plusone.google.com/",2.084686339270529]],["hxxp://tap2-cdn.rubiconproject.com/",["hxxp://d.agkn.com/",1.967674022654115,"hxxp://ib.adnxs.com/",2.253575376373089,"hxxp://image2.pubmatic.com/",1.967674022654115,"hxxp://match.adsrvr.org/",2.253575376373089,"hxxp://matcher-pbm.bidder7.mookie1.com/",1.967674022654115,"hxxp://matcher-rbc.bidder7.mookie1.com/",2.253575376373089,"hxxp://matcher.bidder8.mookie1.com/",2.253575376373089,"hxxp://p.rightaction.com/",2.539476730092063,"hxxp://pixel.rubiconproject.com/",2.253575376373089,"hxxp://rc.rlcdn.com/",2.253575376373089]],["hxxp://view.atdmt.com/",["hxxp://b.scorecardresearch.com/",2.27338020,"hxxp://b.voicefive.com/",1.320604615120,"hxxp://core.insightexpressai.com/",1.981245015120,"hxxp://rmd.atdmt.com/",0.990284415120]],["hxxp://webservices.evolvemediacorp.com/",["hxxp://cdn.assets.gorillanation.com/",2.319614810014193,"hxxp://webservices.evolvemediacorp.com/",3.791012264127673,"hxxp://www.google-analytics.com/",2.613894300836889]],["hxxp://www.alumniclass.com/",["hxxp://www.alumniclass.com/",10.53138520,"hxxp://www.google-analytics.com/",2.60370040]],["hxxp://www.ask.com/",["hxxp://ak.imgfarm.com/",2.27338020,"hxxp://b.scorecardresearch.com/",2.60370040,"hxxp://img.youtube.com/",2.27338020,"hxxp://sp.ask.com/",6.567542799999998,"hxxp://tbr.ask.com/",2.27338020,"hxxp://www.ask.com/",7.228183199999998,"hxxp://www.google-analytics.com/",2.60370040,"hxxp://wzpo1.ask.com/",2.60370040]],["hxxp://www.easports.com/",["hxxp://cdn.content.easports.com/",4.585621599999999,"hxxp://cdn.www.easports.com/",9.870744799999997,"hxxp://dnn506yrbagrg.cloudfront.net/",2.27338020,"hxxp://eaeacom.112.2o7.net/",2.60370040,"hxxp://resources.ea.com/",2.60370040,"hxxp://www.easports.com/",11.52234580,"hxxp://www.gaiaflashframework.com/",2.27338020,"hxxp://www.google-analytics.com/",2.93402060]],["hxxp://www.facebook.com/",["hxxp://static.ak.fbcdn.net/",0.8243654771309440]],["hxxp://www.frostwire.com/",["hxxp://static.frostwire.com/",7.985144776013998,"hxxp://www.google-analytics.com/",2.5295730496120,"hxxps://apis.google.com/",2.5295730496120,"hxxps://ssl.gstatic.com/",2.2086570657060]],["hxxp://www.google.com/",["hxxp://id.google.com/",0.4313678912262720,"hxxp://lh4.googleusercontent.com/",0.65358771397920,"hxxp://news.google.com/",0.65358771397920,"hxxp://p5-jw2y3q2ant4ta-exsacsz3lrzhy2jr-582265-i1-v6exp3-v4.metric.gstatic.com/",0.65358771397920,"hxxp://p5-jw2y3q2ant4ta-exsacsz3lrzhy2jr-582265-i2-v6exp3-ds.metric.gstatic.com/",0.65358771397920,"hxxp://ssl.gstatic.com/",0.3465408968816255,"hxxp://www.google.com/",2.748303444257430]],["hxxp://www.notdoppler.com/",["hxxp://ads.intergi.com/",2.613894300836889,"hxxp://adserver.adtechus.com/",2.319614810014193,"hxxp://beacon.saymedia.com/",3.791012264127673,"hxxp://core.saymedia.com/",2.613894300836889,"hxxp://ct1.addthis.com/",2.613894300836889,"hxxp://i.notdoppler.com/",14.53144202176024,"hxxp://pagead2.googlesyndication.com/",2.025335319191497,"hxxp://pixel.quantserve.com/",2.319614810014193,"hxxp://www.notdoppler.com/",4.673850736595761,"hxxps://plusone.google.com/",2.319614810014193]],["hxxp://www.pfaff.com/",["hxxp://www.google-analytics.com/",2.189416085407748,"hxxp://www.pfaff.com/",4.967033507193693]],["hxxp://www.springboardplatform.com/",["hxxp://analytics.springboardvideo.com/",2.025335319191497,"hxxp://analytics.stg.springboardvideo.com/",2.025335319191497,"hxxp://streaming.springboardvideo.com/",2.908173791659586]],["hxxp://www.verdugohs.org/",["hxxp://counter.edlio.com/",1.538615947120,"hxxp://www.verdugohs.org/",55.99057963632034,"hxxps://www.paypalobjects.com/",2.230834958240]],["hxxp://www.youtube.com/",["hxxp://s.ytimg.com/",1.857229544077419]],["hxxps://plusone.google.com/",["hxxps://plusone.google.com/",1.241244702449474,"hxxps://ssl.gstatic.com/",0.5281470911240961]]],"startup_list":[1,"hxxp://cdn.www.easports.com/","hxxp://id.google.com/","hxxp://p5-etcqmcm5466xw-qvn6y5g2umf73cqy-446960-i1-v6exp3-v4.metric.gstatic.com/","hxxp://p5-etcqmcm5466xw-qvn6y5g2umf73cqy-446960-i2-v6exp3-ds.metric.gstatic.com/","hxxp://p5-etcqmcm5466xw-qvn6y5g2umf73cqy-446960-s1-v6exp3-v4.metric.gstatic.com/","hxxp://sp.ask.com/","hxxp://ssl.gstatic.com/","hxxp://websearch.ask.com/","hxxp://www.easports.com/","hxxp://www.google.com/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"alerts":{"initialized":true},"autoupdate":{"last_check":"12994569243900750","next_check":"12995522347596491"},"blacklistupdate":{"lastpingday":"12994498804307750","version":"0.0.0.129"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"],"newtab":["chrome-extension://aaaanijiojpcccpkjdjjmjghddcgcbfj/config/skin/new-tab.html"]},"settings":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"ack_external":true,"active_permissions":{"api":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","plugin","tabs","unlimitedStorage"],"explicit_host":["chrome://favicon/*","hxxp://*/*","hxxps://*/*"],"scriptable_host":["*://*.ask.com/","*://*.bagsbuy.com/*","*://*.childrenschorus.org/*","*://*.csaa.com/*","*://*.facebook.com/*","*://*.google.com/*","*://*.google.com/imgres*","*://*.mercurynews.com/*","*://*.usnews.com/*","*://*.wikipedia.org/*","*://*/*","*://codesearch.google.com/*","*://images.google.com/*"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12993415288035891","location":3,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.23076"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.23076_0","state":1,"update_url_data":""},"aakhlmakppmkkmfkoibponkmmpgpmjgl":{"blacklist":true},"aandpgohbohmlknpjbblpmoladhoochg":{"blacklist":true},"abciiempgohamehppammbkhkicmkgkob":{"blacklist":true},"abfclfmhaemoockhhinpplncjehfpdbd":{"blacklist":true},"acmpfcamncegnhjdeiodgilikjafcamg":{"blacklist":true},"aebfkgcamgnimcbnbiopgdakknjgggnm":{"blacklist":true},"aemcjbfajnnmhblifaejadoecfoaebld":{"blacklist":true},"afenhmponmfmdmbmccbmglppcmjhmhmh":{"blacklist":true},"aglmapjbjphdidmnileogpjkgpdoliep":{"blacklist":true},"agmhonoepgcnakccfpidhjehlocaeaaj":{"blacklist":true},"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"h","page_ordinal":"n"},"ahjfgnikolodijnpakeknpilnemojlhc":{"blacklist":true},"aieglpnmmhleoenpbmfaffppfomgjmba":{"blacklist":true},"aieihijcjcccdiepockaiekhpflicdii":{"blacklist":true},"aifmjmboebdkdelpjenakhaodgneempp":{"blacklist":true},"ajlkjjdbgcjdiklbcomhnfghjigfccoh":{"blacklist":true},"alcbnnpmipohgdllkkglhkbncijplago":{"blacklist":true},"aldalonecchncedclgcndcndgilaclnk":{"blacklist":true},"alfahpoknocfdebmiclonikapcnljlob":{"blacklist":true},"aljdncnajablgppdcfbehhmidlmbndda":{"blacklist":true},"amfgdngndpfldigimkcindjalokfnmem":{"blacklist":true},"amoobcjlpgloocplpikcldcpjjdnoeii":{"blacklist":true},"anmjpohfnlopdfaojooicpemopnliimn":{"blacklist":true},"apdmgffkfhjfeejmbjidennfjdkmmmbl":{"blacklist":true},"aphncaagnlabkeipnbbicmcahnamibgb":{"blacklist":true},"bcddmcejgphfgofbpoocakaeapfomlek":{"blacklist":true},"benclngoadbppljglhphhnfknoppmjoa":{"blacklist":true},"bhdkpmneahdelgdgfhddianklldfoell":{"blacklist":true},"bilgncckogfgfipdlejkffnbkgjkmflh":{"blacklist":true},"bioeopenmokdgbekbgpgnacecjmpckbb":{"blacklist":true},"bjihddggcgnblgojnmhpnngonofbnkaj":{"blacklist":true},"bkhafliomebnpccanacmlfaemgfiofko":{"blacklist":true},"bkkchglolnigbfncnbnnbhhempjkdpkf":{"blacklist":true},"bkplhcigeaiiliajeehehiikokgocbhb":{"blacklist":true},"bldgnkigdcpgnbfehgbameigoohecdfl":{"blacklist":true},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_permissions":{"api":["appNotifications"]},"app_launcher_ordinal":"n","events":["experimental.runtime.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12986266299858537","lastpingday":"12994498803849750","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"en_US","default_locale":"en","description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","name":"YouTube","permissions":["appNotifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.5"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.5_0","state":1},"bndahdijlcnncjbpammoedeapmlobllc":{"blacklist":true},"bnffnggkphadlnoopcoakdnkellnifjp":{"blacklist":true},"boaoagnmpennjoigkkmnjhecapibhfko":{"blacklist":true},"boclfockfmgcppbajihcgajhpggaakgl":{"blacklist":true},"bokkificjhapflinbdejegngffgkcgfe":{"blacklist":true},"caphkimknlmnhpjoneddiaakmcaajagb":{"blacklist":true},"cbbbpmlnlpnjojeplppgeilanlihoojg":{"blacklist":true},"cbbjhegipokkofhhicbckicchjpcpeni":{"blacklist":true},"cdogaeccgljmkecjmoedambgiekkllij":{"blacklist":true},"cekdjgnecpoooikhmceokdhojckkkhmh":{"blacklist":true},"cepfogmgfkddnllaopgknbdfkceejmhk":{"blacklist":true},"cfbdodejdeejbkffcmiaknpmojjeibpn":{"blacklist":true},"cgnegjfmdfenjojhjffejinpnpoglmlh":{"blacklist":true},"cgnkbnaiipmfbakpmhllalggoepniemh":{"blacklist":true},"cihlkpohodpdkdnfalhdkhhlhmhffmbe":{"blacklist":true},"cjhklhdjonhcohlacgggcbklpnldleck":{"blacklist":true},"cjohbbapkbkkhpohinffggbphnhoblea":{"blacklist":true},"ckckpgefkpjfopjppjfcikppehdhceah":{"blacklist":true},"ckphhghhpjbfddcgkpfbelfeojcciglo":{"blacklist":true},"clapnamcglekekmamicmbahkghdcjaeh":{"blacklist":true},"cmjphjljejnfgdbkdgdlclaabimpknna":{"blacklist":true},"cmlokmkdolieoaoddlfhaidnlmiadhik":{"blacklist":true},"coajchbkdbfhmhbgcjepiofllfjjcpfp":{"blacklist":true},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"active_bit":true,"app_launcher_ordinal":"w","events":["experimental.runtime.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12986266300662537","lastpingday":"12994498803849750","location":2,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","name":"Google Search","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.19"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.19_0","state":1},"copjbedljgpkaakkmbhgkpoaadeahido":{"blacklist":true},"cpiiakoibaohkfoaijaigdnocfolnmll":{"blacklist":true},"dadcalgappognjbjpalfophhcfakoeac":{"blacklist":true},"danapgfidmepmcfbjjacceiaiiioieio":{"blacklist":true},"dbanhghadfmjndnjmmejdgfdmgidlbpm":{"blacklist":true},"dbiblcmlcgdjjbdpbmbcpineegngkiip":{"blacklist":true},"dbmdicehacbaohlockjgdglcobimmjkh":{"blacklist":true},"dejippphmhbpgckbhdidnjmdcpfccbaj":{"blacklist":true},"dfafokiagoiocidlpglcanjkcdbdnioi":{"blacklist":true},"dfoegfajplmijblljfancdapbdaopebb":{"blacklist":true},"dgaehaeahdegbdlenicbmkbakhdgoeml":{"blacklist":true},"dgcfmgdfbfbgcpbendbhbkfjppboebed":{"blacklist":true},"dgkemngdheppgohkjjelnkjmdeimmfml":{"blacklist":true},"dhclobcklknojliojkkclgjndemadnig":{"blacklist":true},"diinokaoicgobepmadnmedlhdfnpehcj":{"blacklist":true},"dinhjcapnfbffhiihdlnbdfjdjjfhcbk":{"blacklist":true},"djnahdkbfgnhgpakidinfonfcjbagkgp":{"blacklist":true},"dlobhinihbmedmheccecfnkcadpehmbf":{"blacklist":true},"dmhgenmamfphbclmhdgmffajkfommkom":{"blacklist":true},"dmhjdbigobajgnfoabodjgmcdgoeoljm":{"blacklist":true},"dmkdhgkknhnfpdjeicefnpmhcpbimden":{"blacklist":true},"dnemhlkdpajbbniphgkgceplmnkfnhfo":{"blacklist":true},"doneghboglgnflpdicnkaojmmljgejkj":{"blacklist":true},"dpgenihgggagjjggfocjceeobjkadcbc":{"blacklist":true},"dpmloehicimdjkibmobhmpgdndgbcced":{"blacklist":true},"ebdcdchjcndpjhehacedepnggfdbfkpn":{"blacklist":true},"echngajnlpjeacbanjejlhcajjfoedcc":{"blacklist":true},"edmnikahahfkfilbbjbdoiabnghbkmjc":{"blacklist":true},"efbeabpbbkahnnjalakldjfhljboclkf":{"blacklist":true},"efhjelcghjkfigiagdfbfilndaffpmdj":{"blacklist":true},"efnaljpgehfilpmkhobibbjceeeondmn":{"blacklist":true},"egljdhfnbjahogjahnigfnbpidlmdagi":{"blacklist":true},"ehgoiaffgjoinpkllmmnikghgpghnabc":{"blacklist":true},"ehmjnpjodmgeocfphkjjnheiheehcoid":{"blacklist":true},"ehomcoocpagnlcakcbecdaknmacmedld":{"blacklist":true},"eihjeehdobnpkonebmpanonopghepfle":{"blacklist":true},"eijbdinddjecmebnlienfoijpjjobkjh":{"blacklist":true},"ejijgghlncnaphklndknkbkclebfboca":{"blacklist":true},"ejlekamipdcfcfpgfepjmklllbpeecaj":{"blacklist":true},"elcaigjcaijbfpjngaekbblphmfjdhfo":{"blacklist":true},"eofejpelggimkodeojpeojnbijgiglgh":{"blacklist":true},"eopmhecjnginkckggjmhombbopmkjpam":{"blacklist":true},"epbmnbdplhcomkedpjfceakddnbgfjmf":{"blacklist":true},"fafoohpbicgbcejffcplajonhhooddle":{"blacklist":true},"fbhiehmngojjcmljddjmgpmcockbccmo":{"blacklist":true},"fcfepemfihgibdacjlnlecebknaaepmj":{"blacklist":true},"ffgfbfakpcnngelphjnppokmoicdollk":{"blacklist":true},"fhlkffpjoajppmhcakbkjndbjfljccpi":{"blacklist":true},"fiapkdjniadkodmdibdnchoifkpfoiid":{"blacklist":true},"fibgploapkhokkbncddlkcmbmiengcfp":{"blacklist":true},"fihepkmlkmciffbhijldnpmifhbkiinp":{"blacklist":true},"fjhfnfakmfcejgmfkmnapemgblmehppf":{"blacklist":true},"fjjeecfjmgfnleghoellhldedkaocjfc":{"blacklist":true},"fleljamdchegbjeiipbnmiebnhgheeld":{"blacklist":true},"flmmgcfcpbfddenepkfmgfpbaceolcoe":{"blacklist":true},"fmcccidacjgnfiafddkngmeolkoiihil":{"blacklist":true},"fmonlemffgbabjifjfaoamdflijecdbk":{"blacklist":true},"fngolbdmkneakeaoiieafkilnogbocda":{"blacklist":true},"fnhcgnmfccojojojacgeiaaeacefdohb":{"blacklist":true},"fnkaadkanmfgpfbmdcllhjdgmdbgljpi":{"blacklist":true},"fnnmbghphdnmmjdapccfobgjemjadeli":{"blacklist":true},"fnoadkjdjfgafomgmablhmffooijcfbn":{"blacklist":true},"foenbafkkmajnmfnlcmejonkfaipdmme":{"blacklist":true},"fommcgokigkhmnhlhlkckfjhefnmfohd":{"blacklist":true},"fpbippbofbmgmbojjmgfcifpmdaelcmd":{"blacklist":true},"fpjdackpllilinpkgmhkpidkanmccblc":{"blacklist":true},"fpmajanjndhgpifbcbnklbiehgnpkgmf":{"blacklist":true},"fpoajjnnpmledpmohlgpgbmlhbgkgahg":{"blacklist":true},"fpokembamndopkflopmplkklbdngnknd":{"blacklist":true},"gaicmfjflflabagobdiodejfpjikheeo":{"blacklist":true},"gandihaiobadcggbfkhpbkocmiemjlnf":{"blacklist":true},"gbenikfjhilhpgagllmfgggdjaflbmbi":{"blacklist":true},"gdggdkkjecogagaffaemnbfmllcoihjp":{"blacklist":true},"gekkhpjigmckhgmgngadbeknekgpgolb":{"blacklist":true},"ghgphbmpcfgkfneodjpbdanmdoemklio":{"blacklist":true},"ghmaokcegalalefnhlfcnjhnpdbanjkj":{"blacklist":true},"gifglngcdbggmlgkcombebegdaoknkho":{"blacklist":true},"gjkbghdignnlcknknflbigpammebiolo":{"blacklist":true},"gjmhdmobkhfhkpfmfegnkkimlamjdldi":{"blacklist":true},"gkjeccpmibljcfpfapfljciimedljpnm":{"blacklist":true},"gkjmgdpdndoaiholejnmdbbpdaafahmm":{"blacklist":true},"gmghjgfdialcnhadahmjefeflgnhcjeb":{"blacklist":true},"gnapdhmknipknfmhhnhdmhakdfhgeing":{"blacklist":true},"gncfgndgeoddelbfhlndhljnecoednaa":{"blacklist":true},"gngmkbiihflpghldjnbpemaicedhdddk":{"blacklist":true},"gobjcjhhebpjbmjdgmejhebbleadnceo":{"blacklist":true},"goedioiidkokkbobdnopnlnaaalniegm":{"blacklist":true},"gplgjmecjpbfcdikpbicknafcnfcidek":{"blacklist":true},"hbaajkahagmlkdekmbdabikbopdgpaac":{"blacklist":true},"hbdhabpmbbanaopgkbaondabkkepjfaf":{&

#6 TheJoker

Forum Deity

Global Moderator
12,506 posts

Posted 15 November 2012 - 07:05 PM

My attempt to uninstall the Ask Toolbar gave me this error message:

Error 1316. A network error occurred while attempting to
read from the file C:\Windows\Installer\AskToolbar.msi

and the program was not removed from the program list in the control panel.

We'll see what's left after we are through with a few steps.

Now please have AdwCleaner remove everything it found.
If you want to keep the AVG, that's fine, but it's not required and I would read this about it:
Shame on AVG

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

As administrator, I tried to uninstall Norton Internet Security (it was not updated, but uninstall did not work).....Later, after running AdwCleaner and SecurityCheck (logs attached below, it popped in my brilliant mind to use symantec's Norton Removal Tool to completely remove Norton. Done.

Since you ran that Security Check after the Norton Removal Tool, it seems it was not completely removed. I would run the Norton Removal Tool again, but from Safe Mode.
If this wasn't where you downloaded the Norton Removal Tool from, I would delete your copy and download a new copy from:
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Now reboot to Safe Mode - Restart your computer and begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.
Now double click on Norton_Removal_Tool.exe to run it, and when finished, if your system doesn't restart, restart it manually.

After that, I'd like to see a new log from ComboFix.

We need to make sure you have the most recent version of ComboFix.
Delete your current copy of ComboFix.exe.
Download ComboFix© by sUBs from:
http://download.blee...Bs/ComboFix.exe

Save the file to your Desktop.
Close any open browsers.
Close your AntiVirus and any anti-spyware programs you may be running.
For this next step, please ensure that ComboFix.exe is on your desktop:

Double click on ComboFix.exe & follow the prompts.
When finished, it will produce a log for you at C:\ComboFix.txt. Please post that new log in your next reply.

Does the Ask Toolbar still show up in Control Panel > Programs and Features?

Please post the new log from ComboFix, and then in a second reply the new log from AdwCleaner, the log from ESET's online scanner, and note any errors encountered. How is the system running now?

#7 Auntie Mame

Member

Full Member
8 posts

Posted 18 November 2012 - 12:31 AM

ComboFix 12-11-16.02 - Ramon 11/17/2012 23:47:34.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1700 [GMT -5:00]
Running from: c:\users\Ramon\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
F:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))
.
.
2012-11-18 05:01 . 2012-11-18 05:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-17 18:18 . 2012-11-17 18:18 -------- d-----w- c:\program files (x86)\ESET
2012-11-17 18:18 . 2012-11-17 18:18 -------- d--h--w- c:\windows\AxInstSV
2012-11-16 04:39 . 2012-11-16 04:40 -------- d-----w- c:\users\Ramon-Leticia
2012-11-16 02:53 . 2012-11-16 02:53 -------- d-----w- c:\users\Guest
2012-11-15 08:02 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 08:02 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 08:02 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 08:02 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 08:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 08:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 08:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 08:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 08:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 08:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 08:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 02:30 . 2012-11-15 02:30 -------- d-----w- c:\users\Ramon\AppData\Roaming\AVG2013
2012-11-15 02:26 . 2012-11-15 02:26 -------- d-----w- c:\users\Ramon\AppData\Roaming\TuneUp Software
2012-11-15 02:25 . 2012-11-15 02:24 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-15 02:24 . 2012-11-17 18:05 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-11-15 02:19 . 2012-11-15 02:27 -------- d-----w- c:\programdata\AVG2013
2012-11-15 01:59 . 2012-11-18 04:02 -------- d-----w- c:\users\Ramon\AppData\Local\Avg2013
2012-11-15 01:59 . 2012-11-15 01:59 -------- d-----w- c:\users\Ramon\AppData\Local\MFAData
2012-11-14 23:48 . 2012-11-14 23:48 -------- d-----w- c:\users\Ramon\AppData\Local\Symantec
2012-11-14 21:16 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 21:16 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 21:16 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 21:16 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 21:16 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 21:16 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-14 21:16 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-14 21:16 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-14 21:16 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 21:16 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 21:16 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-14 21:16 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 21:15 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-14 21:15 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-14 21:15 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 21:15 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-14 21:15 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 21:15 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 21:15 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-05 22:44 . 2012-11-05 22:44 388096 ----a-r- c:\users\Ramon\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-05 22:44 . 2012-11-05 22:44 -------- d-----w- c:\program files (x86)\Trend Micro
2012-11-04 17:25 . 2012-11-04 17:25 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-10-27 01:25 . 2012-10-27 01:25 -------- d-----w- c:\windows\SysWow64\Extensions
2012-10-27 01:25 . 2012-10-27 01:25 -------- d-----w- c:\windows\SysWow64\searchplugins
2012-10-25 23:23 . 2012-10-25 23:23 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-25 23:23 . 2012-10-25 23:23 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2012-10-25 20:19 . 2012-10-25 21:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-10-25 20:19 . 2012-10-25 21:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-10-24 03:08 . 2012-10-24 03:08 -------- d-----w- c:\users\Ramon\AppData\Roaming\Malwarebytes
2012-10-24 03:08 . 2012-11-08 05:14 -------- d-----w- c:\programdata\Malwarebytes
2012-10-24 03:07 . 2012-10-24 03:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-24 03:07 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-22 18:02 . 2012-10-22 18:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-21 04:07 . 2012-10-21 04:07 -------- d-----w- c:\programdata\CPA_VA
2012-10-21 04:00 . 2012-11-14 23:53 -------- d-----w- c:\programdata\Comodo
2012-10-21 04:00 . 2012-10-21 04:00 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-10-21 03:32 . 2012-10-21 03:32 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 21:11 . 2011-06-17 19:04 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-15 08:48 . 2012-10-15 08:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-09 21:36 . 2012-07-15 19:06 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 21:36 . 2011-06-26 01:25 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-05 08:32 . 2012-10-05 08:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 08:30 . 2012-10-02 08:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-21 08:46 . 2012-09-21 08:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 08:46 . 2012-09-21 08:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
2012-09-14 19:19 . 2012-10-09 19:47 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-09 19:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-14 08:05 . 2012-09-14 08:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2012-08-31 18:19 . 2012-10-09 19:48 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-09 19:48 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-09 19:48 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-09 19:48 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-24 18:05 . 2012-10-09 19:47 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-09 19:47 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-22 18:12 . 2012-09-12 16:17 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 16:17 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 16:17 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 01:10 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 17:01 . 2012-09-26 20:10 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-08-21 17:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-08-21 17:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 18:48 . 2012-10-09 19:48 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-09 19:48 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-09 19:48 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-09 19:48 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-09 19:48 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-09 19:48 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-09 19:48 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-09 19:48 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-09 19:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-09 19:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-09 19:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-09 19:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-09 19:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-09 19:48 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-09 19:48 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:48 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:38 . 2012-10-09 19:48 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-08-20 15:38 . 2012-10-09 19:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2012-08-20 15:33 . 2012-10-09 19:47 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33 . 2012-10-09 19:47 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-09 19:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-09 19:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-26 39408]
"KSS"="c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"MaxMenuMgr"="c:\program files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\FFDSHO~1\22639~1.201\{16CDF~1\ffdshowmngr.dll c:\progra~3\FFDSHO~1\22639~1.201\{16CDF~1\ffdshowmngr.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
R2 CLKMSVC10_C6F09094;CyberLink Product - 2010/10/20 19:52;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-06-30 245232]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ffdshow manager;ffdshow manager;c:\programdata\ffdshow manager\2.2.639.201\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [2012-10-25 1698848]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-08 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-15 30568]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-04-25 202296]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-15 711112]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-05-14 329952]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-05-14 6465760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_C6F09094
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 21:36]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 01:24]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-26 01:24]
.
2012-11-17 c:\windows\Tasks\HPCeeScheduleForRamon.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 02:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll" [2006-02-24 30720]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{608E1190-54D3-44A5-AAC7-2EDD6D2650D3}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-18 00:23:10
ComboFix-quarantined-files.txt 2012-11-18 05:23
ComboFix2.txt 2012-11-15 06:21
.
Pre-Run: 428,232,380,416 bytes free
Post-Run: 427,982,589,952 bytes free
.
- - End Of File - - 6B2CBDBFEB44B8677B696C6F59A467CC

#8 Auntie Mame

Member

Full Member
8 posts

Posted 18 November 2012 - 12:59 AM

Okay, per your instructions: I had AdwCleaner remove all it found. Log posted below.
I downloaded AVG for the resident anti-virus after reading from reviews on CNET. I will see about getting the updated Norton Internet Security, but in the meanwhile, what free anti-virus do you like/recommend?

I ran an online scan with ESET, but did not find a log at C:\Program Files\EsetOnlineScanner. I found a "CAB hook log" at C:\Program Files (x86)\ESET\ESET Online Scanner. So I ran it ESET again, and same result. Both CAB hook logs are below. I also posted the list on ESET screen 4, in the event that was what you wanted to see. (I apologize if I misunderstood.)

I could not find Norton Removal Tool on the computer, so I simply downloaded from your link, ran in Safe Mode, and manually restarted.

New log from ComboFix follows this reply as well.

Ask Toolbar does not show in Control Panel > Programs and Features! Hooray! The system is running much smoother, except the printer won't print. It acts like it is printing, audio says "printing started," printer kicks out blank pages, but nothing prints and no pending documents are in the printer queue. Do I need to uninstall and reinstall/re-load onto the computer?

# AdwCleaner v2.007 - Logfile created 11/17/2012 at 13:05:11
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Ramon - RAMON-LETICIA
# Boot Mode : Normal
# Running from : C:\Users\Ramon\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Users\Ramon\AppData\Local\APN
Folder Deleted : C:\Users\Ramon\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Ramon\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Ramon\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Ramon-Leticia\AppData\Local\AVG Secure Search
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\bProtector
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\bProtector
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKU\S-1-5-21-997291780-1119377360-3724968778-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Ramon\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"_signature":"gM0R5WbX/apkjfAyrD7crq41O1h9aJ7lCwE/NqbW4fA=","_version":4,"extensions":{"ids":["aaaanijiojpcccpkjdjjmjghddcgcbfj","ahfgeienlihckogmohjhadlkjgocpleb","blpcfgokakmgnkcojhhkbfbldkacnbeo","coobgpohoikkiipiblmjeljniedjpjpf","hgojaaaiddhmiiakpejiklijbalpckih","jmfkcklnlgedgbglfkkgedjfmejoahla","pjkljhegncpnkpknbcohdijeoejaedia"],"settings":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"ndibdjnfmopecpmkdieinmbadjfpblof":{"location":1,"manifest":{"background_page":"content/background.html","browser_action":{"default_icon":"content/icons/avg_icon_16.png","default_title":"AVG Do Not Track"},"chrome_url_overrides":{"newtab":"content/redirect.html"},"content_scripts":[{"all_frames":true,"js":["content/js/content.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"js":["content/js/ntinject.js"],"matches":["hxxp://toolbar.avg.com/*"]}],"default_locale":"en","description":"AVG Secure Search","icons":{"128":"content/icons/128-AVG-logo.png","16":"content/icons/16-AVG-logo.png","48":"content/icons/48-AVG-logo.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQAB","name":"AVG Secure Search","options_page":"content/options.html","permissions":["tabs","plugin","webRequest","webRequestBlocking","hxxp://*/*","hxxps://*/*","hxxp://dnt.cloud.avg.com/","hxxp://dntf.cloud.avg.com/"],"version":"13.2.0.4"},"path":"ndibdjnfmopecpmkdieinmbadjfpblof\\13.2.0.4","state":0},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"location":1,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.0"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.0","state":0},"hgojaaaiddhmiiakpejiklijbalpckih":{"location":1,"manifest":{"background":{"page":"background.html"},"content_scripts":[{"all_frames":false,"js":["ci.content.pack.js","content.js"],"matches":["<all_urls>"],"run_at":"document_start"},{"all_frames":false,"js":["ci.browser.helper.js"],"matches":["<all_urls>"],"run_at":"document_end"}],"description":"Add Smileys to Facebook Chat","homepage_url":"hxxp://www.statuswinks.com/","icons":{"128":"icon128.png","16":"icon16.png","48":"icon48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1jsAQ41OnoYhcGAqBDS8kBfewrqtzggICVCuEcyjE+aa+/8YI5ibjJon6ZOLZ2L2qyEBXZN5U+pR7Sq+1VxiVtWOEyf7l7GVDRoeSfhKelQgKPM0uKK/EPszhzJKlgTXWzY3E3IsKRG3dbBqXpySRq2sV6pgYSBhdCyfZIVx6EwIDAQAB","manifest_version":2,"name":"Smiley Bar for Facebook","permissions":["tabs","webNavigation","<all_urls>"],"update_url":"hxxp://dd50w6dldw3pf.cloudfront.net/statuswinks/chrome/update.xml","version":"1.0.0.0"},"path":"hgojaaaiddhmiiakpejiklijbalpckih\\1.0.0.0","state":0}}},"homepage":"hxxp://search.babylon.com/?affID=115851&tt=021012_IKAN_4012_8&babsrc=HP_ss&mntrId=9c675ee6000000000000643150210246","homepage_is_newtabpage":false,"session":{"restore_on_startup":5,"urls_to_restore_on_startup":["hxxp://search.babylon.com/?affID=115851&tt=021012_IKAN_4012_8&babsrc=HP_ss&mntrId=9c675ee6000000000000643150210246"]}},"browser":{"check_default_browser":true,"clear_lso_data_enabled":true,"last_known_google_url":"hxxp://www.google.com/","last_prompted_google_url":"hxxp://www.google.com/","pepper_flash_settings_enabled":true,"window_placement":{"bottom":852,"left":43,"maximized":true,"right":1158,"top":42,"work_area_bottom":860,"work_area_left":0,"work_area_right":1600,"work_area_top":0}},"cloud_print":{"email":""},"countryid_at_install":21843,"default_apps_install_state":1,"default_search_provider":{"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.ico","id":"2","instant_url":"{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&ie={inputEncoding}{google:instantEnabledParameter}{searchTerms}","keyword":"google.com","name":"Google","prepopulate_id":"1","search_url":"{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}","suggest_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}"},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":true,"show_welcome_page":true,"skip_first_run_ui":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://ad.doubleclick.net/",["hxxp://s0.2mdn.net/",2.27338020]],["hxxp://ad.turn.com/",["hxxp://cdn.turn.com/",2.319614810014193]],["hxxp://ads.pubmatic.com/",["hxxp://ad.turn.com/",2.319614810014193,"hxxp://adadvisor.net/",2.613894300836889,"hxxp://aud.pubmatic.com/",2.908173791659586,"hxxp://ib.adnxs.com/",2.319614810014193,"hxxp://idpix.media6degrees.com/",2.319614810014193,"hxxp://image2.pubmatic.com/",3.496732773304977,"hxxp://pixel.quantserve.com/",2.025335319191497,"hxxp://pixel.rubiconproject.com/",2.025335319191497,"hxxp://sync.mathtag.com/",2.319614810014193,"hxxp://www.adadvisor.net/",2.025335319191497]],["hxxp://blogs.computerworld.com/",["hxxp://a0.twimg.com/",4.585621599999999,"hxxp://idg-computerworldblogs.disqus.com/",2.60370040,"hxxp://images.industrybrains.com/",3.594660999999999,"hxxp://mediacdn.disqus.com/",6.897862999999998,"hxxp://now.eloqua.com/",3.264340799999999,"hxxp://ping.chartbeat.net/",2.27338020,"hxxp://static.chartbeat.com/",2.27338020,"hxxp://w.sharethis.com/",4.585621599999999,"hxxp://www.computerworld.com/",12.381310448080,"hxxp://www.facebook.com/",4.585621599999999]],["hxxp://cdn.assets.gorillanation.com/",["hxxp://analytics.springboardvideo.com/",2.025335319191497,"hxxp://analytics.stg.springboardvideo.com/",2.025335319191497,"hxxp://b.scorecardresearch.com/",2.319614810014193,"hxxp://cdn.springboard.gorillanation.com/",2.319614810014193,"hxxp://cms.springboard.gorillanation.com/",2.319614810014193,"hxxp://si-general.springboardplatform.com/",2.025335319191497,"hxxp://streaming.springboardvideo.com/",2.319614810014193,"hxxp://webservices.evolvemediacorp.com/",2.025335319191497,"hxxp://www.google.com/",2.613894300836889,"hxxp://www.springboardplatform.com/",3.202453282482282]],["hxxp://cdn.turn.com/",["hxxp://image2.pubmatic.com/",2.025335319191497]],["hxxp://core.saymedia.com/",["hxxp://b.scorecardresearch.com/",1.151398295090829,"hxxp://pixel.quantserve.com/",1.151398295090829,"hxxp://tag.admeld.com/",2.025335319191497]],["hxxp://ct1.addthis.com/",["hxxp://adx.adnxs.com/",2.025335319191497,"hxxp://aidps.atdmt.com/",2.025335319191497,"hxxp://cspix.media6degrees.com/",2.025335319191497,"hxxp://ds.addthis.com/",2.025335319191497,"hxxp://ds.reson8.com/",2.319614810014193,"hxxp://ib.adnxs.com/",0.3857109649737093,"hxxp://m.addthisedge.com/",0.8618217694195256,"hxxp://segment-pixel.invitemedia.com/",0.07084425480575195,"hxxp://sync.mathtag.com/",2.025335319191497,"hxxp://view.atdmt.com/",0.07084425480575195]],["hxxp://d.xp1.ru4.com/",["hxxp://d.xp1.ru4.com/",2.025335319191497,"hxxp://hxxp.content.ru4.com/",2.319614810014193,"hxxp://idsync.rlcdn.com/",2.319614810014193,"hxxp://image2.pubmatic.com/",2.025335319191497,"hxxp://loadm.exelator.com/",2.025335319191497,"hxxp://m.xp1.ru4.com/",2.319614810014193,"hxxp://pixel.exelator.com/",2.025335319191497,"hxxp://r.nexac.com/",2.025335319191497,"hxxp://r.openx.net/",2.319614810014193,"hxxp://tags.bluekai.com/",2.025335319191497]],["hxxp://dan-ball.jp/",["hxxp://dan-ball.jp/",7.852488223133726,"hxxp://pagead2.googlesyndication.com/",1.151398295090829,"hxxp://www.google-analytics.com/",1.151398295090829]],["hxxp://edge.sharethis.com/",["hxxp://edge.sharethis.com/",2.27338020,"hxxp://w.sharethis.com/",2.60370040]],["hxxp://google.com/",["hxxp://www.google.com/",2.066525344788971]],["hxxp://googleads.g.doubleclick.net/",["hxxp://amch.questionmarket.com/",0.08351555225096762,"hxxp://cheetah.vizu.com/",0.9001873533091516,"hxxp://googleads.g.doubleclick.net/",2.319614810014193,"hxxp://i1.ytimg.com/",0.3077220011432548,"hxxp://pagead2.googlesyndication.com/",0.6826697905252139,"hxxp://puma.vizu.com/",1.19642002939210,"hxxp://s0.2mdn.net/",0.3353495960346131,"hxxp://www.google.com/",2.319614810014193,"hxxp://www.gstatic.com/",0.9001873533091516,"hxxps://googleads.g.doubleclick.net/",2.319614810014193]],["hxxp://i.notdoppler.com/",["hxxp://gd31b7d91cc574d63.api.playtomic.com/",2.025335319191497]],["hxxp://ipchicken.com/",["hxxp://ipchicken.com/",4.426065477271901,"hxxp://pagead2.googlesyndication.com/",1.804354218957534,"hxxp://www.google-analytics.com/",2.066525344788971,"hxxp://www.kqzyfj.com/",1.804354218957534,"hxxp://www.yceml.net/",1.804354218957534]],["hxxp://mediacdn.disqus.com/",["hxxp://b.scorecardresearch.com/",1.320604615120,"hxxp://mediacdn.disqus.com/",2.27338020]],["hxxp://news.google.com/",["hxxp://csi.gstatic.com/",1.857229544077419,"hxxp://i.ytimg.com/",3.746206601728809,"hxxp://news.google.com/",1.857229544077419,"hxxp://nt0.ggpht.com/",3.476352736350040,"hxxp://nt1.ggpht.com/",4.555768197865120,"hxxp://nt2.ggpht.com/",4.555768197865120,"hxxp://nt3.ggpht.com/",5.365329794001430,"hxxp://ssl.gstatic.com/",2.666791140213729,"hxxp://www.gstatic.com/",2.666791140213729,"hxxps://plusone.google.com/",2.127083409456189]],["hxxp://puma.vizu.com/",["hxxp://cheetah.vizu.com/",1.151398295090829,"hxxp://puma.vizu.com/",1.151398295090829]],["hxxp://seg.sharethis.com/",["hxxp://b.scorecardresearch.com/",2.27338020]],["hxxp://support.google.com/",["hxxp://fonts.googleapis.com/",2.084686339270529,"hxxp://support.google.com/",3.599202055834588,"hxxp://www.google.com/",3.296298912521777,"hxxps://plusone.google.com/",2.084686339270529]],["hxxp://tap2-cdn.rubiconproject.com/",["hxxp://d.agkn.com/",1.967674022654115,"hxxp://ib.adnxs.com/",2.253575376373089,"hxxp://image2.pubmatic.com/",1.967674022654115,"hxxp://match.adsrvr.org/",2.253575376373089,"hxxp://matcher-pbm.bidder7.mookie1.com/",1.967674022654115,"hxxp://matcher-rbc.bidder7.mookie1.com/",2.253575376373089,"hxxp://matcher.bidder8.mookie1.com/",2.253575376373089,"hxxp://p.rightaction.com/",2.539476730092063,"hxxp://pixel.rubiconproject.com/",2.253575376373089,"hxxp://rc.rlcdn.com/",2.253575376373089]],["hxxp://view.atdmt.com/",["hxxp://b.scorecardresearch.com/",2.27338020,"hxxp://b.voicefive.com/",1.320604615120,"hxxp://core.insightexpressai.com/",1.981245015120,"hxxp://rmd.atdmt.com/",0.990284415120]],["hxxp://webservices.evolvemediacorp.com/",["hxxp://cdn.assets.gorillanation.com/",2.319614810014193,"hxxp://webservices.evolvemediacorp.com/",3.791012264127673,"hxxp://www.google-analytics.com/",2.613894300836889]],["hxxp://www.alumniclass.com/",["hxxp://www.alumniclass.com/",10.53138520,"hxxp://www.google-analytics.com/",2.60370040]],["hxxp://www.ask.com/",["hxxp://ak.imgfarm.com/",2.27338020,"hxxp://b.scorecardresearch.com/",2.60370040,"hxxp://img.youtube.com/",2.27338020,"hxxp://sp.ask.com/",6.567542799999998,"hxxp://tbr.ask.com/",2.27338020,"hxxp://www.ask.com/",7.228183199999998,"hxxp://www.google-analytics.com/",2.60370040,"hxxp://wzpo1.ask.com/",2.60370040]],["hxxp://www.easports.com/",["hxxp://cdn.content.easports.com/",4.585621599999999,"hxxp://cdn.www.easports.com/",9.870744799999997,"hxxp://dnn506yrbagrg.cloudfront.net/",2.27338020,"hxxp://eaeacom.112.2o7.net/",2.60370040,"hxxp://resources.ea.com/",2.60370040,"hxxp://www.easports.com/",11.52234580,"hxxp://www.gaiaflashframework.com/",2.27338020,"hxxp://www.google-analytics.com/",2.93402060]],["hxxp://www.facebook.com/",["hxxp://static.ak.fbcdn.net/",0.8243654771309440]],["hxxp://www.frostwire.com/",["hxxp://static.frostwire.com/",7.985144776013998,"hxxp://www.google-analytics.com/",2.5295730496120,"hxxps://apis.google.com/",2.5295730496120,"hxxps://ssl.gstatic.com/",2.2086570657060]],["hxxp://www.google.com/",["hxxp://id.google.com/",0.4313678912262720,"hxxp://lh4.googleusercontent.com/",0.65358771397920,"hxxp://news.google.com/",0.65358771397920,"hxxp://p5-jw2y3q2ant4ta-exsacsz3lrzhy2jr-582265-i1-v6exp3-v4.metric.gstatic.com/",0.65358771397920,"hxxp://p5-jw2y3q2ant4ta-exsacsz3lrzhy2jr-582265-i2-v6exp3-ds.metric.gstatic.com/",0.65358771397920,"hxxp://ssl.gstatic.com/",0.3465408968816255,"hxxp://www.google.com/",2.748303444257430]],["hxxp://www.notdoppler.com/",["hxxp://ads.intergi.com/",2.613894300836889,"hxxp://adserver.adtechus.com/",2.319614810014193,"hxxp://beacon.saymedia.com/",3.791012264127673,"hxxp://core.saymedia.com/",2.613894300836889,"hxxp://ct1.addthis.com/",2.613894300836889,"hxxp://i.notdoppler.com/",14.53144202176024,"hxxp://pagead2.googlesyndication.com/",2.025335319191497,"hxxp://pixel.quantserve.com/",2.319614810014193,"hxxp://www.notdoppler.com/",4.673850736595761,"hxxps://plusone.google.com/",2.319614810014193]],["hxxp://www.pfaff.com/",["hxxp://www.google-analytics.com/",2.189416085407748,"hxxp://www.pfaff.com/",4.967033507193693]],["hxxp://www.springboardplatform.com/",["hxxp://analytics.springboardvideo.com/",2.025335319191497,"hxxp://analytics.stg.springboardvideo.com/",2.025335319191497,"hxxp://streaming.springboardvideo.com/",2.908173791659586]],["hxxp://www.verdugohs.org/",["hxxp://counter.edlio.com/",1.538615947120,"hxxp://www.verdugohs.org/",55.99057963632034,"hxxps://www.paypalobjects.com/",2.230834958240]],["hxxp://www.youtube.com/",["hxxp://s.ytimg.com/",1.857229544077419]],["hxxps://plusone.google.com/",["hxxps://plusone.google.com/",1.241244702449474,"hxxps://ssl.gstatic.com/",0.5281470911240961]]],"startup_list":[1,"hxxp://cdn.www.easports.com/","hxxp://id.google.com/","hxxp://p5-etcqmcm5466xw-qvn6y5g2umf73cqy-446960-i1-v6exp3-v4.metric.gstatic.com/","hxxp://p5-etcqmcm5466xw-qvn6y5g2umf73cqy-446960-i2-v6exp3-ds.metric.gstatic.com/","hxxp://p5-etcqmcm5466xw-qvn6y5g2umf73cqy-446960-s1-v6exp3-v4.metric.gstatic.com/","hxxp://sp.ask.com/","hxxp://ssl.gstatic.com/","hxxp://websearch.ask.com/","hxxp://www.easports.com/","hxxp://www.google.com/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"alerts":{"initialized":true},"autoupdate":{"last_check":"12994569243900750","next_check":"12995522347596491"},"blacklistupdate":{"lastpingday":"12994498804307750","version":"0.0.0.129"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"],"newtab":["chrome-extension://aaaanijiojpcccpkjdjjmjghddcgcbfj/config/skin/new-tab.html"]},"settings":{"aaaanijiojpcccpkjdjjmjghddcgcbfj":{"ack_external":true,"active_permissions":{"api":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","plugin","tabs","unlimitedStorage"],"explicit_host":["chrome://favicon/*","hxxp://*/*","hxxps://*/*"],"scriptable_host":["*://*.ask.com/","*://*.bagsbuy.com/*","*://*.childrenschorus.org/*","*://*.csaa.com/*","*://*.facebook.com/*","*://*.google.com/*","*://*.google.com/imgres*","*://*.mercurynews.com/*","*://*.usnews.com/*","*://*.wikipedia.org/*","*://*/*","*://codesearch.google.com/*","*://images.google.com/*"]},"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12993415288035891","location":3,"manifest":{"background_page":"background/background.html","browser_action":{"default_icon":"config/skin/images/ask_logo_19x.png","default_popup":"config/skin/options.html","default_title":"Oovoo Toolbar"},"chrome_url_overrides":{"newtab":"config/skin/new-tab.html"},"content_scripts":[{"js":["lib/jquery.js","lib/constant.js","lib/default-config.js","config/tb-config.js","lib/tb-message.js","content_script/toolbar.js","content_script/widget.js","content_script/injector.js"],"matches":["*://*/*"],"run_at":"document_start"},{"css":["content_script/hack/facebook.css"],"matches":["*://*.facebook.com/*"]},{"css":["content_script/hack/relative.css"],"matches":["*://*.google.com/*","*://*.ask.com/","*://*.bagsbuy.com/*","*://*.csaa.com/*","*://*.childrenschorus.org/*","*://*.wikipedia.org/*","*://*.mercurynews.com/*","*://*.usnews.com/*"],"run_at":"document_start"},{"css":["content_script/hack/static.css"],"matches":["*://*.google.com/imgres*","*://images.google.com/*","*://codesearch.google.com/*"],"run_at":"document_start"}],"description":"Convenient tools and links to make your browsing more enjoyable","icons":{"128":"config/skin/images/ask_logo_128x.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDg7OvjPFDBCe8rWj4+ZHgelwoi5YeNzzZM/6iWkvQfPClU6JgpNC9TKZtJ8Qo/E/G7JFGTOp/yZK6AlzMLGS50x/Hrr5qweD5jO+P41ZxOg5ezG6hvNHDs3nhFp5bhMzT8y5rRsJtzE+ApHEqpvqnk5BlRstSsl71q8rcZEuHbVQIDAQAB","name":"Oovoo Toolbar","permissions":["bookmarks","contextMenus","cookies","geolocation","history","idle","management","notifications","tabs","unlimitedStorage","hxxp://*/*","hxxps://*/*","chrome://favicon/*","chrome-internal://newtab/"],"plugins":[{"path":"background/registryAccess.dll","public":false}],"update_url":"hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php","version":"7.15.2.23076"},"path":"aaaanijiojpcccpkjdjjmjghddcgcbfj\\7.15.2.23076_0","state":1,"update_url_data":""},"aakhlmakppmkkmfkoibponkmmpgpmjgl":{"blacklist":true},"aandpgohbohmlknpjbblpmoladhoochg":{"blacklist":true},"abciiempgohamehppammbkhkicmkgkob":{"blacklist":true},"abfclfmhaemoockhhinpplncjehfpdbd":{"blacklist":true},"acmpfcamncegnhjdeiodgilikjafcamg":{"blacklist":true},"aebfkgcamgnimcbnbiopgdakknjgggnm":{"blacklist":true},"aemcjbfajnnmhblifaejadoecfoaebld":{"blacklist":true},"afenhmponmfmdmbmccbmglppcmjhmhmh":{"blacklist":true},"aglmapjbjphdidmnileogpjkgpdoliep":{"blacklist":true},"agmhonoepgcnakccfpidhjehlocaeaaj":{"blacklist":true},"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"h","page_ordinal":"n"},"ahjfgnikolodijnpakeknpilnemojlhc":{"blacklist":true},"aieglpnmmhleoenpbmfaffppfomgjmba":{"blacklist":true},"aieihijcjcccdiepockaiekhpflicdii":{"blacklist":true},"aifmjmboebdkdelpjenakhaodgneempp":{"blacklist":true},"ajlkjjdbgcjdiklbcomhnfghjigfccoh":{"blacklist":true},"alcbnnpmipohgdllkkglhkbncijplago":{"blacklist":true},"aldalonecchncedclgcndcndgilaclnk":{"blacklist":true},"alfahpoknocfdebmiclonikapcnljlob":{"blacklist":true},"aljdncnajablgppdcfbehhmidlmbndda":{"blacklist":true},"amfgdngndpfldigimkcindjalokfnmem":{"blacklist":true},"amoobcjlpgloocplpikcldcpjjdnoeii":{"blacklist":true},"anmjpohfnlopdfaojooicpemopnliimn":{"blacklist":true},"apdmgffkfhjfeejmbjidennfjdkmmmbl":{"blacklist":true},"aphncaagnlabkeipnbbicmcahnamibgb":{"blacklist":true},"bcddmcejgphfgofbpoocakaeapfomlek":{"blacklist":true},"benclngoadbppljglhphhnfknoppmjoa":{"blacklist":true},"bhdkpmneahdelgdgfhddianklldfoell":{"blacklist":true},"bilgncckogfgfipdlejkffnbkgjkmflh":{"blacklist":true},"bioeopenmokdgbekbgpgnacecjmpckbb":{"blacklist":true},"bjihddggcgnblgojnmhpnngonofbnkaj":{"blacklist":true},"bkhafliomebnpccanacmlfaemgfiofko":{"blacklist":true},"bkkchglolnigbfncnbnnbhhempjkdpkf":{"blacklist":true},"bkplhcigeaiiliajeehehiikokgocbhb":{"blacklist":true},"bldgnkigdcpgnbfehgbameigoohecdfl":{"blacklist":true},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_permissions":{"api":["appNotifications"]},"app_launcher_ordinal":"n","events":["experimental.runtime.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12986266299858537","lastpingday":"12994498803849750","location":2,"manifest":{"app":{"launch":{"container":"tab","web_url":"hxxp://www.youtube.com/"},"web_content":{"enabled":true,"origin":"hxxp://www.youtube.com"}},"current_locale":"en_US","default_locale":"en","description":"The world's most popular online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","name":"YouTube","permissions":["appNotifications"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"4.2.5"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.5_0","state":1},"bndahdijlcnncjbpammoedeapmlobllc":{"blacklist":true},"bnffnggkphadlnoopcoakdnkellnifjp":{"blacklist":true},"boaoagnmpennjoigkkmnjhecapibhfko":{"blacklist":true},"boclfockfmgcppbajihcgajhpggaakgl":{"blacklist":true},"bokkificjhapflinbdejegngffgkcgfe":{"blacklist":true},"caphkimknlmnhpjoneddiaakmcaajagb":{"blacklist":true},"cbbbpmlnlpnjojeplppgeilanlihoojg":{"blacklist":true},"cbbjhegipokkofhhicbckicchjpcpeni":{"blacklist":true},"cdogaeccgljmkecjmoedambgiekkllij":{"blacklist":true},"cekdjgnecpoooikhmceokdhojckkkhmh":{"blacklist":true},"cepfogmgfkddnllaopgknbdfkceejmhk":{"blacklist":true},"cfbdodejdeejbkffcmiaknpmojjeibpn":{"blacklist":true},"cgnegjfmdfenjojhjffejinpnpoglmlh":{"blacklist":true},"cgnkbnaiipmfbakpmhllalggoepniemh":{"blacklist":true},"cihlkpohodpdkdnfalhdkhhlhmhffmbe":{"blacklist":true},"cjhklhdjonhcohlacgggcbklpnldleck":{"blacklist":true},"cjohbbapkbkkhpohinffggbphnhoblea":{"blacklist":true},"ckckpgefkpjfopjppjfcikppehdhceah":{"blacklist":true},"ckphhghhpjbfddcgkpfbelfeojcciglo":{"blacklist":true},"clapnamcglekekmamicmbahkghdcjaeh":{"blacklist":true},"cmjphjljejnfgdbkdgdlclaabimpknna":{"blacklist":true},"cmlokmkdolieoaoddlfhaidnlmiadhik":{"blacklist":true},"coajchbkdbfhmhbgcjepiofllfjjcpfp":{"blacklist":true},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"active_bit":true,"app_launcher_ordinal":"w","events":["experimental.runtime.onInstalled"],"from_bookmark":true,"from_webstore":true,"install_time":"12986266300662537","lastpingday":"12994498803849750","location":2,"manifest":{"app":{"launch":{"web_url":"hxxp://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"en_US","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","name":"Google Search","update_url":"hxxp://clients2.google.com/service/update2/crx","version":"0.0.0.19"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.19_0","state":1},"copjbedljgpkaakkmbhgkpoaadeahido":{"blacklist":true},"cpiiakoibaohkfoaijaigdnocfolnmll":{"blacklist":true},"dadcalgappognjbjpalfophhcfakoeac":{"blacklist":true},"danapgfidmepmcfbjjacceiaiiioieio":{"blacklist":true},"dbanhghadfmjndnjmmejdgfdmgidlbpm":{"blacklist":true},"dbiblcmlcgdjjbdpbmbcpineegngkiip":{"blacklist":true},"dbmdicehacbaohlockjgdglcobimmjkh":{"blacklist":true},"dejippphmhbpgckbhdidnjmdcpfccbaj":{"blacklist":true},"dfafokiagoiocidlpglcanjkcdbdnioi":{"blacklist":true},"dfoegfajplmijblljfancdapbdaopebb":{"blacklist":true},"dgaehaeahdegbdlenicbmkbakhdgoeml":{"blacklist":true},"dgcfmgdfbfbgcpbendbhbkfjppboebed":{"blacklist":true},"dgkemngdheppgohkjjelnkjmdeimmfml":{"blacklist":true},"dhclobcklknojliojkkclgjndemadnig":{"blacklist":true},"diinokaoicgobepmadnmedlhdfnpehcj":{"blacklist":true},"dinhjcapnfbffhiihdlnbdfjdjjfhcbk":{"blacklist":true},"djnahdkbfgnhgpakidinfonfcjbagkgp":{"blacklist":true},"dlobhinihbmedmheccecfnkcadpehmbf":{"blacklist":true},"dmhgenmamfphbclmhdgmffajkfommkom":{"blacklist":true},"dmhjdbigobajgnfoabodjgmcdgoeoljm":{"blacklist":true},"dmkdhgkknhnfpdjeicefnpmhcpbimden":{"blacklist":true},"dnemhlkdpajbbniphgkgceplmnkfnhfo":{"blacklist":true},"doneghboglgnflpdicnkaojmmljgejkj":{"blacklist":true},"dpgenihgggagjjggfocjceeobjkadcbc":{"blacklist":true},"dpmloehicimdjkibmobhmpgdndgbcced":{"blacklist":true},"ebdcdchjcndpjhehacedepnggfdbfkpn":{"blacklist":true},"echngajnlpjeacbanjejlhcajjfoedcc":{"blacklist":true},"edmnikahahfkfilbbjbdoiabnghbkmjc":{"blacklist":true},"efbeabpbbkahnnjalakldjfhljboclkf":{"blacklist":true},"efhjelcghjkfigiagdfbfilndaffpmdj":{"blacklist":true},"efnaljpgehfilpmkhobibbjceeeondmn":{"blacklist":true},"egljdhfnbjahogjahnigfnbpidlmdagi":{"blacklist":true},"ehgoiaffgjoinpkllmmnikghgpghnabc":{"blacklist":true},"ehmjnpjodmgeocfphkjjnheiheehcoid":{"blacklist":true},"ehomcoocpagnlcakcbecdaknmacmedld":{"blacklist":true},"eihjeehdobnpkonebmpanonopghepfle":{"blacklist":true},"eijbdinddjecmebnlienfoijpjjobkjh":{"blacklist":true},"ejijgghlncnaphklndknkbkclebfboca":{"blacklist":true},"ejlekamipdcfcfpgfepjmklllbpeecaj":{"blacklist":true},"elcaigjcaijbfpjngaekbblphmfjdhfo":{"blacklist":true},"eofejpelggimkodeojpeojnbijgiglgh":{"blacklist":true},"eopmhecjnginkckggjmhombbopmkjpam":{"blacklist":true},"epbmnbdplhcomkedpjfceakddnbgfjmf":{"blacklist":true},"fafoohpbicgbcejffcplajonhhooddle":{"blacklist":true},"fbhiehmngojjcmljddjmgpmcockbccmo":{"blacklist":true},"fcfepemfihgibdacjlnlecebknaaepmj":{"blacklist":true},"ffgfbfakpcnngelphjnppokmoicdollk":{"blacklist":true},"fhlkffpjoajppmhcakbkjndbjfljccpi":{"blacklist":true},"fiapkdjniadkodmdibdnchoifkpfoiid":{"blacklist":true},"fibgploapkhokkbncddlkcmbmiengcfp":{"blacklist":true},"fihepkmlkmciffbhijldnpmifhbkiinp":{"blacklist":true},"fjhfnfakmfcejgmfkmnapemgblmehppf":{"blacklist":true},"fjjeecfjmgfnleghoellhldedkaocjfc":{"blacklist":true},"fleljamdchegbjeiipbnmiebnhgheeld":{"blacklist":true},"flmmgcfcpbfddenepkfmgfpbaceolcoe":{"blacklist":true},"fmcccidacjgnfiafddkngmeolkoiihil":{"blacklist":true},"fmonlemffgbabjifjfaoamdflijecdbk":{"blacklist":true},"fngolbdmkneakeaoiieafkilnogbocda":{"blacklist":true},"fnhcgnmfccojojojacgeiaaeacefdohb":{"blacklist":true},"fnkaadkanmfgpfbmdcllhjdgmdbgljpi":{"blacklist":true},"fnnmbghphdnmmjdapccfobgjemjadeli":{"blacklist":true},"fnoadkjdjfgafomgmablhmffooijcfbn":{"blacklist":true},"foenbafkkmajnmfnlcmejonkfaipdmme":{"blacklist":true},"fommcgokigkhmnhlhlkckfjhefnmfohd":{"blacklist":true},"fpbippbofbmgmbojjmgfcifpmdaelcmd":{"blacklist":true},"fpjdackpllilinpkgmhkpidkanmccblc":{"blacklist":true},"fpmajanjndhgpifbcbnklbiehgnpkgmf":{"blacklist":true},"fpoajjnnpmledpmohlgpgbmlhbgkgahg":{"blacklist":true},"fpokembamndopkflopmplkklbdngnknd":{"blacklist":true},"gaicmfjflflabagobdiodejfpjikheeo":{"blacklist":true},"gandihaiobadcggbfkhpbkocmiemjlnf":{"blacklist":true},"gbenikfjhilhpgagllmfgggdjaflbmbi":{"blacklist":true},"gdggdkkjecogagaffaemnbfmllcoihjp":{"blacklist":true},"gekkhpjigmckhgmgngadbeknekgpgolb":{"blacklist":true},"ghgphbmpcfgkfneodjpbdanmdoemklio":{"blacklist":true},"ghmaokcegalalefnhlfcnjhnpdbanjkj":{"blacklist":true},"gifglngcdbggmlgkcombebegdaoknkho":{"blacklist":true},"gjkbghdignnlcknknflbigpammebiolo":{"blacklist":true},"gjmhdmobkhfhkpfmfegnkkimlamjdldi":{"blacklist":true},"gkjeccpmibljcfpfapfljciimedljpnm":{"blacklist":true},"gkjmgdpdndoaiholejnmdbbpdaafahmm":{"blacklist":true},"gmghjgfdialcnhadahmjefeflgnhcjeb":{"blacklist":true},"gnapdhmknipknfmhhnhdmhakdfhgeing":{"blacklist":true},"gncfgndgeoddelbfhlndhljnecoednaa":{"blacklist":true},"gngmkbiihflpghldjnbpemaicedhdddk":{"blacklist":true},"gobjcjhhebpjbmjdgmejhebbleadnceo":{"blacklist":true},"goedioiidkokkbobdnopnlnaaalniegm":{"blacklist":true},"gplgjmecjpbfcdikpbicknafcnfcidek":{"blacklist":true},"hbaajkahagmlkdekmbdabikbopdgpaac":{"blacklist":true},"hbdhabpmbbanaopgkbaondabkkepjfaf":{"blacklist":true},"hbmlheccjkodhfejcmblndjodllmnlnl":{"blacklist":true},"hcapokajkngndbglnfglpfdpoeidmpha":{"blacklist":true},"hcpndbchnlgojmnijaldkicigmihmdca":{"blacklist":true},"hdijkiondgomjpehfhopomicjbiodmcm":{"blacklist":true},"hdnbmmfjbblajkjkcaeofolgfnljpnim":{"blacklist":true},"hecijapnccjhonbmacmkmffooodfokoo":{"blacklist":true},"hefmoncdemhjembgbnkgglhlookbipdc":{"blacklist":true},"hfjpjodbolkmheaehcnmfhjakjileoof":{"blacklist":true},"hfpfbhnmbbig

#9 TheJoker

Forum Deity

Global Moderator
12,506 posts

Posted 18 November 2012 - 08:55 AM

I downloaded AVG for the resident anti-virus after reading from reviews on CNET. I will see about getting the updated Norton Internet Security, but in the meanwhile, what free anti-virus do you like/recommend?

If you look for a new copy of Norton Internet Security, check the holiday sales, you'll likely find it for free after mail-in rebated rebates. Personally, I don't count mail rebates in the cost as it can take so long, and sometimes they never show up. For free antivirus programs you may want to consider, there is Avira Free Antivirus available at http://www.free-av.com, Free avast! at http://www.avast.com...ivirus-download, or AVG Anti-Virus Free at http://free.avg.com/.../free-downloads, I would recommend them in that order, but any would be a good choice. If you want some information on how they compare to each other, there is information available at AV Comparatives.

As you said you uninstalled all Comodo programs, using Windows Exploer, delete the following folder that was left behind:
c:\programdata\Comodo

The system is running much smoother, except the printer won't print. It acts like it is printing, audio says "printing started," printer kicks out blank pages, but nothing prints and no pending documents are in the printer queue. Do I need to uninstall and reinstall/re-load onto the computer?

If there is an uninstallable entry for the printer in Control Panel > Programs and Features, I would uninstall it and download the current verison and reinstall it. What is the printer?

I see the ESET scan found a few more items. Regardless of what antivirus you have installed as your resident protection, it never hurts to do an occasional scan with a different online scanner. For instance, if you have AVG installed, the online scanners from Kaspersky or ESET, which you just ran, are a good choice, particularly if the system might be as risk, and a system with multiple users can be more at risk that one used by a single person.

I see no more malware in your logs, so let's do a bit of cleanup.

Go to start > run and copy and paste the next command in the field:
ComboFix /uninstall
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, implement some cleanup procedures, and reset System Restore points.

You can also delete AdwCleaner.exe from your Desktop, and any of the logs as well, along with DDS, SecurityCheck.exe, and the Norton Uninstaller that you no longer need.

To help keep malware off your system:

Keep Windows updated at Windows Update or Microsoft Update.
Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.
Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
Don't click on links received in instant message programs.
In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...p2002/hosts.htm
A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at http://www.javacools...m/products.html
As this is a shared computer, you may want to consider Open DNS Home, a configurable DNS server that allows you to block different categories of information, and will help to protect from phishing sites.
I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955

If you let me know what your printer is I'll look up the current driver for it.

#10 Auntie Mame

Member

Full Member
8 posts

Posted 18 November 2012 - 04:46 PM

Hello Joker,

Thank you for pointing me to AV Comparatives (very helpful information) and I'll be on the lookout for sales on Norton Internet Security.

I deleted the Comodo folder, and after much mouse clicking, figured out the issue with the printer. On start up, Windows automatically downloaded some printer (it is a Lexmark x2480) stuff, one of which was a driver for the USB composite device for a 32-bit system (?), so I uninstalled all, deleted the download, and re-installed the related current driver and software from the Lexmark website. Then I uninstalled ComboFix and deleted AdwCleaner, DDS, Security Check and related logs. I also uninstalled Hijack This ... now I am thinking you may have wanted me to keep this a bit longer. I apologize if this is the case.

Should I keep KSS and ESET? I'd like to leave them as reminders to myself of online scanners to run, knowing I'll have to get and run the most current version at time of use. I updated Windows and other applications through FileHippo (thank you for giving me this!). Hopefully, the teen won't be able to download P2P software now that I've password protected the administrator account (correct?) and gave him his own user account. I'll just have to regularly scan and clean the computer (maybe weekly - in addition to scheduled scans), because the family will no doubt continue clicking on email attachments and links, and my parents only use Internet Explorer and AOL for their email.

I greatly appreciate the information you provided to help keep malware off the computer. After reading your article on USB/flash drive safety and Tony Klein's article, I now believe these should be required reading for all computer users! Unfortunately, your link to MVPHOSTS gave me a server error. Would you have a different link to the file or know of safe site from which to download it? I definitely want this file, as well as SpywareGuard, and will look into Open DNS Home.

Should I run any final scans or do anything beyond what I just mentioned above? I'll patiently await your response to my questions. You have been so kind to assist me - I wish I could give you some homemade brownies or a dollar to buy yourself the multi-million dollar winning lottery ticket! My thanks and future donation to the forum will simply have to suffice.

Auntie Mame

#11 TheJoker

Forum Deity

Global Moderator
12,506 posts

Posted 18 November 2012 - 05:13 PM

I also uninstalled Hijack This ... now I am thinking you may have wanted me to keep this a bit longer.

No, I should have listed it to remove also, no need for it, and it's not as useful as it used to be.

Should I keep KSS and ESET? I'd like to leave them as reminders to myself of online scanners to run,

That's fine, and a good idea. They should update when you run them.

Hopefully, the teen won't be able to download P2P software now that I've password protected the administrator account (correct?) and gave him his own user account.

As long as he doesn't get an administrator account (do your parents have an administrator account he might get access to).

Unfortunately, your link to MVPHOSTS gave me a server error. Would you have a different link to the file or know of safe site from which to download it?

I fixed the link above (it's also in my signature). The period I had at the end of the line was the problem.

I definitely want this file, as well as SpywareGuard

You may want to try SpywareBlaster instead, as it works through settings and doesn't require any memory.

Should I run any final scans or do anything beyond what I just mentioned above?

Nothing else to do at this point, you are all through. :thumbup:

My thanks and future donation to the forum will simply have to suffice.

And we thank you greatly for that.

#12 Auntie Mame

Member

Full Member
8 posts

Posted 18 November 2012 - 05:40 PM

I don't think he has access to an administrator account. The account with which I first posted to this forum was an account my parents had been using. I password-protected it, renamed another account "Ramon-Leticia," and created new user accounts for the teens and a younger grandchild. The Manage Accounts page indicates only 1 Administrator account, with the others as "Standard Users." So, we are good, yes?

Again, I thank you (and everyone at this forum) for helping!

#13 TheJoker

Forum Deity

Global Moderator
12,506 posts

Posted 18 November 2012 - 05:43 PM

So, we are good, yes?

You should be fine now.

#14 TheJoker

Forum Deity

Global Moderator
12,506 posts

Posted 23 November 2012 - 10:25 PM

Glad we could help.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Resolved or inactive Malware Removal

2 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Bing (1)

Babylon.Toolbar, svchost.exe, and others

2 user(s) are reading this topic

Sign In