Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe help in fixing


  • This topic is locked This topic is locked
10 replies to this topic

#1 mreaglewo1

mreaglewo1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 28 September 2014 - 07:49 PM

Hopefully someone can help me fix this. it makes my computer run 100% cpu and slow it down like a brick. Also, it creates adobe pdf document command boxes to appear for me to click okay .

 

  



BC AdBot (Login to Remove)

 


#2 mreaglewo1

mreaglewo1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 28 September 2014 - 08:27 PM

frst log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-09-2014 02
Ran by STEVEN (administrator) on PC on 28-09-2014 20:53:59
Running from C:\Users\STEVEN\Downloads
Loaded Profile: STEVEN (Available profiles: STEVEN & Use this one)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe
(AOL LLC) C:\Program Files\Common Files\aol\acs\AOLacsd.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
( ) C:\Windows\System32\lxczcoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(IDT, Inc.) C:\Windows\System32\stacsv.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(Microsoft Corporation) C:\Windows\winsxs\x86_microsoft-windows-ehome-ehtray_31bf3856ad364e35_6.0.6001.18000_none_2ad90dbf6d091834\ehtray.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3444736 2007-12-12] (Dell Inc.)
HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.)
HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1217096930\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [159744 2007-09-07] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797008 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Run: [Exetender] => C:\Program Files\Verizon Games on Demand Player\GPlayer.exe [2056704 2008-05-29] (Exent Technologies Ltd.)
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [Exetender] => C:\Program Files\Verizon Games on Demand Player\GPlayer.exe [2056704 2008-05-29] (Exent Technologies Ltd.)
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {08ca3d70-7aeb-11de-8d7e-00038a000015} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {55a2dbb3-7e2c-11dd-ac84-00038a000015} - JDSecure\Windows\JDSecure20.exe
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {85b2426c-9bfc-11df-b9e4-00038a000015} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {d8e678ed-a5b0-11e0-affa-00038a000015} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {e00c8a5a-1b17-11df-818f-00038a000015} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {ff660a48-518d-11df-aeb4-00038a000015} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {ff660a65-518d-11df-aeb4-00038a000015} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {ffecfafb-4709-11de-9d49-00038a000015} - H:\RECYCLER\help.exe
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2009-12-05] (Google)
AppInit_DLLs:  C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2009-12-05] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\STEVEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\STEVEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\STEVEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080620
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
URLSearchHook: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Zynga Toolbar -> {7b13ec3e-999a-4b70-b9cb-2617b8323822} -> C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> c:\program files\google\googletoolbar2.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
Toolbar: HKLM - ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
Toolbar: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)
Toolbar: HKCU - &Google - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
Toolbar: HKCU - ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
Toolbar: HKCU - Zynga Toolbar - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.mybsa.org/dana-cached/sc/JuniperSetupClient.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll [79224] (Juniper Networks)
Winsock: Catalog5 06 C:\Program Files\Juniper Networks\Secure Application Manager\samnsp.dll [79224] (Juniper Networks)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\STEVEN\AppData\Roaming\Mozilla\Firefox\Profiles\jx79sdyc.default
FF SelectedSearchEngine: AVG Secure Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files\Verizon Games on Demand Player ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @skyhookwireless.com/LokiPlugin,version=2.7.2.18 -> C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\2.7.2.18\loki.dll (Skyhook Wireless)
FF Plugin: @skyhookwireless.com/LokiPlugin,version=3.1.0.05 -> C:\Program Files\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\STEVEN\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\STEVEN\AppData\Roaming\Mozilla\Firefox\Profiles\jx79sdyc.default\searchplugins\startnow.xml
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-09-27]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-31]
 
Chrome: 
=======
CHR CustomProfile: C:\Users\STEVEN\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\STEVEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-11]
CHR Extension: (Google Wallet) - C:\Users\STEVEN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-30]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144712 2009-06-05] (Apple Inc.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [153072 2014-03-28] (Coupons.com Inc.)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-05-18] (Teruten) [File not signed]
S3 GoogleDesktopManager-110309-193829; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2009-12-05] (Google)
R2 LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2013-11-27] (LeapFrog Enterprises, Inc.) [File not signed]
R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [537520 2007-04-19] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2007-12-12] (Dell Inc.) [File not signed]
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2014-04-15] (AVG Technologies CZ, s.r.o.)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-05-18] () [File not signed]
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [8320 2007-03-08] (GARMIN Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R1 NEOFLTR_630_13881; C:\Windows\system32\Drivers\NEOFLTR_630_13881.SYS [64480 2009-01-23] (Juniper Networks)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21520 2010-07-21] (Microsoft Corporation)
S3 NWUSBCDFIL; C:\Windows\System32\DRIVERS\NwUsbCdFil.sys [20480 2009-06-15] (Novatel Wireless Inc.)
S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [174720 2009-06-03] (Novatel Wireless Inc.)
S3 PTDMBus; C:\Windows\System32\DRIVERS\PTDMBus.sys [29952 2007-08-17] (DEVGURU Co,LTD.)
S3 PTDMMdm; C:\Windows\System32\DRIVERS\PTDMMdm.sys [41856 2007-08-17] (DEVGURU Co,LTD.)
S3 PTDMVsp; C:\Windows\System32\DRIVERS\PTDMVsp.sys [39936 2007-08-17] (DEVGURU Co,LTD.)
S3 PTDMWWAN; C:\Windows\System32\DRIVERS\PTDMWWAN.sys [59520 2007-08-17] (DEVGURU Co,LTD.)
S3 PTDUBus; C:\Windows\System32\DRIVERS\PTDUBus.sys [29824 2008-03-11] (DEVGURU Co,LTD.)
S3 PTDUMdm; C:\Windows\System32\DRIVERS\PTDUMdm.sys [41344 2008-03-11] (DEVGURU Co,LTD.)
S3 PTDUVsp; C:\Windows\System32\DRIVERS\PTDUVsp.sys [39936 2008-03-11] (DEVGURU Co,LTD.)
S3 PTDUWWAN; C:\Windows\System32\DRIVERS\PTDUWWAN.sys [59776 2008-03-11] (DEVGURU Co,LTD.)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2009-03-20] (Smith Micro Inc.)
S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [98560 2009-10-08] (MCCI Corporation)
S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [14848 2009-10-08] (MCCI Corporation)
S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [123648 2009-10-08] (MCCI Corporation)
S3 V0330VID; C:\Windows\System32\DRIVERS\V0330Vid.sys [157696 2007-08-08] (Creative Technology Ltd.)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
R2 X4HSX32Ex; C:\Program Files\Verizon Games on Demand Player\X4HSX32Ex.Sys [29856 2007-11-14] (Exent Technologies Ltd.)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]
S3 SymIMMP; system32\DRIVERS\SymIM.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-28 20:53 - 2014-09-28 21:08 - 00024882 _____ () C:\Users\STEVEN\Downloads\FRST.txt
2014-09-28 20:53 - 2014-09-28 20:54 - 00000000 ____D () C:\FRST
2014-09-28 20:52 - 2014-09-28 20:52 - 01100288 _____ (Farbar) C:\Users\STEVEN\Downloads\FRST.exe
2014-09-28 20:52 - 2014-09-28 20:52 - 00415232 _____ (Farbar) C:\Users\STEVEN\Downloads\FSS.exe
2014-09-28 09:11 - 2014-09-28 20:17 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-28 09:05 - 2014-09-28 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-28 09:05 - 2014-09-28 09:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-28 09:05 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-28 09:05 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-27 21:44 - 2014-09-27 21:44 - 00000000 __SHD () C:\found.016
2014-09-27 00:55 - 2014-09-27 01:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 10:45 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-16 00:29 - 2014-08-15 10:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-16 00:29 - 2014-08-15 10:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-16 00:29 - 2014-08-15 10:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-16 00:29 - 2014-08-15 10:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-16 00:29 - 2014-08-15 10:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-16 00:29 - 2014-08-15 10:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-16 00:29 - 2014-08-15 10:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-16 00:29 - 2014-08-15 10:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-16 00:29 - 2014-08-15 10:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-16 00:29 - 2014-08-15 10:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-16 00:29 - 2014-08-15 10:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-16 00:29 - 2014-08-15 10:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-16 00:29 - 2014-08-15 10:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-16 00:29 - 2014-08-15 10:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-16 00:29 - 2014-08-15 10:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-16 00:29 - 2014-08-15 10:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-16 00:29 - 2014-08-15 10:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-16 00:29 - 2014-08-15 10:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-16 00:29 - 2014-08-15 10:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-16 00:29 - 2014-08-15 10:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-16 00:29 - 2014-08-15 10:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-05 00:11 - 2014-09-05 00:11 - 00000000 ____D () C:\Users\STEVEN\AppData\Local\Adobe
2014-09-01 11:46 - 2014-09-01 11:47 - 00000000 ____D () C:\Users\STEVEN\Desktop\DAWN BSA FLASH DRIVE
2014-08-30 23:31 - 2014-08-22 21:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-30 23:31 - 2014-08-22 19:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-28 20:51 - 2012-03-31 11:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-28 20:48 - 2014-04-30 17:17 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-28 20:15 - 2014-04-30 17:17 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-28 20:14 - 2008-06-20 09:44 - 02080329 _____ () C:\Windows\WindowsUpdate.log
2014-09-28 20:07 - 2008-07-15 10:43 - 00000430 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-28 20:07 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-28 20:07 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-28 20:07 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-28 17:03 - 2006-11-02 09:01 - 00032572 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-28 16:20 - 2013-07-12 08:40 - 00125316 _____ () C:\Windows\PFRO.log
2014-09-28 16:20 - 2012-10-08 22:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-28 10:51 - 2009-05-30 18:35 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-09-28 09:41 - 2010-11-30 17:06 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-28 09:05 - 2010-03-30 21:56 - 00000000 ____D () C:\Users\STEVEN\AppData\Roaming\Malwarebytes
2014-09-28 09:05 - 2010-03-30 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-28 09:05 - 2010-03-30 21:56 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-09-24 20:59 - 2014-04-30 17:18 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-24 11:03 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-09-24 10:52 - 2012-03-31 11:32 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 10:52 - 2011-06-07 10:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-21 23:02 - 2006-11-02 06:33 - 00836254 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-20 23:27 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-16 00:29 - 2008-08-04 00:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 23:04 - 2013-07-22 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-15 23:04 - 2006-11-02 06:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-15 22:24 - 2008-07-28 15:20 - 00006648 _____ () C:\Users\STEVEN\AppData\Local\d3d9caps.dat
2014-08-30 23:40 - 2006-11-02 08:47 - 00391872 _____ () C:\Windows\system32\FNTCACHE.DAT
 
ZeroAccess:
C:\Users\STEVEN\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}
C:\Users\STEVEN\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@
C:\Users\STEVEN\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L\00000004.@
 
Some content of TEMP:
====================
C:\Users\STEVEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu5zhmc.dll
C:\Users\STEVEN\AppData\Local\Temp\install_flashplayer13x32au_chrd_awa_aih.exe
C:\Users\STEVEN\AppData\Local\Temp\_is31BC.exe
C:\Users\STEVEN\AppData\Local\Temp\{318F6346-D918-4BDE-9044-50A45ADCA829}-35.0.1916.114_chrome_installer.exe
C:\Users\Use this one\AppData\Local\Temp\rtdrvmon.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-28 20:20
 
==================== End Of Log ============================


#3 mreaglewo1

mreaglewo1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 28 September 2014 - 08:29 PM

addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-09-2014 02
Ran by STEVEN at 2014-09-28 21:11:19
Running from C:\Users\STEVEN\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 8.3.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A83000000003}) (Version: 8.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.6.606 - Adobe Systems, Inc.)
AIM 7 (HKLM\...\AIM_7) (Version:  - )
Amazon Cloud Drive (HKLM\...\{9F1EC361-9231-4FAD-8956-3846D0D858F0}) (Version: 0.09.14.0 - Amazon.com)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM\...\{3FA365DF-2D68-45ED-8F83-8C8A33E65143}) (Version: 1.1.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}) (Version: 2.6.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ArcSend (HKCU\...\d262750fd99cc467) (Version: 1.0.0.411 - Web Essentials Pty. Ltd.)
Are You Smarter Than A 5th Grader - Promotion (HKLM\...\exent_559650) (Version:  - )
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4031 - AVG Technologies) Hidden
AVG PC Tuneup (HKLM\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.27 - AVG)
Belarc Advisor 7.2 (HKLM\...\Belarc Advisor) (Version:  - )
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Bonjour Core for Windows (HKLM\...\{56DF5C9E-6392-46D3-B366-297B14E1DAAF}) (Version: 1.0.3 - Apple)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon MF5700 Series (HKLM\...\{11801011-D30E-4120-9A89-9A873B1D72DF}) (Version:  - )
Catalina Savings Printer (HKLM\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Cisco EAP-FAST Module (HKLM\...\{BF53252E-4AB2-4C7F-A0FD-6100755745E3}) (Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{76F9CF97-FC4B-4E20-B363-D127C888448F}) (Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{4E5386F5-C0F6-4532-A54A-374865AEAB71}) (Version: 1.0.12 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version:  - )
Convert AVI to MP4 (HKLM\...\{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1) (Version:  - convertavitomp4.com)
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.8) (Version: 5.0.0.8 - Coupons.com Incorporated)
Creative Live! Cam Center (HKLM\...\Creative Live! Cam Center) (Version:  - )
Creative WebCam Vista/Live! Cam Chat Driver (1.11.01.00) (HKLM\...\Creative VF0330) (Version:  - )
CRXIR2Redist (HKLM\...\{1128ED5F-2940-4CC9-BAD3-9C2E7484A0C2}) (Version: 1.0.0 - Business Objects)
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.102.7 - Alps Electric)
Dell Wireless WLAN Card (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.25.12 - Dell Inc.)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Dropbox (HKCU\...\Dropbox) (Version: 2.8.4 - Dropbox, Inc.)
EasyGPS 4.18 (HKLM\...\EasyGPS_is1) (Version: 4.18 - TopoGrafix)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Garmin Communicator Plugin (HKLM\...\{86B879A5-927E-4536-B5FC-17CA96B60078}) (Version: 2.6.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{B1102A25-3AA3-446B-AA0F-A699B07A02FD}) (Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM\...\{366FFC89-C800-4366-B903-B9C4314109A5}) (Version: 2.4.1.1 - Garmin Ltd or its subsidiaries)
GeoBuddy 3.0 (HKLM\...\GeoBuddy_is1) (Version: 3.0 - TopoGrafix)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.0911.03589 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )
Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Goombah Partner COM Server (HKLM\...\{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}) (Version: 1.0.2.0 - Emergent Music LLC)
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
GrandPrix Race Manager v7 (HKLM\...\GrandPrix Race Manager v7_is1) (Version: 7.0.1121 - Lisano Enterprises)
GSAK 7.2.3.35 (Final) (HKLM\...\GSAK_is1) (Version:  - CWE computer services)
ieSpell (HKLM\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
iTunes (HKLM\...\{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}) (Version: 9.0.2.25 - Apple Inc.)
Java Auto Updater (Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 37 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.370 - Oracle)
Java™ 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Jewel Quest - Promotion (HKLM\...\exent_559750) (Version:  - )
Juniper Networks Secure Application Manager (HKLM\...\Neoteris_Secure_Application_Manager) (Version: 6.3.0.13881 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 1.3.2.12005 - Juniper Networks)
LeapFrog Connect (HKLM\...\UPCShell) (Version: 5.2.4.18506 - LeapFrog)
LeapFrog Connect (Version: 5.2.4.18506 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (Version: 5.2.1.18456 - LeapFrog) Hidden
LeapFrog My Pals Plugin (Version: 5.1.26.18340 - LeapFrog) Hidden
Lexmark 1200 Series (HKLM\...\Lexmark 1200 Series) (Version:  - Lexmark International, Inc.)
Loki ActiveX Control (HKLM\...\Loki ActiveX Control) (Version: 3.1.0.05 - SkyhookWireless)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 2.0.181.2 - McAfee, Inc.)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.0 (HKLM\...\{00F93853-D9D3-4795-A89E-84CCBA0205C9}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL Inc.) Hidden
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mobile Broadband Generic Drivers (HKLM\...\Mobile Broadband Generic Drivers) (Version: 2.03.06.002.14 - Novatel Wireless)
Mobile Broadband Generic Drivers (Version: 2.03.06.002.14 - Novatel Wireless) Hidden
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.20.0 - Dell)
Motorola Driver Installation 3.2.0 (HKLM\...\{D6A1E429-CCE1-4140-A615-710B806D12BA}) (Version: 3.2.0 - Motorola Inc.)
Move Networks Media Player for Internet Explorer (HKCU\...\Move Networks Player - IE) (Version:  - )
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
MyITLab (HKLM\...\{E3048B3F-7350-4059-A316-AD3EC9A5559D}) (Version: 1.44.0 - Pearson Education)
MyITLab ActiveX Installer 2, 9, 8, 65535 (HKLM\...\MyITLab ActiveX Installer_is1) (Version:  - Pearson Education)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
NetZero Internet (HKLM\...\{6c651250-2eb2-11d5-8e33-0050dad72ac2}) (Version: NetZero QuickStart - NetZero, Inc.)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)
PANTECH PC USB Modem Software (HKLM\...\{B29B0066-547B-402c-9C0D-090E2F928A01}) (Version: 3.0.4.0823 - PANTECH CO,.LTD)
PANTECH UM175 Driver (HKLM\...\{C13AF9C7-8E06-4354-B629-DF6192CE4A66}) (Version: 3.0.14.517 - PANTECH CO,.LTD)
PC Connectivity Solution (HKLM\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
PrimoPDF (HKLM\...\PrimoPDF4.1.0.9) (Version: 4.1.0.9 - activePDF)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Prolific USB-Serial Comm Port Driver (HKLM\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 1.0.0.3 - Prolific Electronics Industries co.,ltd)
QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 8.2.17 - Dell Inc.)
QuickTime (HKLM\...\{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}) (Version: 7.65.17.80 - Apple Inc.)
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
RTC Client API v1.2 (HKLM\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
Ruckus Player (HKLM\...\Ruckus Player) (Version: 3.6.1.14618 - Ruckus Network, Inc.)
Samsung Digital Camera (HKLM\...\{8B79684C-6DAC-438C-8F30-10DF65C2068F}) (Version:  - )
Samsung Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.0.43 - Samsung)
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.2.912.17215 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Snappy Fax Version 4 (HKLM\...\Snappy Fax Version 4_is1) (Version: 4.1.1.1 - John Taylor & Associates)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2011 WinPerFedFormset (Version: 011.000.3351 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0496 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0222 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (Version: 011.000.0121 - Intuit Inc.) Hidden
Uniblue ProcessScanner (HKLM\...\ProcessScanner_is1) (Version:  - Uniblue)
Uninstall AOL Emergency Connect Utility 1.0 (HKLM\...\AOL Emergency Connect Utility 1.0) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin) (HKLM\...\MyPalsPlugin) (Version:  - LeapFrog)
Verizon Games on Demand Player (HKLM\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version:  - ) <==== ATTENTION
Verizon Wireless MiFi-2200 Firmware Updates (HKLM\...\{6BC271BA-C4ED-4BDA-8D80-437C0919F3E6}) (Version: 1.0.0 - Smith Micro Software, Inc.)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
VZAccess Manager (HKLM\...\{195F69A5-A4A0-421C-AC4B-2B2471C34037}) (Version: 7.0.140 - Smith Micro Software Inc.)
Webcam Plus (HKLM\...\{AF8F312F-2DAA-4F5D-B0B2-A1E3B3A75900}) (Version: 1.0.11 - EarthCam, Inc)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (03/08/2007 2.2.1.0) (HKLM\...\45A7283175C62FAC673F913C1F532C5361F97841) (Version: 03/08/2007 2.2.1.0 - Garmin)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0) (HKLM\...\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F) (Version: 10/12/2007 6.85.4.0 - Nokia)
Zynga Toolbar (HKLM\...\Zynga Toolbar) (Version: 6.3.6.2 - Zynga)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\STEVEN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{1853e19a-4e54-4190-8deb-2e1cc947cd60}\InprocServer32 -> C:\Program Files\AOL Desktop 9.6\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{4A06F2B5-8B96-4081-93E3-540EADB9AC35}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.6\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{7842F847-AC91-456E-9088-D2AEF7C80C43}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\STEVEN\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{B9F3009B-976B-41C4-A992-229DCCF3367C}\InprocServer32 -> C:\Program Files\AOL Desktop 9.6\axtrack.dll (AOL Inc.)
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Users\STEVEN\AppData\Roaming\Move Networks\ie_bin\qsp2ie07103010.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Users\STEVEN\AppData\Roaming\Move Networks\ie_bin\qsp2ie07103010.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\STEVEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\STEVEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\STEVEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\STEVEN\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Users\STEVEN\AppData\Roaming\Move Networks\ie_bin\qsp2ie07103010.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Users\STEVEN\AppData\Roaming\Move Networks\ie_bin\qsp2ie07103010.dll (Move Networks)
 
==================== Restore Points  =========================
 
02-09-2014 03:23:36 Scheduled Checkpoint
04-09-2014 15:20:38 Scheduled Checkpoint
05-09-2014 15:55:13 Scheduled Checkpoint
10-09-2014 04:08:55 Scheduled Checkpoint
16-09-2014 02:48:03 Windows Update
21-09-2014 13:30:50 Scheduled Checkpoint
24-09-2014 14:44:42 Windows Update
25-09-2014 13:50:39 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:23 - 2014-09-28 10:55 - 00450691 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BBCB685-09D1-4A13-9FFD-D4AB9E324D97} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {80E73F7E-A6F9-4509-901D-E8220F7787E5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {8102222E-980C-4889-A0E4-7E7217B85DFB} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Use this one => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {CDA039D1-C089-49F0-91A3-0AF0CC1BBFD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-30] (Google Inc.)
Task: {D5DC30C5-B1AA-4458-85BB-7E0FFF3C68FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-30] (Google Inc.)
Task: {D95499AB-E021-4FB5-B754-F3EA27960904} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FBD76421-FA4E-45A1-B23B-C7C9FE8484D1} - System32\Tasks\{5989B9FF-F016-4B58-A860-FC81A24C2C05} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2008-06-20 15:00 - 2007-12-12 02:02 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2008-06-20 15:00 - 2007-12-12 02:01 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2009-01-02 22:23 - 2006-12-11 17:12 - 00176235 _____ () C:\Windows\System32\Primomonnt.dll
2008-08-11 11:42 - 2007-07-19 00:03 - 00027648 _____ () C:\Windows\System32\sfppm.dll
2014-09-24 20:59 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 20:59 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 20:59 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-24 20:59 - 2014-09-23 00:07 - 14891848 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Amazon Cloud Drive => C:\Users\STEVEN\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe
MSCONFIG\startupreg: AutoStartNPSAgent => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
MSCONFIG\startupreg: AVG-Secure-Search-Update_0913a => C:\Users\STEVEN\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 32bed567229260ce2093a223653a0c4d-a469876ffbe4601d8ec05e4fcc4d7565a79d988a --CMPID 0913a
MSCONFIG\startupreg: ccApp => "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
MSCONFIG\startupreg: CyberDefender Registry Cleaner => c:\program files\cyberdefender\registry cleaner\Startcdrc.exe
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
MSCONFIG\startupreg: Exetender => "C:\Program Files\Verizon Games on Demand Player\GPlayer.exe /runonstartup"
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: lxczbmgr.exe => "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Monitor => "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: ROC_ROC_APR2013_AV => C:\Users\STEVEN\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 32bed567229260ce2093a223653a0c4d-a469876ffbe4601d8ec05e4fcc4d7565a79d988a --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012
MSCONFIG\startupreg: Search Protection => C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
MSCONFIG\startupreg: SigmatelSysTrayApp => %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
MSCONFIG\startupreg: Snappy Fax Printer Agent => "C:\Program Files\Snappy Fax Version 4\sfpagent.exe"
MSCONFIG\startupreg: Snappy Fax Printer virtual printer agent => "C:\Program Files\Snappy Fax Version 4\sfpagent.exe"
MSCONFIG\startupreg: StartNow Search Protect => "C:\Program Files\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSCONFIG\startupreg: V0330Mon.exe => C:\Windows\V0330Mon.exe
MSCONFIG\startupreg: YSearchProtection => "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1959747433-2588856990-1375302061-500 - Administrator - Disabled)
Guest (S-1-5-21-1959747433-2588856990-1375302061-501 - Limited - Disabled)
STEVEN (S-1-5-21-1959747433-2588856990-1375302061-1000 - Administrator - Enabled) => C:\Users\STEVEN
Use this one (S-1-5-21-1959747433-2588856990-1375302061-1004 - Limited - Enabled) => C:\Users\Use this one
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/28/2014 08:07:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/28/2014 04:21:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/28/2014 11:11:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16575, time stamp 0x4549b14e, faulting module MSHTML.dll, version 9.0.8112.16575, time stamp 0x53ee1e4f, exception code 0xc0000005, fault offset 0x00260dbe,
process id 0x16b8, application start time 0xiexplore.exe0.
 
Error: (09/28/2014 10:41:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16575 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: ce8
Start Time: 01cfdb2a3486cf18
Termination Time: 20
 
Error: (09/28/2014 10:41:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16575 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1214
Start Time: 01cfdb28f2553608
Termination Time: 55
 
Error: (09/28/2014 10:01:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/28/2014 09:46:47 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.
 
 
Details:
This operation returned because the timeout period expired.   (0x800705b4)
 
Error: (09/28/2014 09:41:00 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.
 
 
Details:
This operation returned because the timeout period expired.   (0x800705b4)
 
Error: (09/28/2014 09:34:04 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.
 
 
Details:
This operation returned because the timeout period expired.   (0x800705b4)
 
Error: (09/28/2014 09:16:44 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.
 
 
Details:
This operation returned because the timeout period expired.   (0x800705b4)
 
 
System errors:
=============
Error: (09/28/2014 08:16:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (09/28/2014 08:16:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (09/28/2014 08:15:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}
 
Error: (09/28/2014 08:15:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/28/2014 08:14:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (09/28/2014 08:14:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (09/28/2014 08:08:20 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (09/28/2014 08:08:20 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
 
Error: (09/28/2014 08:07:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
Error: (09/28/2014 08:07:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: BCM42RLY%%2
 
 
Microsoft Office Sessions:
=========================
Error: (07/07/2014 07:16:32 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 407 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error: (07/06/2014 08:06:08 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1849 seconds with 1680 seconds of active time.  This session ended with a crash.
 
Error: (07/01/2014 04:58:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 108 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (06/29/2014 00:07:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 498 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error: (06/28/2014 11:59:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 439 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error: (06/28/2014 11:51:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 96 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (10/14/2013 10:34:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 61 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (10/14/2013 09:38:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3022 seconds with 2940 seconds of active time.  This session ended with a crash.
 
Error: (06/10/2012 11:50:30 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 308 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (03/02/2012 07:29:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 181 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-28 21:10:22.635
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 21:10:21.728
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 21:10:20.839
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 21:10:20.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 21:10:17.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 21:10:16.493
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 21:10:15.626
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 21:10:14.722
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 20:56:00.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-28 20:55:55.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 51%
Total physical RAM: 2037.31 MB
Available physical RAM: 989.52 MB
Total Pagefile: 4645.28 MB
Available Pagefile: 2522.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.05 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:136.74 GB) (Free:1.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:5.65 GB) NTFS
Drive f: () (Removable) (Total:7.39 GB) (Free:4.67 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=136.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:55 PM

Posted 29 September 2014 - 01:20 PM

Hi mreaglewo1 and Welcome to BleepingComputer

I am currently looking though your logs and will advice you on what to do in my next reply.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 mreaglewo1

mreaglewo1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 29 September 2014 - 03:52 PM

Thank you,

 

Looking to get rid of this asap lol.....can't do any work really on this since it is infected....

 

 

Thanks again



#6 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:55 PM

Posted 29 September 2014 - 05:07 PM

Hello mreaglewo1

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.
Warning Rootkit Detected


One or more of the identified infections is a rootkit.

This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the rootkit has been identified and can be killed, because ofhow it exploits your system, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this rootkit, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?


When Should I Format, How Should I Reinstall

We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I suggest a reformat of the system, but the decision is entirely up to you. If you would like me to try and fix the machine please follow the steps below:-

Step 1

[*]Click on Start -> Control Panel -> Add/Remove Programs
[*]Uninstall the following programs

Browser Address Error Redirector
Catalina Savings Printer
Coupon Printer for Windows
Download Updater
McAfee Security Scan Plus
Spybot - Search & Destroy
Verizon Games on Demand Player
Zynga Toolbar

[*]Close the Add/Remove Programs and Control Panel
[*]Restart your computer
[/list]Step 2

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt

CloseProcesses:HKU\S-1-5-19\...\Run: [Exetender] => C:\Program Files\Verizon Games on Demand Player\GPlayer.exe [2056704 2008-05-29] (Exent Technologies Ltd.)HKU\S-1-5-20\...\Run: [Exetender] => C:\Program Files\Verizon Games on Demand Player\GPlayer.exe [2056704 2008-05-29] (Exent Technologies Ltd.)HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: F - F:\LaunchU3.exe -aHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {08ca3d70-7aeb-11de-8d7e-00038a000015} - G:\LaunchU3.exe -aHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {55a2dbb3-7e2c-11dd-ac84-00038a000015} - JDSecure\Windows\JDSecure20.exeHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {85b2426c-9bfc-11df-b9e4-00038a000015} - H:\LaunchU3.exe -aHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {d8e678ed-a5b0-11e0-affa-00038a000015} - G:\LaunchU3.exe -aHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {e00c8a5a-1b17-11df-818f-00038a000015} - G:\LaunchU3.exe -aHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {ff660a48-518d-11df-aeb4-00038a000015} - F:\VZAccess_Manager.exe /z detectHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {ff660a65-518d-11df-aeb4-00038a000015} - F:\VZAccess_Manager.exe /z detectHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {ffecfafb-4709-11de-9d49-00038a000015} - H:\RECYCLER\help.exeHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearchHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearchHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearchURLSearchHook: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)SearchScopes: HKCU - DefaultScope {ABD93EAF-D775-BC54-E63B-2804F22FD156} URL = http://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20140315&user_guid=FA6AEC23542142A6A9AA581E80610D68&machine_id=697bd8ada2a275e4c6805d8443ec0726&browser=ie&os=win&os_version=6.0-x86-SP2SearchScopes: HKCU - {ABD93EAF-D775-BC54-E63B-2804F22FD156} URL = http://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20140315&user_guid=FA6AEC23542142A6A9AA581E80610D68&machine_id=697bd8ada2a275e4c6805d8443ec0726&browser=ie&os=win&os_version=6.0-x86-SP2BHO: Zynga Toolbar -> {7b13ec3e-999a-4b70-b9cb-2617b8323822} -> C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)Toolbar: HKLM - ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)Toolbar: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)Toolbar: HKCU - ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)Toolbar: HKCU - Zynga Toolbar - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files\Verizon Games on Demand Player ()FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\STEVEN\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)R2 X4HSX32Ex; C:\Program Files\Verizon Games on Demand Player\X4HSX32Ex.Sys [29856 2007-11-14] (Exent Technologies Ltd.)ZeroAccess:C:\Users\STEVEN\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}C:\Users\STEVEN\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@C:\Users\STEVEN\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L\00000004.@CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\STEVEN\AppData\Roaming\Catalina â Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4C:\Users\STEVEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu5zhmc.dllC:\Users\STEVEN\AppData\Local\Temp\install_flashplayer13x32au_chrd_awa_aih.exeC:\Users\STEVEN\AppData\Local\Temp\_is31BC.exeC:\Users\STEVEN\AppData\Local\Temp\{318F6346-D918-4BDE-9044-50A45ADCA829}-35.0.1916.114_chrome_installer.exeC:\Users\Use this one\AppData\Local\Temp\rtdrvmon.exeC:\Program Files\Verizon Games on Demand Player\C:\Program Files\Zynga\C:\Program Files\NetZero\C:\Program Files\McAfee Security Scan\C:\Program Files\Spybot - Search & Destroy\Folder: C:\found.016Hosts:EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Move FRST to your desktop !

Run FRST and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Step 3

Exit all running programs!

Download the RogueKiller office (created by Tigzy)

http://www.sur-la-toile.com/RogueKiller/

Click [Scan]

Then click [Report] Once the scan is complete, copy and paste the report on the forum.

(The report is also on the desktop)

Edited by seedy21, 29 September 2014 - 05:09 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#7 mreaglewo1

mreaglewo1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 29 September 2014 - 10:43 PM

fix log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-09-2014 02
Ran by STEVEN at 2014-09-29 23:24:45 Run:1
Running from C:\Users\STEVEN\Desktop
Loaded Profile: STEVEN (Available profiles: STEVEN & Use this one)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CloseProcesses:HKU\S-1-5-19\...\Run: [Exetender] => C:\Program Files\Verizon Games on Demand Player\GPlayer.exe [2056704 2008-05-29] (Exent Technologies Ltd.)HKU\S-1-5-20\...\Run: [Exetender] => C:\Program Files\Verizon Games on Demand Player\GPlayer.exe [2056704 2008-05-29] (Exent Technologies Ltd.)HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: F - F:\LaunchU3.exe -aHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {08ca3d70-7aeb-11de-8d7e-00038a000015} - G:\LaunchU3.exe -aHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {55a2dbb3-7e2c-11dd-ac84-00038a000015} - JDSecure\Windows\JDSecure20.exeHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {85b2426c-9bfc-11df-b9e4-00038a000015} - H:\LaunchU3.exe -aHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {d8e678ed-a5b0-11e0-affa-00038a000015} - G:\LaunchU3.exe -aHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {e00c8a5a-1b17-11df-818f-00038a000015} - G:\LaunchU3.exe -aHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {ff660a48-518d-11df-aeb4-00038a000015} - F:\VZAccess_Manager.exe /z detectHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {ff660a65-518d-11df-aeb4-00038a000015} - F:\VZAccess_Manager.exe /z detectHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {ffecfafb-4709-11de-9d49-00038a000015} - H:\RECYCLER\help.exeHKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearchHKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearchHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearchURLSearchHook: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)SearchScopes: HKCU - DefaultScope {ABD93EAF-D775-BC54-E63B-2804F22FD156} URL = http://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20140315&user_guid=FA6AEC23542142A6A9AA581E80610D68&machine_id=697bd8ada2a275e4c6805d8443ec0726&browser=ie&os=win&os_version=6.0-x86-SP2SearchScopes: HKCU - {ABD93EAF-D775-BC54-E63B-2804F22FD156} URL = http://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20140315&user_guid=FA6AEC23542142A6A9AA581E80610D68&machine_id=697bd8ada2a275e4c6805d8443ec0726&browser=ie&os=win&os_version=6.0-x86-SP2BHO: Zynga Toolbar -> {7b13ec3e-999a-4b70-b9cb-2617b8323822} -> C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)Toolbar: HKLM - ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)Toolbar: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)Toolbar: HKCU - ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)Toolbar: HKCU - Zynga Toolbar - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files\Verizon Games on Demand Player ()FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\STEVEN\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)R2 X4HSX32Ex; C:\Program Files\Verizon Games on Demand Player\X4HSX32Ex.Sys [29856 2007-11-14] (Exent Technologies Ltd.)ZeroAccess:C:\Users\STEVEN\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}C:\Users\STEVEN\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@C:\Users\STEVEN\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L\00000004.@CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\STEVEN\AppData\Roaming\Catalina â Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4C:\Users\STEVEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu5zhmc.dllC:\Users\STEVEN\AppData\Local\Temp\install_flashplayer13x32au_chrd_awa_aih.exeC:\Users\STEVEN\AppData\Local\Temp\_is31BC.exeC:\Users\STEVEN\AppData\Local\Temp\{318F6346-D918-4BDE-9044-50A45ADCA829}-35.0.1916.114_chrome_installer.exeC:\Users\Use this one\AppData\Local\Temp\rtdrvmon.exeC:\Program Files\Verizon Games on Demand Player\C:\Program Files\Zynga\C:\Program Files\NetZero\C:\Program Files\McAfee Security Scan\C:\Program Files\Spybot - Search & Destroy\Folder: C:\found.016Hosts:EmptyTemp:
*****************
 
Processes closed successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#8 mreaglewo1

mreaglewo1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:55 PM

Posted 29 September 2014 - 11:04 PM

rogue killer log:RogueKiller V9.2.13.0 [Sep 25 2014] by Adlice Software

 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : STEVEN [Admin rights]
Mode : Remove -- Date : 09/30/2014  00:05:39
 
¤¤¤ Bad processes : 1 ¤¤¤
[Tr.Poweliks] dllhost.exe -- [x] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 8 ¤¤¤
[Shell.HJ] HKEY_LOCAL_MACHINE\RK_Software_ON_D_D7BA\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> REPLACED (explorer.exe)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1959747433-2588856990-1375302061-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 2  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_D7BA\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_D7BA\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1959747433-2588856990-1375302061-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://my.netzero.net/s/search?r=minisearch  -> NOT SELECTED
[Tr.Poweliks] HKEY_USERS\S-1-5-21-1959747433-2588856990-1375302061-1000\Software\classes\clsid\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} -> DELETED
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 3 ¤¤¤
[ZeroAccess][File] @ -- C:\Users\STEVEN\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@ -> DELETED
[ZeroAccess][Folder] L -- C:\Users\STEVEN\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L -> DELETED
[ZeroAccess][File] 00000004.@ -- C:\Users\STEVEN\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L\00000004.@ -> DELETED
[ZeroAccess][Folder] U -- C:\Users\STEVEN\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\U -> DELETED
 
¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤
 
¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\DRIVERS\yk60x86.sys)
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 8e20e2251d7a1f1c1f53283b85b4d46a
[BSP] 32913c31cce9e5ae3fbce4a9cd321f11 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 10000 MB
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 20561920 | Size: 140026 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 307337216 | Size: 2559 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: SD Memory Card +++++
--- User ---
[MBR] 8a4a3f84a9eda68451f8bdccda84c484
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 8192 | Size: 7576 MB
Error reading LL1 MBR! ([1] Incorrect function. )
Error reading LL2 MBR! ([1] Incorrect function. )
 
 
============================================
RKreport_SCN_09302014_000000.log

Edited by mreaglewo1, 29 September 2014 - 11:07 PM.


#9 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:55 PM

Posted 30 September 2014 - 09:15 AM

Hi mreaglewo1
 
My Step 2 didn't work correctly, please complete this again.


Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 

CloseProcesses:
HKU\S-1-5-19\...\Run: [Exetender] => C:\Program Files\Verizon Games on Demand Player\GPlayer.exe [2056704 2008-05-29] (Exent Technologies Ltd.)
HKU\S-1-5-20\...\Run: [Exetender] => C:\Program Files\Verizon Games on Demand Player\GPlayer.exe [2056704 2008-05-29] (Exent Technologies Ltd.)
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {08ca3d70-7aeb-11de-8d7e-00038a000015} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {55a2dbb3-7e2c-11dd-ac84-00038a000015} - JDSecure\Windows\JDSecure20.exe
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {85b2426c-9bfc-11df-b9e4-00038a000015} - H:\LaunchU3.exe -a
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {d8e678ed-a5b0-11e0-affa-00038a000015} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {e00c8a5a-1b17-11df-818f-00038a000015} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {ff660a48-518d-11df-aeb4-00038a000015} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {ff660a65-518d-11df-aeb4-00038a000015} - F:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...\MountPoints2: {ffecfafb-4709-11de-9d49-00038a000015} - H:\RECYCLER\help.exe
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-1959747433-2588856990-1375302061-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
URLSearchHook: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)
SearchScopes: HKCU - DefaultScope {ABD93EAF-D775-BC54-E63B-2804F22FD156} URL = http://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20140315&user_guid=FA6AEC23542142A6A9AA581E80610D68&machine_id=697bd8ada2a275e4c6805d8443ec0726&browser=ie&os=win&os_version=6.0-x86-SP2
SearchScopes: HKCU - {ABD93EAF-D775-BC54-E63B-2804F22FD156} URL = http://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20140315&user_guid=FA6AEC23542142A6A9AA581E80610D68&machine_id=697bd8ada2a275e4c6805d8443ec0726&browser=ie&os=win&os_version=6.0-x86-SP2
BHO: Zynga Toolbar -> {7b13ec3e-999a-4b70-b9cb-2617b8323822} -> C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)
Toolbar: HKLM - ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
Toolbar: HKLM - Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)
Toolbar: HKCU - ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
Toolbar: HKCU - Zynga Toolbar - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files\Zynga\prxtbZyn2.dll (Conduit Ltd.)
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
FF Plugin: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files\Verizon Games on Demand Player ()
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\STEVEN\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 X4HSX32Ex; C:\Program Files\Verizon Games on Demand Player\X4HSX32Ex.Sys [29856 2007-11-14] (Exent Technologies Ltd.)
ZeroAccess:
C:\Users\STEVEN\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}
C:\Users\STEVEN\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\@
C:\Users\STEVEN\AppData\Local\{7faaaafa-cf14-2f74-3593-878a94dc601b}\L\00000004.@
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-1959747433-2588856990-1375302061-1000_Classes\CLSID\{AD848A76-F236-5EE2-819B-2BDE7ED40AE7}\InprocServer32 -> C:\Users\STEVEN\AppData\Roaming\Catalina – Print Savings\npBcsKtTcHW.dll (Catalina Marketing Corporation)
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
C:\Users\STEVEN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpu5zhmc.dll
C:\Users\STEVEN\AppData\Local\Temp\install_flashplayer13x32au_chrd_awa_aih.exe
C:\Users\STEVEN\AppData\Local\Temp\_is31BC.exe
C:\Users\STEVEN\AppData\Local\Temp\{318F6346-D918-4BDE-9044-50A45ADCA829}-35.0.1916.114_chrome_installer.exe
C:\Users\Use this one\AppData\Local\Temp\rtdrvmon.exe
C:\Program Files\Verizon Games on Demand Player\
C:\Program Files\Zynga\
C:\Program Files\NetZero\
C:\Program Files\McAfee Security Scan\
C:\Program Files\Spybot - Search & Destroy\
Folder: C:\found.016
Hosts:
EmptyTemp:

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

 

I also would like you to re-run Rougekiller and paste the content of the log in your next reply.


Edited by seedy21, 30 September 2014 - 09:15 AM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#10 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:55 PM

Posted 02 October 2014 - 10:27 AM

This is a 48 hour status check. We need to continue our troubleshooting to make sure there are no more threats on your machine. If you don't have any free time please reply back to this thread and we will keep it open.

If you don't reply back within 24 hours, this thread may be closed for inactivity.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:55 PM

Posted 04 October 2014 - 07:26 AM

Due to the lack of feedback/inactivity, this Topic is closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Response Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic. This applies only to the original poster. Everyone else please begin a New Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users