Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a redirect virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 dragon77

dragon77

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 28 August 2017 - 11:59 PM

for the past 2 or 3 months,  my online email page has changed to one of several other pages, including a warning that my computer is infected, immediately call some number, or a corporate page, or it just freezes my computer by manufacturing 1000 copies of an address. the threads of the ones I received today started with volumtrk3.solidcpm.com. as far as i can tell, this only happens from my email page, no other address or page, but i might be mistaken. i have followed your suggestion, downloaded the farbar recovery scan tool, and have the following logs. i would appreciate assistance in removing the problem. for all i know, it has been interfering with chrome, which lately has unexpected difficulty loading certain pages. again, i appreciate the help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
Ran by robert weinberger (administrator) on HERMES (29-08-2017 00:34:56)
Running from C:\Documents and Settings\robert weinberger\My Documents\Downloads
Loaded Profiles: robert weinberger (Available Profiles: robert weinberger & donna & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXBCES.EXE
(Lexmark International, Inc.) C:\WINDOWS\SYSTEM32\LEXPPS.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
() C:\Program Files\EASEUS\Todo Backup\bin\TodoBackupService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Software 2000 Limited) C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HP1006MC.EXE
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\wscntfy.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\taskmgr.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\dllhost.exe
() C:\Program Files\Microsoft Office\Office\WINWORD.EXE
(Juno, Inc.) C:\PROGRA~1\Juno\exec.exe
(Juno, Inc.) C:\PROGRA~1\Juno\exec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Miccant Ltd) C:\Carapro\cara.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-08-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [263232 2017-07-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03] (SUPERAntiSpyware.com)
Winlogon\Notify\avgrsstarter: avgrsstx.dll [X]
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-827989377-3166222912-961213895-1006\ DisallowedCertificates: CFF3305F035C33C8CC4F0C21FF84BB5B074EA9C0 (U)
HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\Run: [ROC_ROC_JAN2013_AV] => C:\Documents and Settings\robert weinberger\Application Data\AVG January 2013 Campaign\ROC_JAN2013_AV.exe [1234000 2013-01-17] ()
HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\Run: [Juno_uoltray] => C:\Program Files\Juno\exec.exe [1783296 2010-01-28] (Juno, Inc.)
HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-827989377-3166222912-961213895-1006\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmypics.scr [47104 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [CDRAutoRun] 0
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2017-07-12]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Documents and Settings\donna\Start Menu\Programs\Startup\PMB Media Check Tool.lnk [2009-06-07]
ShortcutTarget: PMB Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
BootExecute: autocheck autochk * Partizan
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{CADEF14D-EC95-404F-8D2C-799CF1A90860}: [DhcpNameServer] 209.18.47.62 209.18.47.61
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell4me.com/mywaybiz
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell4me.com/mywaybiz
URLSearchHook: [S-1-5-21-827989377-3166222912-961213895-1006] ATTENTION => Default URLSearchHook is missing
URLSearchHook: HKU\S-1-5-21-827989377-3166222912-961213895-1006 - URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\Juno\SearchEnh1.dll (Juno, Inc.)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-827989377-3166222912-961213895-1006 -> {3CCA4B1C-FEE3-4ABF-9CFB-3B14A8691F1B} URL = 
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-03-30] (RealPlayer)
BHO: No Name -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> No File
BHO: Pop-up Blocker -> {52706EF7-D7A2-49AD-A615-E903858CF284} -> C:\Program Files\Juno\qsacc\X1IEBHO.dll [2009-06-30] (Juno, Inc.)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO: DriveLetterAccess -> {5CA3D70E-1895-11CF-8E15-001234567890} -> C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13] (Sonic Solutions)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO: EpsonToolBandKicker Class -> {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} -> C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22] (SEIKO EPSON CORPORATION)
BHO: Juno Toolbar Helper -> {FE3098B1-04A3-41fd-8CA9-BEA39CB14C87} -> C:\Program Files\Juno\ucreg.dll [2010-01-28] (Juno, Inc.)
BHO: Juno DSL Toolbar Helper -> {FE3098B4-04A3-41fd-8CA9-BEA39CB14C87} -> C:\Program Files\Juno DSL\ucreg.dll [2010-11-19] (Juno, Inc.)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Juno DSL - {63B834D7-CFCD-442A-9B0A-921F54D3E792} - C:\Program Files\Juno DSL\Toolbar.dll [2010-11-19] (Juno, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-827989377-3166222912-961213895-1006 -> EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-827989377-3166222912-961213895-1006 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
DPF: {495DEA80-49C2-4891-94CD-C2016615D16F} hxxp://www.catalogds.com/dtd/pvcadview.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} hxxp://kohler1.view22.com/app/view22RTE.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} hxxp://download.abacast.com/download/files/abasetup161.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} hxxp://driveragent.com/files/driveragent.cab
DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} hxxp://update.hpphoto.com/download/HPSWUpdate.ocx
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\robert weinberger\Application Data\Mozilla\Firefox\Profiles\2utsj0xa.default-1489517751218 [2017-08-14]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: (RealPlayer Browser Record Plugin) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-03-30] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-15] [not signed]
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: (AVG Do Not Track) - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack [2012-07-06] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_27_0_0_117.dll [2017-08-23] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2011-03-30] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2011-03-30] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.633 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-03-30] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.633 -> c:\program files\real\realplayer\Netscape6\nprpjplug.dll [2011-03-30] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2014-10-08]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.lowes.com/pd/Anatolia-Tile-Ivory-Premium-Travertine-Corner-Shelf-Tile-Common-9-in-x-9-in-Actual-8-86-in-x-8-86-in/50048247","hxxp://webmaila.juno.com/webmail/new/7?count=1498583329&r=inbox&randid=388554048","hxxps://www.google.com/search?q=my+brower+has+been+hijacked&rlz=1C1AOHY_enUS708US709&oq=my+brower+has+been+hijacked&aqs=chrome..69i57j69i64.11422j0j8&sourceid=chrome&ie=UTF-8","hxxps://support.norton.com/sp/en/us/home/current/solutions/kb20100811171926EN_EndUserProfile_en_us","chrome://newtab/"
CHR Profile: C:\Documents and Settings\robert weinberger\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-08-29]
CHR Extension: (Google Docs) - C:\Documents and Settings\robert weinberger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Documents and Settings\robert weinberger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-28]
CHR Extension: (YouTube) - C:\Documents and Settings\robert weinberger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-25]
CHR Extension: (Google Search) - C:\Documents and Settings\robert weinberger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-28]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\robert weinberger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-07]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\robert weinberger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-09-27]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\robert weinberger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-28]
CHR Extension: (Gmail) - C:\Documents and Settings\robert weinberger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-03-30]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [273408 2017-08-23] (Adobe Systems Incorporated) [File not signed]
S4 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [1135728 2004-04-07] (America Online, Inc.)
S3 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [264432 2017-07-25] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5866488 2017-07-25] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-08-01] (AVG Technologies CZ, s.r.o.)
R2 EaseUS Agent; C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-06-03] (CHENGDU YIWO Tech Development Co., Ltd)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-07-25] (Oracle Corporation)
R2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [311296 2004-03-04] (Lexmark International, Inc.)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation) [File not signed]
S4 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
S4 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiskx.sys [135872 2017-07-25] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdriverx.sys [260616 2017-07-25] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidshx.sys [151024 2017-07-25] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgblogx.sys [270344 2017-07-25] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbunivx.sys [43992 2017-07-25] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [35264 2017-07-25] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [116344 2017-08-10] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr.sys [62528 2017-07-25] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [63280 2017-07-25] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [766728 2017-08-10] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [489416 2017-07-25] (AVG Technologies CZ, s.r.o.)
R3 avgStmXP; C:\WINDOWS\system32\drivers\avgStmXP.sys [195128 2017-07-25] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [288728 2017-07-25] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 Cdr4_2K; C:\WINDOWS\system32\Drivers\Cdr4_2K.sys [52816 2004-12-27] (Adaptec) [File not signed]
S1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [9200 2008-07-04] (Sonic Solutions)
R0 drvmcdb; C:\WINDOWS\System32\drivers\drvmcdb.sys [87136 2004-08-04] (Sonic Solutions) [File not signed]
R2 drvnddm; C:\WINDOWS\System32\drivers\drvnddm.sys [40544 2004-08-13] (Sonic Solutions) [File not signed]
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13192 2011-07-29] () [File not signed]
R0 EUBAKUP; C:\WINDOWS\System32\drivers\eubakup.sys [52008 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd)
R0 EUBKMON; C:\WINDOWS\System32\drivers\EUBKMON.sys [40744 2015-12-10] ()
R1 EUDSKACS; C:\WINDOWS\system32\drivers\eudskacs.sys [14888 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd)
R1 EUFDDISK; C:\WINDOWS\system32\drivers\EuFdDisk.sys [188840 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23904 2010-05-14] (Logitech Inc.)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [453632 2005-01-20] (Aladdin Knowledge Systems) [File not signed]
R2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2005-01-20] (Aladdin Knowledge Systems) [File not signed]
R3 IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [1339776 2005-05-06] (Intel Corporation)
R3 IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [618880 2006-03-01] (Intel Corporation)
R3 IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [47360 2005-05-06] (Intel Corporation)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2017-03-09] (Malwarebytes)
R3 mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [36880 2005-05-06] (Intel Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
U3 Partizan; C:\WINDOWS\System32\drivers\Partizan.sys [40304 2017-03-07] (Greatis Software) [File not signed]
R2 ppsio2; C:\WINDOWS\system32\Drivers\ppsio2.sys [22400 1999-04-01] () [File not signed]
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2016-02-02] (Secunia)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-05-06] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-05-06] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67656 2010-06-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 senfilt; C:\WINDOWS\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.) [File not signed]
R3 smwdm; C:\WINDOWS\System32\drivers\smwdm.sys [260352 2005-01-27] (Analog Devices, Inc.) [File not signed]
R1 sscdbhk5; C:\WINDOWS\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) [File not signed]
R1 ssrtln; C:\WINDOWS\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) [File not signed]
R2 tfsnboio; C:\WINDOWS\System32\dla\tfsnboio.sys [25723 2004-08-13] (Sonic Solutions) [File not signed]
R2 tfsncofs; C:\WINDOWS\System32\dla\tfsncofs.sys [34843 2004-08-13] (Sonic Solutions) [File not signed]
R2 tfsndrct; C:\WINDOWS\System32\dla\tfsndrct.sys [4123 2004-08-13] (Sonic Solutions) [File not signed]
R2 tfsndres; C:\WINDOWS\System32\dla\tfsndres.sys [2239 2004-08-13] (Sonic Solutions) [File not signed]
R2 tfsnifs; C:\WINDOWS\System32\dla\tfsnifs.sys [86202 2004-08-13] (Sonic Solutions) [File not signed]
R2 tfsnopio; C:\WINDOWS\System32\dla\tfsnopio.sys [14715 2004-08-13] (Sonic Solutions) [File not signed]
R2 tfsnpool; C:\WINDOWS\System32\dla\tfsnpool.sys [6363 2004-08-13] (Sonic Solutions) [File not signed]
R2 tfsnudf; C:\WINDOWS\System32\dla\tfsnudf.sys [98714 2004-08-13] (Sonic Solutions) [File not signed]
R2 tfsnudfa; C:\WINDOWS\System32\dla\tfsnudfa.sys [100603 2004-08-13] (Sonic Solutions) [File not signed]
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2007-03-21] (EnTech Taiwan) [File not signed]
R3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-03-03] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-03-03] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-29 00:34 - 2017-08-29 00:34 - 000000000 ____D C:\FRST
2017-08-22 20:13 - 2017-08-22 20:13 - 000162744 _____ C:\Documents and Settings\robert weinberger\My Documents\PRINCESS CRUISES – FLEET PERSONNEL – PERSONAL DATA SHEET.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-29 00:37 - 2004-12-26 04:28 - 000000000 ____D C:\Documents and Settings\robert weinberger\Local Settings\Temp
2017-08-29 00:34 - 2017-03-03 23:02 - 000556964 _____ C:\WINDOWS\ZAM.krnl.trace
2017-08-29 00:34 - 2017-03-03 23:01 - 000492926 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-08-29 00:18 - 2012-07-21 10:08 - 000000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-08-29 00:12 - 2010-02-06 03:28 - 000000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-08-28 18:12 - 2004-12-21 21:34 - 000032588 _____ C:\WINDOWS\SchedLgU.Txt
2017-08-28 14:41 - 2017-05-18 02:40 - 000000296 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job
2017-08-28 09:12 - 2010-02-06 03:28 - 000000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-08-28 02:54 - 2017-03-09 03:55 - 000000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2017-08-28 01:31 - 2011-12-14 15:43 - 000000000 ____D C:\WINDOWS\system32\NtmsData
2017-08-25 23:49 - 2004-12-26 14:22 - 000000000 ____D C:\Carapro
2017-08-24 22:45 - 2004-12-26 13:35 - 000000000 ____D C:\Documents and Settings\robert weinberger\My Documents\SALSA LIBRE
2017-08-24 18:22 - 2010-12-17 16:40 - 000000286 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-827989377-3166222912-961213895-1007.job
2017-08-23 22:18 - 2012-07-21 10:08 - 000807424 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-08-23 22:18 - 2011-10-03 19:44 - 000145408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-08-23 22:18 - 2004-12-21 21:13 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-23 13:33 - 2017-06-22 14:04 - 000000000 _____ C:\WINDOWS\system32\last.dump
2017-08-22 11:45 - 2017-04-15 20:23 - 000000302 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-827989377-3166222912-961213895-1006.job
2017-08-22 11:45 - 2010-10-29 17:12 - 000000310 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-827989377-3166222912-961213895-1006.job
2017-08-21 13:33 - 2017-06-06 13:40 - 000000000 _____ C:\Documents and Settings\robert weinberger\last.dump
2017-08-14 17:04 - 2017-07-04 13:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-10 02:41 - 2017-05-18 02:40 - 000766728 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgsnx.sys
2017-08-10 02:41 - 2017-05-18 02:40 - 000116344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmonflt.sys
2017-08-09 01:30 - 2004-12-21 21:14 - 000000000 ____D C:\WINDOWS\Registration
2017-08-08 11:46 - 2004-12-21 21:32 - 000002206 _____ C:\WINDOWS\system32\WPA.DBL
2017-08-08 11:46 - 2004-12-21 21:21 - 000000211 ___SH C:\BOOT.INI
2017-08-08 11:46 - 2004-08-10 15:04 - 000001030 _____ C:\WINDOWS\WIN.INI
2017-08-08 11:46 - 2004-08-10 14:57 - 000000227 _____ C:\WINDOWS\SYSTEM.INI
2017-08-08 11:45 - 2011-08-23 10:31 - 000000000 ____D C:\WINDOWS\system32\logishrd
2017-08-08 11:45 - 2004-12-21 21:33 - 000003710 _____ C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt
2017-08-08 11:44 - 2017-03-07 22:20 - 000000368 _____ C:\WINDOWS\system32\PARTIZAN.TXT
2017-08-08 11:44 - 2010-12-17 16:40 - 000000278 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-827989377-3166222912-961213895-1007.job
2017-08-08 11:44 - 2004-12-21 21:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-08 11:40 - 2011-02-01 00:55 - 000000117 _____ C:\WINDOWS\mail.ini
2017-08-03 21:55 - 2015-04-22 20:33 - 000000000 ____D C:\Documents and Settings\robert weinberger\Desktop\Steely%20Dan%20Collection
2017-07-31 09:44 - 2013-09-27 16:00 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-07-31 09:42 - 2004-12-26 04:28 - 000000178 ___SH C:\Documents and Settings\robert weinberger\NTUSER.INI
2017-07-31 09:42 - 2004-12-26 04:28 - 000000000 ____D C:\Documents and Settings\robert weinberger
 
==================== Files in the root of some directories =======
 
2012-01-11 22:56 - 2017-06-11 22:47 - 000000192 _____ () C:\Documents and Settings\robert weinberger\Application Data\default.rss
2005-12-29 12:08 - 2011-01-15 18:27 - 000012358 ____C () C:\Documents and Settings\robert weinberger\Application Data\PFP120JCM.{PB
2005-12-29 12:08 - 2011-01-15 18:27 - 000061678 ____C () C:\Documents and Settings\robert weinberger\Application Data\PFP120JPR.{PB
2005-02-09 12:09 - 2017-05-04 18:51 - 000054784 _____ () C:\Documents and Settings\robert weinberger\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-10 12:22 - 2012-06-10 12:22 - 000034764 _____ () C:\Documents and Settings\robert weinberger\Local Settings\Application Data\dt.dat
2011-03-20 10:34 - 2015-04-14 16:34 - 000000088 __RSH () C:\Documents and Settings\All Users\Application Data\EC490A7624.sys
2011-03-20 10:34 - 2015-04-14 16:35 - 000002516 ___SH () C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2011-02-02 13:09 - 2011-07-22 11:13 - 000550536 _____ () C:\Documents and Settings\All Users\Application Data\phn.dat
2015-02-08 19:05 - 2015-04-20 12:02 - 000001774 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
 
Some files in TEMP:
====================
2008-10-24 14:33 - 2008-10-24 14:33 - 001733120 _____ (Juno, Inc.) C:\Documents and Settings\donna\Local Settings\Temp\exec.exe
2008-10-24 13:30 - 2008-10-24 13:30 - 000079360 _____ () C:\Documents and Settings\donna\Local Settings\Temp\NullsoftHelper.dll
2008-10-24 14:33 - 2008-10-24 14:33 - 001765888 _____ (Juno, Inc.) C:\Documents and Settings\donna\Local Settings\Temp\uires.dll
2009-06-07 11:27 - 2007-08-30 22:12 - 000460248 ____R (Macrovision Corporation) C:\Documents and Settings\donna\Local Settings\Temp\_is6C.exe
2009-06-07 11:28 - 2007-08-30 22:12 - 000460248 ____R (Macrovision Corporation) C:\Documents and Settings\donna\Local Settings\Temp\_is71.exe
2009-06-07 11:31 - 2007-08-30 22:12 - 000460248 ____R (Macrovision Corporation) C:\Documents and Settings\donna\Local Settings\Temp\_is77.exe
2009-06-07 11:32 - 2007-08-30 22:12 - 000460248 ____R (Macrovision Corporation) C:\Documents and Settings\donna\Local Settings\Temp\_is78.exe
2009-06-07 11:33 - 2007-08-30 22:12 - 000460248 ____R (Macrovision Corporation) C:\Documents and Settings\donna\Local Settings\Temp\_is79.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-08-2017
Ran by robert weinberger (29-08-2017 00:37:38)
Running from C:\Documents and Settings\robert weinberger\My Documents\Downloads
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2004-12-26 08:28:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-827989377-3166222912-961213895-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
donna (S-1-5-21-827989377-3166222912-961213895-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\donna
Guest (S-1-5-21-827989377-3166222912-961213895-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-827989377-3166222912-961213895-1005 - Limited - Disabled)
robert weinberger (S-1-5-21-827989377-3166222912-961213895-1006 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\robert weinberger
SUPPORT_388945a0 (S-1-5-21-827989377-3166222912-961213895-1002 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG Antivirus (Enabled - Up to date) {81C62321-3C2A-4A1A-BF2F-52ED23B22B8B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4Sync (HKLM\...\4Sync) (Version:  - )
7-Zip 16.00 (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Abacast Client (HKLM\...\Abacast Client) (Version:  - )
ACDSee (HKLM\...\ACDSee) (Version:  - )
Acrobat.com (HKLM\...\{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}) (Version: 2.1.0 - Adobe Systems Incorporated) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.1.0.0 - Adobe Systems Incorporated)
Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version:  - )
Adobe Acrobat 4.0, 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 21.0.0.215 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 27.0.0.117 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 27.0.0.117 - Adobe Systems Incorporated)
Adobe Photoshop 6.0 (HKLM\...\Adobe Photoshop 6.0) (Version: 6.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08)  MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Advertising Center (HKLM\...\{B2EC4A38-B545-4A00-8214-13FE0E915E6D}) (Version: 0.0.0.2 - Nero AG) Hidden
America Online (Choose which version to remove) (HKLM\...\America Online us) (Version:  - )
AoA Audio Extractor 1.0 (HKLM\...\AoA Audio Extractor_is1) (Version:  - AoAMedia.Com)
AOL Coach Version 1.0(Build:20040229.1 en) (HKLM\...\AOLCoach) (Version:  - )
AOL Connectivity Services (HKLM\...\AOL Connectivity Services) (Version:  - )
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoImpression 6 (HKLM\...\{D03E7B00-CA85-4684-9321-1888873C34BD}) (Version: 6 - ArcSoft)
ArcSoft Print Creations (HKLM\...\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}) (Version:  - ArcSoft)
AVG (HKLM\...\{AAA44C6A-BB6F-46CA-918F-C88F02C8E301}) (Version: 1.201.2 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 17.5.3022 - AVG Technologies)
Banctec Service Agreement (HKLM\...\{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}) (Version: 1.10.0000 - Dell)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (HKLM\...\{E2662C24-B31E-4349-A084-32EB76E8B760}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
CameraDrivers (HKLM\...\{D37B7467-4BF8-40a9-AE17-4913AB155D85}) (Version: 9.0.0.156 - Hewlett-Packard) Hidden
CameraHelperMsi (HKLM\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.00.1774.0 - Logitech) Hidden
CameraUserGuides (HKLM\...\{58E5A4C6-6F2F-4347-8B32-CF40331292E5}) (Version: 9.0.0.156 - Hewlett-Packard) Hidden
Cara Additional Components (HKLM\...\Cara Additional Components) (Version:  - )
Cara Professional (HKLM\...\Cara Professional) (Version:  - )
Cards_Calendar_OrderGift_DoMorePlugout (HKLM\...\{E535C94A-B87F-4182-BEA8-1E9322078D3E}) (Version: 2.03.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.22 - Piriform)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)
Click to Call with Skype (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8153 - Skype Technologies S.A.)
Click'N Design 3D (HKLM\...\Click'N Design 3D) (Version: 4.x - Stomp Inc.)
Complete Repertory Millenium Edition (HKLM\...\Complete Repertory Millenium Edition) (Version:  - )
Core FTP LE 2.1 (HKLM\...\Core FTP LE 2.1) (Version:  - )
Corel PaintShop Photo Pro X3 (HKLM\...\_{DEAEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.242 - Corel Corporation)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version:  - )
Dell Driver Reset Tool (HKLM\...\{5905F42D-3F5F-4916-ADA6-94A3646AEE76}) (Version: 1.02.0000 - Dell Inc.)
Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version:  - )
Dell Photo Printer 720 (HKLM\...\Dell Photo Printer 720) (Version:  - )
Dell Picture Studio v3.0 (HKLM\...\{AF06CAE4-C134-44B1-B699-14FBDB63BD37}) (Version: 3.0.0 - Jasc Software, Inc.)
Dell Support 5.0.0 (630) (HKLM\...\DellSupport) (Version:  - )
DesignPro 5.4 Limited Edition (HKLM\...\{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}) (Version: 5.2.1201 - Avery Dennison) Hidden
DesignPro 5.4 Limited Edition (HKLM\...\InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}) (Version: 5.2.1201 - Avery Dennison)
DeviceDiscovery (HKLM\...\{93F54611-2701-454e-94AB-623F458D9E6B}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (HKLM\...\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.10 - BVRP Software, Inc)
Dolet 6 for Finale (HKLM\...\{C0CE0D74-00D5-46F4-BAC9-BF4975FC9B92}) (Version: 6.9 - MakeMusic)
Dropbox (HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
EarthLink setup files (HKLM\...\{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}) (Version: 2005.1.47.0 - EarthLink)
EaseUS Partition Master 9.1.1 Home Edition (HKLM\...\EaseUS Partition Master Home Edition_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 9.2 (HKLM\...\EaseUS Todo Backup_is1) (Version: 9.2 - CHENGDU YIWO Tech Development Co., Ltd)
EPSON Print CD (HKLM\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.60.000 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON R280 User's Guide (HKLM\...\Silent Package Run-Time Sample) (Version:  - )
EPSON Web-To-Page (HKLM\...\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}) (Version:  - )
erLT (HKLM\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
eSupportQFolder (HKLM\...\{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
Eusing Free Registry Cleaner (HKLM\...\Eusing Free Registry Cleaner) (Version:  - )
Finale 2000a (HKLM\...\Finale 2000a) (Version:  - )
Finale NotePad 2012 (HKLM\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
FMW 1 (HKLM\...\{9530731D-DCB3-4702-8295-7BABE1703877}) (Version: 1.222.1 - AVG Technologies) Hidden
Free File Opener v2011.6.0.4 (HKLM\...\Free File Opener_is1) (Version: 2011.6.0.4 - Free File Opener, LLC)
Garmin Lifetime Updater (HKLM\...\{69EB5C18-1222-41F1-8C75-69B5F55F4321}) (Version: 2.0.12 - Garmin)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth Plug-in (HKLM\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hightail Desktop App (HKLM\...\{74EE14D5-0E12-49C2-9C46-5C1F908BA0FC}) (Version: 2.4.7.1621 - Hightail)
HP Imaging Device Functions 9.0 (HKLM\...\HP Imaging Device Functions) (Version: 9.0 - HP)
HP LaserJet P1000 series (HKLM\...\HP LaserJet P1000 series) (Version:  - )
HP Photo Imaging Software (HKLM\...\HP Photo Imaging Software) (Version:  - )
HP Photo Printing Software (HKLM\...\HP Photo Printing Software) (Version:  - )
HP Photosmart Cameras 9.0 (HKLM\...\{CF128F41-DB18-486a-BA2C-0525A2E15AAC}) (Version: 9.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Share-to-Web (HKLM\...\{748F4870-8350-11D3-B0BF-080009FB4A19}) (Version:  - )
HP Solution Center 9.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 9.0 - HP)
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPCarePackCore (HKLM\...\{7B02BF60-796D-4616-908B-B31A63CFDEFB}) (Version: 10.0.0.1 - Hewlett-Packard)
HPCarePackProducts (HKLM\...\{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}) (Version: 1.0.0.1 - HP) Hidden
hpicamDrvQFolder (HKLM\...\{452622B2-CFF1-4373-B773-141FC10A2AB6}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (HKLM\...\{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}) (Version: 2.03.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM\...\{AEA07F97-9088-497c-8821-0F36BD5DC251}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
ICA (HKLM\...\{DEAEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.242 - Corel Corporation) Hidden
ImagXpress (HKLM\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
InstantShareDevicesMFC (HKLM\...\{1F4BF9EA-847E-44FB-A728-C456116E6CEF}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Intel® 537EP V9x DF PCI Modem (HKLM\...\Intel® 537EP V9x DF PCI Modem) (Version:  - )
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Intel® PROSet for Wired Connections (HKLM\...\{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}) (Version: 8.00.5000 - Dell)
Internet Explorer Default Page (HKLM\...\{35BDEFF1-A610-4956-A00D-15453C116395}) (Version: 1.00.03 - Dell Inc.) Hidden
IPM_PSP_CL (HKLM\...\{DE99075E-7D25-4B96-B32E-BFE6FBFAA644}) (Version: 1.00.0000 - Your Company Name) Hidden
IPM_PSP_COM (HKLM\...\{DEF8C145-CC4F-4DAA-AD5C-E707C07AEE50}) (Version: 1.00.0000 - Your Company Name) Hidden
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Jasc Paint Shop Photo Album (HKLM\...\{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}) (Version: 4.0.4 - Jasc Software, Inc.)
Jasc Paint Shop Photo Album 5 (HKLM\...\{4192EAC0-6B36-4723-B216-D0E86E7757AC}) (Version: 5.1.0 - Jasc Software, Inc.)
Jasc Paint Shop Pro 8 Dell Edition (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.10.0000 - Jasc Software Inc)
Jasc Paint Shop Pro Studio, Dell Editon (HKLM\...\{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}) (Version: 1.00.0000 - Jasc Software Inc)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Juno Connection Center (remove only) (HKLM\...\Juno DSL) (Version:  - )
Juno Internet (HKLM\...\{a0296e52-6e9b-11d6-ace4-00105a0cf83f}) (Version: Juno QuickStart - United Online)
Learn2 Player (Uninstall Only) (HKLM\...\StreetPlugin) (Version:  - )
LightScribe System Software (HKLM\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
Links Tresorie (HKLM\...\{1C32C262-2A05-11D6-933B-00A0CC298E98}) (Version:  - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaFACE 4.01 (HKLM\...\{41979C2F-34B8-4F92-8111-B13C5864682D}) (Version: 4.01 - Fellowes) Hidden
MediaFACE 4.01 (HKLM\...\InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}) (Version: 4.01 - Fellowes)
MediaFACE 4.01 Image Library (HKLM\...\{82AF77BC-423D-42DA-BE5B-FFCA04752181}) (Version: 4.01 - Fellowes) Hidden
MediaFACE 4.01 Image Library (HKLM\...\InstallShield_{82AF77BC-423D-42DA-BE5B-FFCA04752181}) (Version: 4.01 - Fellowes)
Menu Templates - Starter Kit (HKLM\...\{B78120A0-CF84-4366-A393-4D0A59BC546C}) (Version: 9.6.0.0 - Nero AG) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version:  - )
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Plus! Digital Media Edition Installer (HKLM\...\{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}) (Version: 1.1.0.3514 - Microsoft Corporation)
Microsoft Plus! Photo Story 2 LE (HKLM\...\{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}) (Version: 1.1.0.3463 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 97 Invoice Sample Form (Remove only) (HKLM\...\Invoice) (Version:  - )
MIDI-OX (HKLM\...\{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}) (Version: 7.00.365 - MIDIOX Computing)
Modem Event Monitor (HKLM\...\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}) (Version:  - )
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version: 2.40 - BVRP Software)
Modem On Hold (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 1.12 - BVRP Software, Inc)
Movie Templates - Starter Kit (HKLM\...\{E498385E-1C51-459A-B45F-1721E37AA1A0}) (Version: 9.6.0.0 - Nero AG) Hidden
Mozilla Firefox 52.2.1 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.2.1 ESR (x86 en-US)) (Version: 52.2.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.2.1.6387 - Mozilla)
MrvlUsgTracking (HKLM\...\{02C85EC5-E864-4847-AF55-42730861004C}) (Version: 1.0.0 - Marvell)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB925673) (HKLM\...\{FE9126DB-5F84-495A-BB46-3C724F1C2D08}) (Version: 6.00.3888.0 - Microsoft Corporation)
Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.3.00.11130 - Sony Corporation)
Musicmatch for Windows Media Player (HKLM\...\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}) (Version: 0.00.000 - )
Musicmatch® Jukebox (HKLM\...\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}) (Version: 9.00.5100 - )
My Way Search Assistant (HKLM\...\{78D944D7-A97B-4004-AB0A-B5AD06839940}) (Version: 1.0.256 - MyWay.com) Hidden
Nero 9 Essentials (HKLM\...\{c242b26e-a53c-4790-87f7-fa19839e2b88}) (Version:  - Nero AG)
Netflix Movie Viewer (HKLM\...\{BCE72AED-3332-4863-9567-C5DCB9052CA2}) (Version: 1.2.211 - Netflix)
Pagis Pro 3.0 (HKLM\...\UNINSTPAGISPRO30) (Version:  - )
PanoStandAlone (HKLM\...\{730837D4-FF5E-48DB-BA49-33E732DFF0B3}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
PlanMaker Viewer (HKLM\...\PlanMaker Viewer) (Version:  - SoftMaker Software GmbH)
Primo (HKLM\...\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}) (Version: 1.00.0000 - Your Company Name) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PSPPContent (HKLM\...\{DE8B9311-ADE7-4EDE-B121-326CAA3D225D}) (Version: 1.00.0000 - Corel Corporation) Hidden
PSPPRO_DCRAW (HKLM\...\{DEF1928A-FC01-48E7-A7E6-4651D42EF6A1}) (Version: 13.0.0 - Corel Corporation) Hidden
PSSWCORE (HKLM\...\{09633A5E-3089-41A8-9FF1-382171423C5D}) (Version: 2.03.0000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Rand McNally Route Planner (HKLM\...\TripMaker) (Version:  - )
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 12.0) (Version:  - RealNetworks)
RealUpgrade 1.1 (HKLM\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RegCure 1.2.0.4 (HKLM\...\RegCure) (Version: 1.2.0.4 - RegCure, Inc.)
Release 5 for Cara Pro v1.4 (HKLM\...\Release 5 for Cara Pro v1.4) (Version:  - )
Runtime (HKLM\...\{DABF43D9-1104-4764-927B-5BED1274A3B0}) (Version: 1.00.0000 - Your Company Name) Hidden
save2pc Light 4.25 (HKLM\...\save2pc Light_is1) (Version:  - FDRLab)
Secunia PSI (3.0.0.11005) (HKLM\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia)
Shockwave (HKLM\...\Shockwave) (Version:  - )
Sibelius Scorch (ActiveX Only) (HKLM\...\{C7DD90E2-61F6-47F7-ADB3-8A61088F1F12}) (Version: 6.0.7 - Sibelius Software)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SmartFTP Client (HKLM\...\{7589FAD3-B7AB-4154-A7D3-49A69A6B1F8A}) (Version: 4.0.1054.0 - SmartSoft Ltd.)
SmartFTP Client 4.0 Setup Files (remove only) (HKLM\...\SmartFTP Client 4.0 Setup Files) (Version: 4.0 - SmartSoft Ltd)
SoftMaker FreeOffice (HKLM\...\{8EBB8452-274B-465D-8324-00B0832FBB02}) (Version: 1.0.3515 - SoftMaker Software GmbH)
SolutionCenter (HKLM\...\{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Sonic DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 4.95 - Sonic Solutions)
Sonic RecordNow! (HKLM\...\{9541FED0-327F-4DF0-8B96-EF57EF622F19}) (Version: 7.3 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{09DA4F91-2A09-4232-AB8C-6BC740096DE3}) (Version: 2.9 - Sonic Solutions)
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.02.12040 - Sony Corporation)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Status (HKLM\...\{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
SUPER © v2012.build.51 (April 7, 2012) version v2012.build.51 (HKLM\...\{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1) (Version: v2012.build.51 - eRightSoft)
SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.33.0.1000 - SUPERAntiSpyware.com)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TextMaker Viewer (HKLM\...\TextMaker Viewer) (Version:  - SoftMaker Software GmbH)
TrayApp (HKLM\...\{10E1E87C-656C-4D08-86D6-5443D28583BE}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
UnHackMe 9.0 (HKLM\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
UnloadSupport (HKLM\...\{543E938C-BDC4-4933-A612-01293996845F}) (Version: 9.0.0 - Hewlett-Packard) Hidden
VideoToolkit01 (HKLM\...\{22F761D1-8063-4170-ADF7-2D2F47834CA9}) (Version: 110.0.171.000 - Hewlett-Packard) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (HKLM\...\{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinX YouTube Downloader 3.0.3 (HKLM\...\WinX YouTube Downloader 3.0.3_is1) (Version:  - Digiarty Software, Inc.)
WordPerfect Office 12 (HKLM\...\{AF19F291-F22F-4798-9662-525305AE9E48}) (Version: 12.0.0.238 - Corel Corporation)
XML Paper Specification Shared Components Pack 1.0 (HKLM\...\XpsEPSC) (Version:  - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\robert weinberger\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{6884E12E-342A-463A-9703-1CA4148AAE05}\InprocServer32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe (Jasc Software, Inc.)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{6884E12E-342A-463A-9703-1CA4148AAE05}\localserver32 -> C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe (Jasc Software, Inc.)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\system32\MSVBVM60.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\robert weinberger\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\robert weinberger\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\robert weinberger\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\robert weinberger\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-827989377-3166222912-961213895-1006_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\robert weinberger\Application Data\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00001YSISyncComplete] -> {89B5F9CC-C4A2-462C-BD27-29CEAC972135} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00002YSISyncActive] -> {84B7BDFB-C50A-4335-B7C2-8AEC454F9E25} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00003YSISyncError] -> {306A9CDE-AC70-453A-8008-B5F9962B8F88} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00004YSILocalOnly] -> {23A7D2DC-F395-4E33-876C-84A2DFAB0EBB} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\Program Files\4Sync\ShellExt.dll [2012-05-25] (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\Program Files\4Sync\ShellExt.dll [2012-05-25] (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\Program Files\4Sync\ShellExt.dll [2012-05-25] (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: [4SyncOverlay4] -> {CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} => C:\Program Files\4Sync\ShellExt.dll [2012-05-25] (New IT Solutions Ltd)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\robert weinberger\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\robert weinberger\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\robert weinberger\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\robert weinberger\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll [2009-10-06] (SmartSoft Ltd)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2017-07-25] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [CopyPathExt] -> {7E41911F-13AA-11D3-A831-00104B9E30B5} =>  -> No File
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [2010-04-27] (Nero AG)
ContextMenuHandlers1: [MediaFaceExtension] -> {6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} => C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll [2003-08-18] (Fellowes, Inc.)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files\EaseUS\Todo Backup\bin\ImageSh.dll [2016-06-03] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [SmartFTP] -> {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} => C:\Program Files\SmartFTP Client\sfShellTools.dll [2009-10-06] (SmartSoft Ltd)
ContextMenuHandlers1: [SrchToolContextMenu] -> {4B83AF60-33CC-11CF-8562-00AA00A39D4B} => C:\Program Files\ScanSoft\Pagis\ctxmfind.dll [2000-05-04] (ScanSoft Inc.)
ContextMenuHandlers2: [CopyPathExt] -> {7E41911F-13AA-11D3-A831-00104B9E30B5} =>  -> No File
ContextMenuHandlers2: [DriveLetterAccess] -> {5CA3D70E-1895-11CF-8E15-001234567890} => C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13] (Sonic Solutions)
ContextMenuHandlers2: [RecordNow! ContextMenuExt] -> {E91B2703-013E-4A99-AD33-2B6FB00AA356} => C:\Program Files\Sonic\Sonic Solutions Product CD\RecordNow!\shlext.dll [2004-09-07] ()
ContextMenuHandlers2: [ShellExt] -> {6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} => C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll [2003-08-18] (Fellowes, Inc.)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files\EaseUS\Todo Backup\bin\ImageSh.dll [2016-06-03] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [000YSIFoldersContextMenu] -> {C831335E-77AB-4141-89B0-403FE0652164} => C:\Program Files\Hightail Desktop App\YSINSE.dll [2013-10-28] (Hightail Inc.)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers4: [CopyPathExt] -> {7E41911F-13AA-11D3-A831-00104B9E30B5} =>  -> No File
ContextMenuHandlers4: [MediaFaceExtension] -> {6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9} => C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll [2003-08-18] (Fellowes, Inc.)
ContextMenuHandlers4: [Pagis] -> {4B83AF6A-33CC-11CF-8562-00AA00A39D4B} => C:\Program Files\ScanSoft\Pagis\fldrcntx.dll [2000-05-04] (ScanSoft Inc.)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files\EaseUS\Todo Backup\bin\ImageSh.dll [2016-06-03] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers4: [SmartFTP] -> {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} => C:\Program Files\SmartFTP Client\sfShellTools.dll [2009-10-06] (SmartSoft Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2005-09-20] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-10] (Igor Pavlov)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2017-07-25] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [Pagis] -> {4B83AF6A-33CC-11CF-8562-00AA00A39D4B} => C:\Program Files\ScanSoft\Pagis\fldrcntx.dll [2000-05-04] (ScanSoft Inc.)
ContextMenuHandlers1_S-1-5-21-827989377-3166222912-961213895-1006: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\robert weinberger\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-827989377-3166222912-961213895-1006: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\robert weinberger\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-827989377-3166222912-961213895-1006: [DropboxExt] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\robert weinberger\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
 
==================== Scheduled Tasks=============================
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Antivirus Emergency Update.job => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\SetupAVG Technologiesጃ0606
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-827989377-3166222912-961213895-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-827989377-3166222912-961213895-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-827989377-3166222912-961213895-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-827989377-3166222912-961213895-1007.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Documents and Settings\robert weinberger\Favorites\Juno\Check Email.lnk -> hxxp://my.juno.com/s/buttons?r=inbo
Shortcut: C:\Documents and Settings\robert weinberger\Favorites\Juno\My Account.lnk -> hxxp://account.juno.com/s/account
Shortcut: C:\Documents and Settings\robert weinberger\Favorites\Juno\My Juno.lnk -> hxxp://www.juno.com/dsl/sp?cf=JUDSLC
Shortcut: C:\Documents and Settings\robert weinberger\Favorites\Juno\Software Download.lnk -> hxxp://www.juno.com/downloa
 
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\UnHackMe\Check for UnHackMe updates.lnk -> C:\Program Files\UnHackMe\GWebUpdate.exe (Greais Software) -> hxxp://greatis.com/unhackme.ini
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-05-18 02:38 - 2017-05-18 02:38 - 000171344 _____ () C:\Program Files\AVG\Antivirus\JsonRpcServer.dll
2017-07-05 08:07 - 2017-07-05 08:07 - 000193784 _____ () C:\Program Files\AVG\Antivirus\event_routing_rpc.dll
2017-07-05 08:07 - 2017-07-05 08:07 - 000225376 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
2017-08-08 03:17 - 2017-08-08 03:17 - 005887448 _____ () C:\Program Files\AVG\Antivirus\defs\17080800\algo.dll
2017-07-05 08:07 - 2017-07-05 08:07 - 000690392 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
2017-07-05 08:07 - 2017-07-05 08:07 - 000232784 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2017-08-26 05:27 - 2017-08-26 05:27 - 005891544 _____ () C:\Program Files\AVG\Antivirus\defs\17082600\algo.dll
2017-08-28 17:17 - 2017-08-28 17:17 - 005891544 _____ () C:\Program Files\AVG\Antivirus\defs\17082804\algo.dll
2012-10-23 11:33 - 2011-02-28 18:37 - 000180624 _____ () C:\WINDOWS\system32\Primomonnt.dll
2003-07-29 09:27 - 2003-07-29 09:27 - 000078336 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBCPP5C.dll
2006-03-26 18:10 - 2000-05-04 17:14 - 000628224 _____ () C:\Program Files\ScanSoft\Pagis\pgfolder.dll
2006-03-26 18:10 - 2000-05-04 17:08 - 000068096 _____ () C:\Program Files\ScanSoft\Pagis\PGFldRes.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000080936 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 001296424 _____ () C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000060968 _____ () C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000017448 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000088616 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2017-03-21 13:26 - 2016-06-03 12:12 - 000024768 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2017-03-21 13:26 - 2016-06-03 12:12 - 000188608 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2017-03-21 13:26 - 2016-06-03 12:12 - 000173760 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CMCAdapt.dll
2017-03-21 13:26 - 2016-06-03 12:13 - 000056512 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TBInfo.dll
2017-03-21 13:26 - 2016-06-03 12:12 - 000018112 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2017-03-21 13:26 - 2016-06-03 12:12 - 000128192 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActivationOnline.dll
2017-03-21 13:26 - 2016-06-03 12:13 - 000085184 _____ () C:\Program Files\EaseUS\Todo Backup\bin\logsys.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000030760 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000068136 _____ () C:\Program Files\EaseUS\Todo Backup\bin\MountImg.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000158248 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ImgFile.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000281128 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DsImgFile.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000072232 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CheckImg.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000139816 _____ () C:\Program Files\EaseUS\Todo Backup\bin\vhdvmdk.dll
2017-03-21 13:26 - 2016-06-03 12:12 - 000040128 _____ () C:\Program Files\EaseUS\Todo Backup\bin\BootDriver.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000769064 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000193064 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000443944 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidImage.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000148008 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EnumDisk.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000076840 _____ () C:\Program Files\EaseUS\Todo Backup\bin\FatLib.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000207912 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NTFSLib.dll
2017-03-21 13:26 - 2016-06-03 12:13 - 000114880 _____ () C:\Program Files\EaseUS\Todo Backup\bin\FileStorage.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000169512 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CloudInterface.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000501800 _____ () C:\Program Files\EaseUS\Todo Backup\bin\StorageMgr.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000024616 _____ () C:\Program Files\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000020520 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CorrectMbr.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000032296 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000034856 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000064040 _____ () C:\Program Files\EaseUS\Todo Backup\bin\RegLib.dll
2017-03-21 13:26 - 2016-06-03 12:12 - 000026816 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000059944 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NasOperator.dll
2017-03-21 13:26 - 2016-06-03 12:12 - 000220864 _____ () C:\Program Files\EaseUS\Todo Backup\bin\EmailBrowser.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000077864 _____ () C:\Program Files\EaseUS\Todo Backup\bin\CloudOperator.dll
2017-03-21 13:26 - 2016-06-03 12:12 - 000021184 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ActiveOnline.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000136232 _____ () C:\Program Files\EaseUS\Todo Backup\bin\VMConfig.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000020008 _____ () C:\Program Files\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000043048 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbDataSwap.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000353832 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DeviceManager.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000027176 _____ () C:\Program Files\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000138792 _____ () C:\Program Files\EaseUS\Todo Backup\bin\Device.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000146984 _____ () C:\Program Files\EaseUS\Todo Backup\bin\Partition.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000050216 _____ () C:\Program Files\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000061992 _____ () C:\Program Files\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000089640 _____ () C:\Program Files\EaseUS\Todo Backup\bin\Common.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000056360 _____ () C:\Program Files\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2017-03-21 13:26 - 2016-04-13 16:49 - 000432320 _____ () C:\Program Files\EaseUS\Todo Backup\bin\uexper.dll
2017-03-21 13:26 - 2016-06-03 12:15 - 000278720 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe
2017-03-21 13:26 - 2015-12-10 06:04 - 000224808 _____ () C:\Program Files\EaseUS\Todo Backup\bin\SmartBackup.dll
2016-12-12 14:01 - 2016-12-12 14:00 - 048920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2017-05-18 02:38 - 2017-05-18 02:38 - 000136048 _____ () c:\Program Files\AVG\Antivirus\vaarclient.dll
2017-03-21 13:26 - 2016-06-03 12:13 - 000204480 _____ () C:\Program Files\EaseUS\Todo Backup\bin\TbTapeHlp.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000039976 _____ () C:\Program Files\EaseUS\Todo Backup\bin\ImageName.dll
2017-03-21 13:26 - 2015-12-10 06:04 - 000068648 _____ () C:\Program Files\EaseUS\Todo Backup\bin\FsDsReader.dll
1997-07-11 01:00 - 1997-07-11 01:00 - 005324560 _____ () C:\Program Files\Microsoft Office\Office\WINWORD.EXE
1997-07-11 01:00 - 1997-07-11 01:00 - 001158416 _____ () C:\Program Files\Microsoft Office\Office\wwintl32.dll
1997-07-11 01:00 - 1997-07-11 01:00 - 003782416 _____ () C:\Program Files\Microsoft Office\Office\MSO97.DLL
2017-07-25 14:40 - 2017-07-25 14:40 - 001060280 _____ () C:\Program Files\AVG\Antivirus\AvChrome.dll
2017-05-18 02:38 - 2017-05-18 02:38 - 048936448 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2004-12-26 14:23 - 1999-07-13 09:41 - 000067584 _____ () C:\Carapro\CCCHNG32.dll
2004-08-04 07:00 - 2008-04-13 20:11 - 000059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-04 07:00 - 2008-04-13 20:11 - 000014336 _____ () C:\WINDOWS\system32\msdmo.dll
2016-09-06 17:57 - 2016-09-06 12:00 - 005197312 _____ () C:\Documents and Settings\robert weinberger\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-06 17:57 - 2016-09-06 12:00 - 000147456 _____ () C:\Documents and Settings\robert weinberger\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
2016-07-12 19:52 - 2016-07-06 18:01 - 017602240 _____ () C:\Documents and Settings\robert weinberger\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 [124]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7524 more sites.
 
IE trusted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\google.com -> hxxps://google.com
IE trusted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\internet -> internet
IE trusted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\juno.com -> hxxps://webmaila.juno.com
IE trusted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\mcafee.com -> hxxp://mcafee.com
IE trusted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\mcafee.com -> hxxps://mcafee.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-827989377-3166222912-961213895-1006\...\123simsen.com -> www.123simsen.com
 
There are 7524 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2004-08-04 07:00 - 2017-07-27 09:38 - 000614237 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1  localhost
127.0.0.1  fr.a2dfp.net
127.0.0.1  m.fr.a2dfp.net
127.0.0.1  ad.a8.net
127.0.0.1  asy.a8ww.net
127.0.0.1  abcstats.com
127.0.0.1  a.abv.bg
127.0.0.1  adserver.abv.bg
127.0.0.1  adv.abv.bg
127.0.0.1  bimg.abv.bg
127.0.0.1  ca.abv.bg
127.0.0.1  www2.a-counter.kiev.ua
127.0.0.1  track.acclaimnetwork.com
127.0.0.1  accuserveadsystem.com
127.0.0.1  www.accuserveadsystem.com
127.0.0.1  achmedia.com
127.0.0.1  aconti.net
127.0.0.1  secure.aconti.net
127.0.0.1  www.aconti.net #[Dialer.Aconti]
127.0.0.1  am1.activemeter.com
127.0.0.1  www.activemeter.com #[Tracking.Cookie]
127.0.0.1  ads.activepower.net
127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1  ad2games.com
127.0.0.1  cms.ad2click.nl
127.0.0.1  ads.ad2games.com
127.0.0.1  content.ad20.net
127.0.0.1  core.ad20.net
127.0.0.1  banner.ad.nu
127.0.0.1  cl21.v4.adaction.se
 
There are 14632 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-827989377-3166222912-961213895-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\ACD Wallpaper.bmp
DNS Servers: 209.18.47.62 - 209.18.47.61
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk => C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk => C:\WINDOWS\pss\Microsoft Find Fast.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk => C:\WINDOWS\pss\Office Startup.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pagis Schedule Monitor.lnk => C:\WINDOWS\pss\Pagis Schedule Monitor.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\WINDOWS\pss\Secunia PSI Tray.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^robert weinberger^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupreg: 4Sync => "C:\Program Files\4Sync\4Sync.exe" -startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AVG8_TRAY => 
MSCONFIG\startupreg: AvgUi => "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
MSCONFIG\startupreg: Corel Photo Downloader => "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: CXMon => "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
MSCONFIG\startupreg: DellSupport => "C:\Program Files\Dell Support\DSAgnt.exe" /startup
MSCONFIG\startupreg: dla => C:\WINDOWS\system32\dla\tfswctrl.exe
MSCONFIG\startupreg: EaseUs Tray => "C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe"
MSCONFIG\startupreg: EaseUs Watch => "C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe"
MSCONFIG\startupreg: FortKnoxPersonalFirewall => 
MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
MSCONFIG\startupreg: Google Update => 
MSCONFIG\startupreg: Hightail Sync Agent => "C:\Program Files\Hightail Desktop App\Hightail.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpbdfawep => C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
MSCONFIG\startupreg: hpqSRMon => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: IntelMeM => C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JunoDSL => "C:\Program Files\Juno DSL\ConnectionCenter.exe"
MSCONFIG\startupreg: Juno_uoltray => C:\PROGRA~1\Juno\exec.exe regrun
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: LWS => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: MCAgentExe => 
MSCONFIG\startupreg: MCUpdateExe => 
MSCONFIG\startupreg: MediaFace Integration => C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
MSCONFIG\startupreg: mmtask => "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
MSCONFIG\startupreg: MMTray => C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
MSCONFIG\startupreg: ModemOnHold => C:\PROGRA~1\MODEMO~1\MOH.exe
MSCONFIG\startupreg: MPFExe => 
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\Media Experience\PCMService.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RealTray => C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
MSCONFIG\startupreg: Share-to-Web Namespace Daemon => C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SMASH => "C:\Program Files\SoftMaker FreeOffice\smash.exe"
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe"  -osboot
MSCONFIG\startupreg: UnHackMe Monitor => C:\Program Files\UnHackMe\hackmon.exe
MSCONFIG\startupreg: UpdateManager => "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
MSCONFIG\startupreg: VirusScan Online => 
MSCONFIG\startupreg: VSOCheckTask => 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Enabled:AOL
DomainProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Enabled:America Online 9.0
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe] => Enabled:hpqpse.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe] => Enabled:hpqsudi.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe] => Enabled:hpqpsapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\MSMSGS.EXE] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\LEXPPS.EXE] => Disabled:LEXPPS.EXE
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HP1006MC.EXE] => Enabled:SMLMProxy Module - HP1006MC.EXE
StandardProfile\AuthorizedApplications: [C:\Program Files\Abacast\Abaclient.exe] => Disabled:Abaclient
StandardProfile\AuthorizedApplications: [C:\Program Files\America Online 9.0\waol.exe] => Disabled:America Online 9.0
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe] => Disabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe] => Disabled:AOL
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe] => Enabled:hpqpse.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe] => Enabled:hpqsudi.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe] => Enabled:hpqpsapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Real\RealPlayer\realplay.exe] => Disabled:RealPlayer
StandardProfile\AuthorizedApplications: [C:\Program Files\SmartFTP Client\SmartFTP.exe] => Enabled:SmartFTP Client 4.0
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\plugin\geplugin.exe] => Enabled:Google Earth
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\robert weinberger\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\rundll32.exe] => Enabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour Service
StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\EASEUS\Todo Backup\bin\TbService.exe] => Enabled:TbService.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\EASEUS\Todo Backup\bin\TBConsoleUI.exe] => Enabled:Local TBConsoleUI.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\EASEUS\Todo Backup\bin\TodoBackupService.exe] => Enabled:Local TodoBackupService.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
==================== Restore Points =========================
 
08-08-2017 05:19:18 System Checkpoint
09-08-2017 05:48:48 System Checkpoint
10-08-2017 06:48:49 System Checkpoint
11-08-2017 07:49:01 System Checkpoint
12-08-2017 08:48:48 System Checkpoint
13-08-2017 09:48:47 System Checkpoint
14-08-2017 09:58:32 System Checkpoint
15-08-2017 10:18:52 System Checkpoint
16-08-2017 10:48:16 System Checkpoint
17-08-2017 11:01:15 System Checkpoint
18-08-2017 11:48:20 System Checkpoint
19-08-2017 12:19:10 System Checkpoint
20-08-2017 12:19:41 System Checkpoint
21-08-2017 13:14:26 System Checkpoint
22-08-2017 13:43:28 System Checkpoint
23-08-2017 15:16:03 System Checkpoint
24-08-2017 15:16:23 System Checkpoint
25-08-2017 16:41:58 System Checkpoint
26-08-2017 17:37:39 System Checkpoint
28-08-2017 01:10:43 System Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/21/2017 03:10:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application exec.exe, version 8.8.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (08/21/2017 03:10:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application exec.exe, version 8.8.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (07/24/2017 11:34:04 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
 
Error: (07/24/2017 11:34:03 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (07/24/2017 11:34:01 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
 
Error: (07/13/2017 10:57:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application psia.exe, version 3.0.0.11005, faulting module psia.exe, version 3.0.0.11005, fault address 0x000b0edf.
Processing media-specific event for [psia.exe!ws!]
 
Error: (07/12/2017 11:23:31 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Apple Application Support (32-bit) -- Apple Application Support (32-bit) requires that your computer is running Windows 7 or newer.
 
Error: (07/12/2017 11:13:05 PM) (Source: MsiInstaller) (EventID: 11722) (User: NT AUTHORITY)
Description: Product: Adobe Flash Player 26 ActiveX -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1, location: C:\WINDOWS\TEMP\{D7830E9A-5E0C-4BD5-8724-0F89757EBF07}\InstallAX_26_0_0_137.exe, command: -install -msi -prev 26.0.0.133
 
Error: (07/12/2017 11:11:48 PM) (Source: MsiInstaller) (EventID: 11722) (User: NT AUTHORITY)
Description: Product: Adobe Flash Player 26 NPAPI -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1, location: C:\WINDOWS\TEMP\{0A95999C-4BF1-4DD7-9553-ED3BA6BB81A7}\InstallPlugin_26_0_0_137.exe, command: -install -msi -prev 26.0.0.133
 
Error: (06/23/2017 01:38:28 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application WINWORD.EXE, version 8.0.0.4412, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (08/08/2017 10:16:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor:  Intel® Pentium® 4 CPU 2.80GHz
Percentage of memory in use: 79%
Total physical RAM: 2045.98 MB
Available physical RAM: 416.63 MB
Total Virtual: 4394.52 MB
Available Virtual: 2287.48 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:71.55 GB) (Free:8.87 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive f: (Elements) (Fixed) (Total:232.88 GB) (Free:61.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 74.5 GB) (Disk ID: AB6A338F)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Active) - (Size=71.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2.9 GB) - (Type=DB)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 000395D8)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:23 AM

Posted 01 September 2017 - 09:02 AM

Greetings dragon77 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 dragon77

dragon77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 01 September 2017 - 09:52 AM

Hi Gary--Your time and help is much appreciated. Rob



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:23 AM

Posted 01 September 2017 - 10:37 AM

Thank you for your continued patience.

Can I assume you are referring to the Juno email page?

Which browser(s) does this happen with? I will assume for now it occurs at least with Firefox, your default browser.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
URLSearchHook: [S-1-5-21-827989377-3166222912-961213895-1006] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-827989377-3166222912-961213895-1006 -> {3CCA4B1C-FEE3-4ABF-9CFB-3B14A8691F1B} URL = 
BHO: No Name -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> No FileS3 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 [124]
ExportKey: HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CFF3305F035C33C8CC4F0C21FF84BB5B074EA9C0
ExportKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\CFF3305F035C33C8CC4F0C21FF84BB5B074EA9C0
cmd: type "C:\WINDOWS\mail.ini"
cmd: type "C:\Program Files\mozilla firefox\defaults\pref\itms.js"
File: C:\Program Files\AVG\SetupAVG Technologiesጃ0606
End::
  • Click Fix
  • Copy and paste the contents of the Fixlog.txt file in your reply.
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
  • Test your browser performance and if there is an issue with Firefox, complete the below
===================================================

Running Firefox in Browser Safe Mode

--------------------
  • Launch Firefox
  • Left click on the 3 bar menu icon in the upper right hand corner of the browser window
  • Click on the Question Mark to the right of Customize at the bottom of the window
  • Click Restart with Add-ons Disabled...
  • Click Restart
  • Check your email page
===================================================

Checking Firefox Sync Status

--------------------
  • Launch Firefox
  • In the address bar type about:preferences#sync and hit Enter
  • Under Firefox Account let me know if you see Disconnect... to the left of Manage Account
  • Under Sync across all devices list the items with check marks
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • Fixlog
  • AdwCleaner report
  • Firefox information
  • Update on computer/browser behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 dragon77

dragon77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 01 September 2017 - 11:10 AM

Hi Gary--I am about to begin. However, FYI,  I cannot find 'run as an administrator' in FRST by right clicking the icon. Perhaps that is a function of XP. Also, I usually have used Chrome for online work. If it makes no difference, I will begin the process, and report back when completed. Please advise.

Rob



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:23 AM

Posted 01 September 2017 - 11:15 AM

Hi Rob,

Sorry, you are right. XP automatically runs it as an Administrator.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 dragon77

dragon77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 01 September 2017 - 11:17 AM

Gary--Did you want me to copy the text and paste it into the Search box in FRST? Nothing apparently happened or was entered when I struck Control - C. Just confirming directions.

Rob



#8 dragon77

dragon77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 01 September 2017 - 11:20 AM

Gary-Did you mean Control -C to copy text, and then place it in the FRST Search box using Control V? Rob



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:23 AM

Posted 01 September 2017 - 11:21 AM

You won't see anything happen. It is copied to the hidden clipboard and when you hit Fix the program automatically merges the information for you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 dragon77

dragon77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 01 September 2017 - 12:20 PM

Gary--here is the Fixlog. However, I cannot open AdwCleaner. When I looked in Malwarebyes, it does not list Windows XP. When I attempt to open it, I get a message bar stating this is not a valid Win32 application. Is there an earlier version of it, or something else I can use for the same purpose?

I am still using Chrome. And, FYI, this problem is intermittent, or dormant, and then, every so often, it will activate itself. But, maybe it still causes interference, or a sluggish response, as Chrome seems to have been much slower at times lately, especially with certain sites.

Please advise. Thanks. Rob

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 20-08-2017
Ran by robert weinberger (01-09-2017 12:48:28) Run:1
Running from C:\Documents and Settings\robert weinberger\Desktop
Loaded Profiles: robert weinberger (Available Profiles: robert weinberger & donna & Administrator)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
 
CreateRestorePoint:
CloseProcesses:
URLSearchHook: [S-1-5-21-827989377-3166222912-961213895-1006] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-827989377-3166222912-961213895-1006 -> {3CCA4B1C-FEE3-4ABF-9CFB-3B14A8691F1B} URL = 
BHO: No Name -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> No FileS3 AppMgmt; C:\WINDOWS\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 [124]
ExportKey: HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CFF3305F035C33C8CC4F0C21FF84BB5B074EA9C0
ExportKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\CFF3305F035C33C8CC4F0C21FF84BB5B074EA9C0
cmd: type "C:\WINDOWS\mail.ini"
cmd: type "C:\Program Files\mozilla firefox\defaults\pref\itms.js"
File: C:\Program Files\AVG\SetupAVG Technologiesጃ0606
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-827989377-3166222912-961213895-1006\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3CCA4B1C-FEE3-4ABF-9CFB-3B14A8691F1B} => key removed successfully.
HKLM\Software\Classes\CLSID\{3CCA4B1C-FEE3-4ABF-9CFB-3B14A8691F1B} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} => key removed successfully.
HKLM\Software\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} => key not found. 
C:\Documents and Settings\All Users\Application Data\TEMP => ":0B4227B4" ADS removed successfully..
================== ExportKey: ===================
 
"HKLM\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates\CFF3305F035C33C8CC4F0C21FF84BB5B074EA9C0" => not found
 
=== End of ExportKey ===
================== ExportKey: ===================
 
"HKLM\SOFTWARE\WOW6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\CFF3305F035C33C8CC4F0C21FF84BB5B074EA9C0" => not found
 
=== End of ExportKey ===
 
========= type "C:\WINDOWS\mail.ini" =========
 
[Configuration]
Root Dir=C:\Documents and Settings\All Users\Application Data\Juno\Isp\OER
Juno Default Browser=1
 
========= End of CMD: =========
 
 
========= type "C:\Program Files\mozilla firefox\defaults\pref\itms.js" =========
 
pref("network.protocol-handler.warn-external.itms", false);
 
 
========= End of CMD: =========
 
 
========================= File: C:\Program Files\AVG\SetupAVG Technologiesጃ0606 ========================
 
"C:\Program Files\AVG\SetupAVG Technologiesጃ0606" => not found.
====== End of File: ======
 
 
 
The system needed a reboot.
 
==== End of Fixlog 12:49:12 ====


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:23 AM

Posted 01 September 2017 - 12:46 PM

Boy oh boy I am making a mess with my instructions!

While I review your last post run this.

=================

Malwarebytes Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your Desktop
  • Right click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Press any key to start the scan
  • Once completed a JRT.txt document will open on your desktop
  • Copy and paste the contents in your reply

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 dragon77

dragon77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 01 September 2017 - 03:02 PM

Got it, ran it, scan is as follows:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86 
Ran by robert weinberger (Administrator) on Fri 09/01/2017 at 15:52:08.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 19 
 
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File) 
Successfully deleted: C:\user.js (File) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2FCZ2TBO (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2WUT6LL3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3AVFLT6E (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6ST84K5G (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O4XPXPGK (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QBSFCL32 (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPCGFVUN (Temporary Internet Files Folder) 
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y8FFWDNI (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2FCZ2TBO (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2WUT6LL3 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3AVFLT6E (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6ST84K5G (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O4XPXPGK (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\QBSFCL32 (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XPCGFVUN (Temporary Internet Files Folder) 
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Y8FFWDNI (Temporary Internet Files Folder) 
 
 
 
Registry: 4 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE3098B4-04A3-41fd-8CA9-BEA39CB14C87} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{63B834D7-CFCD-442A-9B0A-921F54D3E792} (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/01/2017 at 15:57:42.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:23 AM

Posted 01 September 2017 - 03:19 PM

Thanks,

Can I assume you are referring to the Juno email page?

 

I know you said it is intermittent but have you had any problems since we started?

 


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 dragon77

dragon77
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 01 September 2017 - 03:41 PM

The last time I was hit was late last week, over a two or three day span. Both a redirect to an ad or two, and also something that multiplies a web page infinitely, listing an address, then adding a number, one by one, 0, 01, 012, etc, forever, freezing the computer by overwhelming resources. The time before that was perhaps a week or two before. So, I cannot say what is what. But, if malware was removed, I'm in a better place. Is there anything to verify with Chrome? Should I wait, see how things are, and open up the thread again if I receive another attack?



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:23 AM

Posted 01 September 2017 - 05:25 PM

Let's do this to look for any remaining entries of concern.

===================================================

ComboFix Windows XP

--------------------
  • Please download Combofix and save it to your desktop:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • If the Microsoft Windows Recovery Console is already installed ComboFix will continue its malware removal procedure
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  • Click on Yes, to continue scanning for malware
  • When finished copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
End::
  • Click Fix
  • Copy and paste the contents of the Fixlog.txt file in your reply.
===================================================

Resetting Google Chrome to Original Defaults

--------------------
  • Launch Chrome then review this page before following these steps to review what changes will take place
  • In the address bar type chrome://settings and press Enter
  • Click Show advanced settings... located at the bottom of the page
  • Under the Reset settings section click Reset settings
  • Uncheck Help make Google Chrome better by reporting the current settings if you don' t want to provide that information
  • Click Reset
  • Restart Chrome and check the performance
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • Reset Chrome?
  • Chrome reset?
  • ESET log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users