Jump to content

PUP.Zugo Problem (maybe?)


Recommended Posts

Is PUP.Zugo a problem for me?  Not sure what it is or how it got on my computer.  I use Zone Alarm Extreme as my Firewall, Anti-Virus/Spyware, and Internet Security program--including PC Tune-Up to clean and defrag when needed for backing up my computer system files.  CCleaner is used daily as a stand alone when I'm finished using my computer and internet before shutting down; along with Click&Clean and History Eraser for Chrome after surfing (I never(99.9%) use IE unless mandated for rare downloads).  There is some mild drag in internet speed but the only problem that I've been faced with is my battery icon states that my power pack is plugged in but not charging and when I boot my computer up I have to press F1 to get into Windows on every boot up.  Not sure if any of these things are interrelated that's why I'm here.

 

BELOW ARE THE DDS AND ATTACH FILES RESPECTIVELY

=======================================================================================================

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.17.2
Run by jungianjoe at 9:27:41 on 2013-06-27
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8124.5197 [GMT -4:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE
C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE
C:\Users\jungianjoe\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Users\jungianjoe\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\PROGRA~2\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = :0
uURLSearchHooks: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin
 
\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - C:\Program Files (x86)\verizontb\auxi\verizonAu.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [showBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
uRun: [CAHeadless] c:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIHSA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 845"
uRun: [EPLTarget\P0000000000000001] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIHSA.EXE /EPT "EPLTarget\P0000000000000001" /M "WorkForce 845"
uRun: [Google Update] "C:\Users\jungianjoe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\jungianjoe\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [MediaFire Tray] "C:\Users\jungianjoe\AppData\Local\MediaFire Express\mf_systray.exe" --boot-start
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [Acrobat Assistant 8.0] c:\program files (x86)\adobe\acrobat 9.0\acrobat\acrotray.exe
mRun: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
mRun: [NUSB3MON] c:\program files (x86)\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe
mRun: [iAStorIcon] c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe
mRun: [ArcSoft Connection Service] c:\program files (x86)\common files\arcsoft\connection service\bin\acdaemon.exe
mRun: [Adobe Acrobat Speed Launcher] c:\program files (x86)\adobe\acrobat 9.0\acrobat\acrobat_sl.exe
mRun: [VERIZONDM] "c:\program files (x86)\verizondm\bin\sprtcmd.exe" /p verizondm
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [bDRegion] c:\program files (x86)\cyberlink\shared files\brs.exe
mRun: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
dRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f
StartupFolder: C:\Users\JUNGIA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\JUNGIA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\jungianjoe\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{DDF187AA-0F45-4532-862F-40F02F6C3032} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --
 
verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin
 
\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [synTPEnh] C:\Program Files (x86)\synaptics\syntp\syntpenh.exe
x64-Run: [QuickSet] c:\program files\dell\quickset\quickset.exe
x64-Run: [intelWireless] "c:\program files\common files\intel\wirelesscommon\ifrmewrk.exe" /tf intel wireless tray
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 
x64-Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R?2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-6 55280]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-6-21 17720]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing
 
\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-1-2 98208]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-6 13336]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-11-22 828072]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-24 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-24 701512]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-12-29 83456]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2012-9-6 206120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2012-9-6 185640]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-6 
 
2533400]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-10-30 344616]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-10-30 39464]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-12-6 175168]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-12-6 56344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-24 25928]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2010-10-30 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2010/12/06 14:37:11;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-3-7 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 348152]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-8 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-12-14 158976]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-10-30 160880]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-8 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-8 57856]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-14 1255736]
.
=============== Created Last 30 ================
.
2013-06-26 01:22:23 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8E5E2A4-E317-4C71-B80C-6106DB85C4E3}\mpengine.dll
2013-06-25 03:10:16 -------- d-----w- C:\Users\jungianjoe\AppData\Roaming\Malwarebytes
2013-06-25 03:10:08 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-25 03:10:08 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-25 03:10:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-22 02:44:19 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2013-06-22 02:43:47 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2013-06-21 23:49:13 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-15 17:05:05 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-15 17:05:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-15 17:05:04 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-06-15 17:05:04 218112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-06-12 02:06:05 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-06-12 02:06:05 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-06-12 02:06:00 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-12 02:04:59 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-12 02:04:59 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
.
==================== Find3M  ====================
.
2013-06-21 23:49:08 972712 ----a-w- C:\Windows\System32\deployJava1.dll
2013-06-21 23:49:08 1093032 ----a-w- C:\Windows\System32\npdeployJava1.dll
2013-06-19 02:11:32 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-19 02:11:32 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH:  9:30:27.34 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume2
Install Date: 12/13/2010 5:51:51 PM
System Uptime: 6/27/2013 7:27:05 AM (2 hours ago)
.
Motherboard: Dell Inc. |  | 00YWG2
Processor: Intel® Core i7 CPU       Q 740  @ 1.73GHz | U2E1 | 919/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 333.774 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Intel® Turbo Boost Technology Driver
Device ID: PCI\VEN_8086&DEV_3B32&SUBSYS_046E1028&REV_06\3&11583659&0&FE
Manufacturer: Intel
Name: Intel® Turbo Boost Technology Driver
PNP Device ID: PCI\VEN_8086&DEV_3B32&SUBSYS_046E1028&REV_06\3&11583659&0&FE
Service: Impcd
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&293AEA4E&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&293AEA4E&0&01
Service: vwifimp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&293AEA4E&0&02
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter #2
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&293AEA4E&0&02
Service: vwifimp
.
Class GUID: 
Description: 
Device ID: ACPI\SMO8800\1
Manufacturer: 
Name: 
PNP Device ID: ACPI\SMO8800\1
Service: 
.
==== System Restore Points ===================
.
RP478: 6/12/2013 1:06:07 AM - Windows Update
RP479: 6/15/2013 12:57:17 PM - Windows Update
RP480: 6/18/2013 9:40:44 PM - Windows Update
RP481: 6/21/2013 7:42:29 PM - Installed Java 7 Update 25 (64-bit)
RP482: 6/25/2013 9:14:40 PM - Windows Update
.
==== Installed Programs ======================
.
ABBYY FineReader 9.0 Sprint
Adobe Acrobat 9 Pro
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 8.0
Adobe Premiere Elements 8.0
Adobe Reader XI (11.0.03)
Advanced Audio FX Engine
ArcSoft Print Creations
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
BatteryBar (remove only)
Bing Bar
BlindWrite 6
CCleaner
ConvertXtoDVD 4.1.19.365
Cozi
CyberLink PowerDVD 9.6
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Edoc Viewer
Dell Getting Started Guide
Dell Mobile Broadband Utility
Dell Webcam Central
Digimarc Plug-ins for Adobe® Photoshop®
Dropbox
DVD Converter Ultimate 1.3.0.2
DVD43 Plug-in v1.0.0.5
Epson Connect Printer Setup
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
Epson FAX Utility
Epson Print CD
EPSON Scan
EPSON WorkForce 845 Series Printer Uninstall
EpsonNet Config V3
EpsonNet Print
eReg
erLT
Evrsoft First Page 2006
ffdshow [rev 2527] [2008-12-19]
FileHippo.com Update Checker
Google Chrome
Google Update Helper
GoToAssist 8.0.0.514
IHA_MessageCenter
InstallVC90Support
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Driver
Intel® Turbo Boost Technology Monitor
Intel® PROSet/Wireless WiMAX Software
Internet Explorer
Java 7 Update 17
Java 7 Update 25 (64-bit)
Java Auto Updater
Java 6 Update 26 (64-bit)
Java 6 Update 30
JavaFX 2.1.1
JMicron Flash Media Controller Driver
Junk Mail filter update
Logitech SetPoint 6.51
LTCM Client
Malwarebytes Anti-Malware version 1.75.0.1300
MediaFire Express
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.9.0
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Music Manager
My Dell
NVIDIA 3D Vision Driver 310.90
NVIDIA Control Panel 310.90
NVIDIA Graphics Driver 310.90
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
PC Tune-Up
Photo Common
Photo Gallery
Quickset64
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Recuva
Renesas Electronics USB 3.0 Host Controller Driver
Roxio Burn
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 6.5
Smart Defrag 2
SmartSound Quicktracks for Premiere Elements 8.0
Spelling Dictionaries Support For Adobe Reader 9
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VC 9.0 Runtime
Verizon Download Manager
Verizon Toolbar
Verizon V CAST Media Manager
VSO Inspector 2.0.2
Vz In Home Agent
WIDCOMM Bluetooth Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
ZET 9 Lite 1.67
ZET 9 Lite 1.82
ZET 9 Lite 1.87
ZoneAlarm Antivirus
ZoneAlarm DataLock
ZoneAlarm Extreme Security
ZoneAlarm Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
6/27/2013 8:10:12 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to 
 
start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/27/2013 7:34:56 AM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured 
 
password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services 
 
snap-in in Microsoft Management Console (MMC).
6/27/2013 7:34:56 AM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did 
 
not start due to a logon failure.
6/27/2013 7:32:40 AM, Error: Service Control Manager [7022]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.
6/27/2013 7:30:06 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the IHA_MessageCenter service to connect.
6/27/2013 7:30:06 AM, Error: Service Control Manager [7000]  - The IHA_MessageCenter service failed to start due to the following error:  The service did not respond 
 
to the start or control request in a timely fashion.
6/27/2013 7:27:13 AM, Error: volmgr [49]  - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large 
 
enough to contain all physical memory.
6/27/2013 7:27:13 AM, Error: volmgr [46]  - Crash dump initialization failed!
6/26/2013 5:14:49 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel® Rapid Storage Technology 
 
service to connect.
6/26/2013 5:14:49 PM, Error: Service Control Manager [7000]  - The Intel® Rapid Storage Technology service failed to start due to the following error:  The service 
 
did not respond to the start or control request in a timely fashion.
6/26/2013 5:12:13 PM, Error: Service Control Manager [7022]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.
6/25/2013 9:03:48 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management and Security 
 
Application Local Management Service service to connect.
6/25/2013 9:03:48 PM, Error: Service Control Manager [7001]  - The Intel® Management & Security Application User Notification Service service depends on the Intel® 
 
Management and Security Application Local Management Service service which failed to start because of the following error:  The service did not respond to the start or 
 
control request in a timely fashion.
6/25/2013 9:03:48 PM, Error: Service Control Manager [7000]  - The Intel® Management and Security Application Local Management Service service failed to start due to 
 
the following error:  The service did not respond to the start or control request in a timely fashion.
6/25/2013 9:02:31 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Defender service to connect.
6/25/2013 9:02:31 PM, Error: Service Control Manager [7000]  - The Windows Defender service failed to start due to the following error:  The service did not respond to 
 
the start or control request in a timely fashion.
6/25/2013 9:01:07 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service 
 
to connect.
6/25/2013 9:01:07 PM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did 
 
not respond to the start or control request in a timely fashion.
6/25/2013 9:00:37 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN 
 
v4.0.30319_X64 service to connect.
6/25/2013 9:00:07 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN 
 
v4.0.30319_X86 service to connect.
6/25/2013 8:57:37 PM, Error: Service Control Manager [7022]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.
6/25/2013 7:20:49 AM, Error: Service Control Manager [7022]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.
6/24/2013 3:59:36 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management & Security 
 
Application User Notification Service service to connect.
6/24/2013 3:59:36 PM, Error: Service Control Manager [7000]  - The Intel® Management & Security Application User Notification Service service failed to start due to 
 
the following error:  The service did not respond to the start or control request in a timely fashion.
6/24/2013 3:58:46 PM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following 
 
corrective action will be taken in 30000 milliseconds: Restart the service.
6/24/2013 3:58:46 PM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
6/24/2013 3:57:05 PM, Error: Service Control Manager [7022]  - The Windows Search service hung on starting.
6/24/2013 3:51:14 PM, Error: Service Control Manager [7022]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.
6/23/2013 10:10:40 AM, Error: Service Control Manager [7022]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.
6/22/2013 3:10:24 PM, Error: Service Control Manager [7022]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.
6/20/2013 8:51:25 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start 
 
because of the following error:  The dependency service or group failed to start.
6/20/2013 8:51:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to 
 
run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/20/2013 8:51:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to 
 
run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/20/2013 8:51:20 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to 
 
run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/20/2013 8:51:20 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run 
 
the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/20/2013 8:51:17 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order 
 
to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/20/2013 8:51:09 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in 
 
order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/20/2013 8:47:19 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache KLIF NetBIOS 
 
NetBT nsiproxy Psched rdbss spldr tdx Vsdatant vwififlt Wanarpv6 WfpLwf
6/20/2013 8:47:18 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start 
 
because of the following error:  The dependency service or group failed to start.
6/20/2013 8:47:18 PM, Error: Service Control Manager [7001]  - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed 
 
to start because of the following error:  A device attached to the system is not functioning.
6/20/2013 8:47:18 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which 
 
failed to start because of the following error:  A device attached to the system is not functioning.
6/20/2013 8:47:18 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem 
 
service which failed to start because of the following error:  A device attached to the system is not functioning.
6/20/2013 8:47:18 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which 
 
failed to start because of the following error:  The dependency service or group failed to start.
6/20/2013 8:47:18 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which 
 
failed to start because of the following error:  The dependency service or group failed to start.
6/20/2013 8:47:18 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which 
 
failed to start because of the following error:  A device attached to the system is not functioning.
6/20/2013 8:47:18 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which 
 
failed to start because of the following error:  The dependency service or group failed to start.
6/20/2013 8:47:18 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start 
 
because of the following error:  A device attached to the system is not functioning.
6/20/2013 8:47:18 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to 
 
start because of the following error:  A device attached to the system is not functioning.
6/20/2013 8:09:38 PM, Error: Service Control Manager [7022]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.
6/20/2013 8:06:53 PM, Error: Service Control Manager [7022]  - The TrueVector Internet Monitor service hung on starting.
6/20/2013 10:49:07 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the 
 
unexpected termination of the Windows Search service, but this action failed with the following error:  An instance of the service is already running.
6/20/2013 10:45:55 PM, Error: Service Control Manager [7022]  - The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service service hung on starting.
.
==== End Of File ===========================
 
 
Link to post
Share on other sites

Welcome to the forum.
 
Please download and run  RogueKiller 32 Bit to your desktop.
 
RogueKiller 64 Bit <---use this one for 64 bit systems
 
Quit all running programs.
 
For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
 
Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!
 
Don't run any other options, they're not all bad!!!!!!!
 
Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)
 
P2P Warning:
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
 
MrC
Note:
Please read all of my instructions completely including these.
 
Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to
Instantly
Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive
<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
<+>The removal of malware isn't instantaneous, please be patient.
<+>Please stick with me until I give you the "all clear" and
Please don't waste my time by leaving before that
.
 

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Hi Mr. C:

Thanks for helping out.  Below the double dashed line is the Rogue Killer report as requested.

Joe

===================================================================================

RogueKiller V8.6.1 _x64_ [Jun 25 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : jungianjoe [Admin rights]

Mode : Scan -- Date : 06/28/2013 00:43:09

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 3 ¤¤¤

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 1 ¤¤¤


 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection : Mal.Hosts ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

127.0.0.1 download-winmx-free.com --> Potentially malicious!

127.0.0.1 www.download-winmx-free.com --> Potentially malicious!

127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!

127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!

127.0.0.1 free-winmx-downloads.com --> Potentially malicious!

127.0.0.1 www.google.dospop.com --> Potentially malicious!

127.0.0.1 www.mp3winmx.com --> Potentially malicious!

127.0.0.1 mp3winmx.com --> Potentially malicious!

127.0.0.1 winmx.click-new-download.com --> Potentially malicious!

127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!

127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!

127.0.0.1 winmx-d0wnload.com --> Potentially malicious!

127.0.0.1 winmxfrance.com --> Potentially malicious!

127.0.0.1 www.winmxfrance.com --> Potentially malicious!

127.0.0.1 www.winmx-freebie.com --> Potentially malicious!

127.0.0.1 winmx-freebie.com --> Potentially malicious!

127.0.0.1 www.winmx-music-download.com --> Potentially malicious!

127.0.0.1 winmx-music-download.com --> Potentially malicious!

127.0.0.1 winmx-usa.com --> Potentially malicious!

127.0.0.1 www.winmx-usa.com --> Potentially malicious!

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: SAMSUNG HM640JJ +++++

--- User ---

[MBR] d4f7e6219da43e318a05880fed64c7c2

[bSP] f418021efc1e76a99fcf0a8055654378 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30800325 | Size: 595440 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_06282013_004309.txt >>

Link to post
Share on other sites

Did you add these to your host file:
 

127.0.0.1 download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!
127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.google.dospop.com --> Potentially malicious!
127.0.0.1 www.mp3winmx.com --> Potentially malicious!
127.0.0.1 mp3winmx.com --> Potentially malicious!
127.0.0.1 winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 winmxfrance.com --> Potentially malicious!
127.0.0.1 www.winmxfrance.com --> Potentially malicious!
127.0.0.1 www.winmx-freebie.com --> Potentially malicious!
127.0.0.1 winmx-freebie.com --> Potentially malicious!
127.0.0.1 www.winmx-music-download.com --> Potentially malicious!
127.0.0.1 winmx-music-download.com --> Potentially malicious!
127.0.0.1 winmx-usa.com --> Potentially malicious!
127.0.0.1 www.winmx-usa.com --> Potentially malicious!

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download AdwCleaner from here and save it on your Desktop.
 

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:
Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.
If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.




Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.


MrC

Link to post
Share on other sites

Hi Mr. C:

 

As to your question: No, I did not add anything to my host file(s).  WYSIWYG!  The files and comments are straight from the Rogue Killer 64-bit program.

 

After looking over the report from Adw Cleaner (posted below, under the double hyphenated lines) I do not see any files I want to keep; but then again, I'm not sure what to keep or delete anyway.  The file(s)/folder(s)/key(s) (i.e., verizontb, etc...) and (Zone Alarm LTD Toolbar) are quite curious and if you could explain why I should delete them since I use Zone Alarm and Verizon is my internet provider; and whether removing them will destroy my system.

 

Also, what exactly is ZUGO, "AVG Secure Search" and the software product "APN PIP?"  I do not use IE, so how did that get culled into the list?  I've never had any problems with ZA before protecting my computer, using their product for over 10-years now--is there a superior product to ZA or am I safe using it?

 

Any explanation as to what's going on would be greatly appreciated considering that I'm trusting my "computing life" to you and following your advice on faith.

 

Best Regards,

Joe

 

================================================================================================

 


# AdwCleaner v2.303 - Logfile created 06/28/2013 at 17:42:42

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : jungianjoe

# Boot Mode : Normal

# Running from : C:\Users\jungianjoe\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Found : C:\Windows\SysWOW64\conduitEngine.tmp

Folder Found : C:\Program Files (x86)\verizontb

Folder Found : C:\ProgramData\Ask

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\Users\jungianjoe\AppData\Local\PackageAware

Folder Found : C:\Users\jungianjoe\AppData\LocalLow\Conduit

Folder Found : C:\Users\jungianjoe\AppData\LocalLow\ConduitEngine

Folder Found : C:\Users\jungianjoe\AppData\LocalLow\verizontb

Folder Found : C:\Users\jungianjoe\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar

 

***** [Registry] *****

 

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\AppDataLow\Software\conduitEngine

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96673559-E653-4CDC-8923-F89347A952C0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F8D96645-337C-419B-8792-B6C126145811}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96673559-E653-4CDC-8923-F89347A952C0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8D96645-337C-419B-8792-B6C126145811}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKCU\Software\Zugo

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi

Key Found : HKLM\Software\PIP

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96673559-E653-4CDC-8923-F89347A952C0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F8D96645-337C-419B-8792-B6C126145811}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96673559-E653-

 

4CDC-8923-F89347A952C0}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F8D96645-337C-

 

419B-8792-B6C126145811}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

Key Found : HKU\S-1-5-21-3217273564-1641358016-3493692186-1000\Software\Microsoft\Internet Explorer\SearchScopes

 

\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKU\S-1-5-21-3217273564-1641358016-3493692186-1000\Software\Microsoft\Internet Explorer\SearchScopes

 

\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F8D96645-337C-419B-8792-B6C126145811}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16611

 

[OK] Registry is clean.

 

-\\ Google Chrome v27.0.1453.116

 

File : C:\Users\jungianjoe\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [3744 octets] - [28/06/2013 17:42:42]

 

########## EOF - C:\AdwCleaner[R1].txt - [3804 octets] ##########

Link to post
Share on other sites

They're all toolbars and usually spy on you, redirect searches, etc: some examples:

http://www.systemlookup.com/search.php?type=name&client=malwaresearch-chrome&search=ZoneAlarm%20LTD%20Toolbar

http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html

http://www.boostbyreason.com/resource-file-8899-verizontb-dll.aspx

With AdwCleaner you can't pick and choose, so you can just leave them be if you like.

MrC

Link to post
Share on other sites

Hi Mr. C:

 

Below are the results of Security Check.

 

Joe

 

==============================================================================

 

 Results of screen317's Security Check version 0.99.68  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Disabled!  

ZoneAlarm Extreme Security Antivirus   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 MVPS Hosts File  

 Malwarebytes Anti-Malware version 1.75.0.1300  

 JavaFX 2.1.1    

 Java 6 Update 30  

 Java 7 Update 17  

 Java version out of Date! 

 Adobe Reader 9  

 Adobe Reader XI  

 Google Chrome 27.0.1453.110  

 Google Chrome 27.0.1453.116  

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

 CheckPoint ZoneAlarm vsmon.exe  

 CheckPoint ZoneAlarm zatray.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

What problems remain??

~~~~~~~~~~~~~~~~~

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Uninstall these from your add/remove programs:
JavaFX 2.1.1
Java™ 6 Update 30

 

Java version out of Date!
Java 7 Update 17 <----please update, should be Update 25


--------------------------------------------

Google Chrome 27.0.1453.110 <-----OLD
Google Chrome 27.0.1453.116 <-----OK

You have old versions of Google Chrome on the system.
Please download and run OldChromeRemover.
@Windows Vista/Windows 7-8 users must use “Run As Administrator.”

MrC

Link to post
Share on other sites

OK......

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.