Jump to content

mbrandau

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by mbrandau

  1. Yeah, he accused me of using cracked illegal software on my laptop and never identified anything he just deleted me. I just need help with this situation. I am not actively doing anything illegal and haven't in years. It's not worth it anymore. I purchase my stuff. I could very easily crack, for example, zonealarm antivirus. But I have found more benefits in not doing it that way anymore. Plus I'm older and not a kid anymore.
  2. The only file was the OTL.txt file. Extra.txt did not generate. I attached that file because it was too big for posting. OTL.Txt 4.14.13.txt
  3. Scan finished - No Malware is what it said. But we know different.
  4. ComboFix 13-04-14.01 - mbrandau 04/14/2013 13:29:57.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.2461 [GMT -4:00] Running from: c:\users\mbrandau\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\SPL1103.tmp c:\programdata\SPL32A5.tmp c:\programdata\SPL405B.tmp c:\programdata\SPL9387.tmp c:\programdata\SPL9A0.tmp c:\programdata\SPLA94B.tmp c:\users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\searchplugins\bing-zugo.xml c:\users\mbrandau\GoToAssistDownloadHelper.exe c:\windows\system32\FAPassSync.dll c:\windows\wininit.ini c:\windows\WinRAR c:\windows\WinRAR\uninstall.exe . . ((((((((((((((((((((((((( Files Created from 2013-03-14 to 2013-04-14 ))))))))))))))))))))))))))))))) . . 2013-04-14 17:41 . 2013-04-14 17:41 -------- d-----w- c:\users\QBPOSDBSrvUser\AppData\Local\temp 2013-04-14 17:41 . 2013-04-14 17:41 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2013-04-14 17:41 . 2013-04-14 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-12 06:21 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{921A51F0-EA45-4E01-AC4B-69529348B2E7}\mpengine.dll 2013-04-12 01:11 . 2013-04-12 01:11 -------- d-----w- c:\program files\CheckPoint 2013-04-12 01:10 . 2012-11-16 01:06 458584 ----a-w- c:\windows\system32\drivers\kl1.sys 2013-04-12 01:10 . 2013-02-21 18:44 89944 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-04-12 01:10 . 2013-02-21 18:44 613720 ----a-w- c:\windows\system32\drivers\klif.sys 2013-04-12 01:08 . 2013-04-12 01:09 -------- d-----w- c:\program files (x86)\CheckPoint 2013-04-11 22:22 . 2013-04-12 00:26 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 12 2013-04-10 06:27 . 2013-03-11 13:33 4691304 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 06:27 . 2013-03-09 04:16 85504 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 06:27 . 2013-03-09 01:48 75264 ----a-w- c:\windows\system32\smss.exe 2013-04-10 06:27 . 2013-03-05 01:57 2774016 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 06:27 . 2013-03-08 04:18 451072 ----a-w- c:\windows\system32\winsrv.dll 2013-04-10 06:26 . 2013-03-08 04:17 2425344 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 06:26 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-04-07 20:38 . 2013-04-07 20:38 -------- d-----w- C:\MGADiagToolOutput 2013-04-07 20:37 . 2013-04-07 20:37 -------- d-----w- c:\programdata\Office Genuine Advantage 2013-04-06 21:19 . 2013-04-06 21:19 -------- d-----w- c:\users\mbrandau\AppData\Roaming\Malwarebytes 2013-04-06 21:18 . 2013-04-06 21:18 -------- d-----w- c:\programdata\Malwarebytes 2013-04-06 20:30 . 2013-04-06 20:30 -------- d-----w- c:\windows\Sun 2013-04-06 17:03 . 2013-04-06 17:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-04-06 17:03 . 2013-04-06 17:03 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2013-04-05 22:43 . 2013-04-05 22:43 -------- d-----w- c:\users\mbrandau\AppData\Roaming\LavasoftStatistics 2013-04-05 22:41 . 2013-04-05 22:41 -------- d-----w- c:\programdata\Downloaded Installations 2013-04-05 22:39 . 2013-04-05 22:39 47496 ----a-w- c:\windows\system32\sbbd.exe 2013-04-05 22:39 . 2013-04-05 22:39 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys 2013-04-05 22:39 . 2013-04-05 22:39 -------- d-----w- c:\users\mbrandau\AppData\Roaming\Ad-Aware Antivirus 2013-04-03 00:06 . 2013-04-03 23:25 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-03-21 17:41 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-14 16:38 . 2006-11-02 12:35 72702784 ----a-w- c:\windows\system32\mrt.exe 2013-03-13 00:45 . 2012-03-31 13:49 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 00:45 . 2011-05-16 21:51 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-12 05:10 . 2009-10-02 21:42 282744 ------w- c:\windows\system32\MpSigStub.exe 2013-03-08 05:49 . 2013-03-08 05:49 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-08 05:49 . 2012-07-12 03:04 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-08 05:49 . 2010-06-07 23:57 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-03-21 109784] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2008-09-05 95488] "Dell V310-V510 Series"="c:\program files (x86)\Dell V310-V510 Series\fm3032.exe" [2009-07-10 316072] "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ZAFFRegisterTrustChecker"="-s" [X] "ZAFFRegisterTrustCheckerIE"="-s" [X] . c:\users\mbrandau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 1025576] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess] 2008-09-05 22:16 140544 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_70d6d963\AESTSr64.exe [2009-01-19 88576] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:45] . 2013-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1183755766-607871255-653630954-1000Core.job - c:\users\mbrandau\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-28 01:25] . 2013-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1183755766-607871255-653630954-1000UA.job - c:\users\mbrandau\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-28 01:25] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-21 1657128] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-04-01 765952] "EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2009-07-10 139944] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 1127592] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=74082A05735DE6A2341BA0515F5303DF mLocal Page = c:\windows\SysWOW64\blank.htm IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 167.206.254.1 167.206.254.2 FF - ProfilePath - c:\users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\ FF - prefs.js: browser.startup.homepage - www.msn.com FF - ExtSQL: 2013-04-06 16:41; {15312e9a-4905-48da-aae4-15b24bdc2a24}; c:\users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi FF - ExtSQL: 2013-04-11 21:11; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - ExtSQL: !HIDDEN! 2009-07-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe Wow6432Node-HKLM-Run-FAStartup - (no file) Wow6432Node-HKLM-Run-SearchProtection - c:\programdata\Search Protection\_run.bat Notify-GoToAssist - (no file) SafeBoot-WudfPf SafeBoot-WudfRd HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-RankEnhancer - c:\windows\system32\GKSUI18.EXE AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe AddRemove-3709749306.optimumapp.iptv.optimum.net - c:\program files (x86)\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files\Dell\DellDock\DockLogin.exe c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe . ************************************************************************** . Completion time: 2013-04-14 13:53:45 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-14 17:53 . Pre-Run: 272,752,939,008 bytes free Post-Run: 272,376,602,624 bytes free . - - End Of File - - DA3935076E97319B0E1E0CC5F9CF26EC
  5. I just rebooted. Sorry it took time Windows had 7 updates to install. I just checked and I still have the problem. Ugh.
  6. # AdwCleaner v2.200 - Logfile created 04/14/2013 at 12:25:29 # Updated 02/04/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : mbrandau - MCB_LAPTOP # Boot Mode : Normal # Running from : C:\Users\mbrandau\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\1ClickDownload Deleted on reboot : C:\Program Files (x86)\AVG Secure Search Deleted on reboot : C:\Program Files (x86)\Search Toolbar Deleted on reboot : C:\ProgramData\boost_interprocess Deleted on reboot : C:\ProgramData\InstallMate Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder Deleted on reboot : C:\ProgramData\Premium Deleted on reboot : C:\ProgramData\search protection Deleted on reboot : C:\ProgramData\Tarma Installer Deleted on reboot : C:\Users\mbrandau\AppData\Local\Ilivid Player Deleted on reboot : C:\Users\mbrandau\AppData\Local\PackageAware Deleted on reboot : C:\Users\mbrandau\AppData\LocalLow\boost_interprocess Deleted on reboot : C:\Users\mbrandau\AppData\LocalLow\Conduit Deleted on reboot : C:\Users\mbrandau\AppData\Roaming\Media Finder Deleted on reboot : C:\Users\mbrandau\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com Deleted on reboot : C:\Users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\jetpack ***** [Registry] ***** Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\AppDataLow\HavingFunOnline Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\MediaFinder Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011431152} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011431152} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Zugo Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\b Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO.1 Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\MF Key Deleted : HKLM\SOFTWARE\Classes\oneclick Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044434452} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011431152} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011431152} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022432252} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011431152} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011431152} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011431152} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055435552} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066436652} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Deleted : HKLM\SOFTWARE\Tarma Installer Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16470 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\prefs.js C:\Users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\user.js ... Deleted ! Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100484"); Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d822c12b00000000000000234deb1d28"); Deleted : user_pref("extensions.BabylonToolbar_i.id", "d822c12b00000000000000234deb1d28"); Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15347"); Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:02:06"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.crossriderapp4926.4926.InstallationTime", 1338148586); Deleted : user_pref("extensions.crossriderapp4926.4926.active", true); Deleted : user_pref("extensions.crossriderapp4926.4926.addressbar", ""); Deleted : user_pref("extensions.crossriderapp4926.4926.affid", "0"); Deleted : user_pref("extensions.crossriderapp4926.4926.backgroundjs", "\n\n/**********************************[...] Deleted : user_pref("extensions.crossriderapp4926.4926.backgroundver", 2); Deleted : user_pref("extensions.crossriderapp4926.4926.can_run_bg_code", true); Deleted : user_pref("extensions.crossriderapp4926.4926.certdomaininstaller", ""); Deleted : user_pref("extensions.crossriderapp4926.4926.changeprevious", false); Deleted : user_pref("extensions.crossriderapp4926.4926.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...] Deleted : user_pref("extensions.crossriderapp4926.4926.cookie.InstallationTime.value", "1338148586"); Deleted : user_pref("extensions.crossriderapp4926.4926.description", "The Easiest Way To Remove Your Facebook [...] Deleted : user_pref("extensions.crossriderapp4926.4926.domain", "battle-stats.com"); Deleted : user_pref("extensions.crossriderapp4926.4926.emailsig", ""); Deleted : user_pref("extensions.crossriderapp4926.4926.enablesearch", false); Deleted : user_pref("extensions.crossriderapp4926.4926.exposesites", ""); Deleted : user_pref("extensions.crossriderapp4926.4926.fbremoteurl", ""); Deleted : user_pref("extensions.crossriderapp4926.4926.group", 0); Deleted : user_pref("extensions.crossriderapp4926.4926.homepage", ""); Deleted : user_pref("extensions.crossriderapp4926.4926.iframe", false); Deleted : user_pref("extensions.crossriderapp4926.4926.manifesturl", ""); Deleted : user_pref("extensions.crossriderapp4926.4926.name", "Timeline Remover"); Deleted : user_pref("extensions.crossriderapp4926.4926.newtab", ""); Deleted : user_pref("extensions.crossriderapp4926.4926.opensearch", ""); Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.code", "(function©{c.selectedText=f[...] Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.name", "CrossriderAppUtils"); Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.ver", 1); Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.code", "\"undefined\"===typeof appAPI[...] Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.name", "CrossriderUtils"); Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.ver", 1); Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.code", "(function(e){function u(c,b){[...] Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.name", "FacebookFFIE"); Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.ver", 1); Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.code", "(function(b,a){function i(){v[...] Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.name", "FFAppAPIWrapper"); Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.ver", 1); Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.code", "var $$jquery;\n(function(l,n)[...] Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.name", "jQuery"); Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.ver", 1); Deleted : user_pref("extensions.crossriderapp4926.4926.plugins_lists.plugins_0", "17,14,16"); Deleted : user_pref("extensions.crossriderapp4926.4926.plugins_lists.plugins_1", "17,14,13,16,15"); Deleted : user_pref("extensions.crossriderapp4926.4926.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...] Deleted : user_pref("extensions.crossriderapp4926.4926.pluginsversion", 1); Deleted : user_pref("extensions.crossriderapp4926.4926.premium", true); Deleted : user_pref("extensions.crossriderapp4926.4926.publisher", "Deximol"); Deleted : user_pref("extensions.crossriderapp4926.4926.searchstatus", 0); Deleted : user_pref("extensions.crossriderapp4926.4926.setnewtab", false); Deleted : user_pref("extensions.crossriderapp4926.4926.settingsurl", ""); Deleted : user_pref("extensions.crossriderapp4926.4926.thankyou", "hxxp://facebook.com/profile.php"); Deleted : user_pref("extensions.crossriderapp4926.4926.updateinterval", 360); Deleted : user_pref("extensions.crossriderapp4926.4926.ver", 57); Deleted : user_pref("extensions.crossriderapp4926.apps", "4926"); Deleted : user_pref("extensions.crossriderapp4926.bic", "1378fdf02f37922a1d507758d7b45da5"); Deleted : user_pref("extensions.crossriderapp4926.cid", 4926); Deleted : user_pref("extensions.crossriderapp4926.firstrun", false); Deleted : user_pref("extensions.crossriderapp4926.hadappinstalled", true); Deleted : user_pref("extensions.crossriderapp4926.installationdate", 1338148586); Deleted : user_pref("extensions.crossriderapp4926.lastcheck", 22305536); Deleted : user_pref("extensions.crossriderapp4926.lastcheckitem", 22305819); Deleted : user_pref("extensions.crossriderapp4926.misc.lastBgWorkerTimer", "1338349114426"); Deleted : user_pref("extensions.crossriderapp4926.misc.lastDomWorkerTimer", "1338349114422"); Deleted : user_pref("pagetweak.pref.hxxp://forums.malwarebytes.org/index.php?app=forums&module=post&section=po[...] File : C:\Users\Mcx1\AppData\Roaming\Mozilla\Firefox\Profiles\2r6q674j.default\prefs.js [OK] File is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\mbrandau\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [15316 octets] - [14/04/2013 11:58:30] AdwCleaner[R2].txt - [15377 octets] - [14/04/2013 12:25:13] AdwCleaner[s1].txt - [14969 octets] - [14/04/2013 12:25:29] ########## EOF - C:\AdwCleaner[s1].txt - [15030 octets] ##########
  7. # AdwCleaner v2.200 - Logfile created 04/14/2013 at 11:58:30 # Updated 02/04/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : mbrandau - MCB_LAPTOP # Boot Mode : Normal # Running from : C:\Users\mbrandau\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\1ClickDownload Folder Found : C:\Program Files (x86)\AVG Secure Search Folder Found : C:\Program Files (x86)\Search Toolbar Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\ProgramData\InstallMate Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder Folder Found : C:\ProgramData\Premium Folder Found : C:\ProgramData\search protection Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\mbrandau\AppData\Local\Ilivid Player Folder Found : C:\Users\mbrandau\AppData\Local\PackageAware Folder Found : C:\Users\mbrandau\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\mbrandau\AppData\LocalLow\Conduit Folder Found : C:\Users\mbrandau\AppData\Roaming\Media Finder Folder Found : C:\Users\mbrandau\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com Folder Found : C:\Users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\jetpack ***** [Registry] ***** Key Found : HKCU\Software\1ClickDownload Key Found : HKCU\Software\AppDataLow\HavingFunOnline Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\IGearSettings Key Found : HKCU\Software\InstallCore Key Found : HKCU\Software\MediaFinder Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011431152} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011431152} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Found : HKCU\Software\Zugo Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\SOFTWARE\Classes\1ClicktorrentFile Key Found : HKLM\SOFTWARE\Classes\1ClicktorrentFile1 Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found : HKLM\SOFTWARE\Classes\b Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO.1 Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004352.Sandbox Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004352.Sandbox.1 Key Found : HKLM\SOFTWARE\Classes\MF Key Found : HKLM\SOFTWARE\Classes\oneclick Key Found : HKLM\SOFTWARE\Classes\oneclickmg Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044434452} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Key Found : HKLM\Software\Iminent Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011431152} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011431152} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022432252} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055435552} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066436652} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011431152} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011431152} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011431152} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055435552} Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066436652} Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} Key Found : HKLM\SOFTWARE\Tarma Installer Key Found : HKU\S-1-5-21-1183755766-607871255-653630954-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Found : HKU\S-1-5-21-1183755766-607871255-653630954-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKU\S-1-5-21-1183755766-607871255-653630954-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16470 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (en-US) File : C:\Users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\prefs.js Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Found : user_pref("extensions.BabylonToolbar_i.babExt", ""); Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100484"); Found : user_pref("extensions.BabylonToolbar_i.hardId", "d822c12b00000000000000234deb1d28"); Found : user_pref("extensions.BabylonToolbar_i.id", "d822c12b00000000000000234deb1d28"); Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15347"); Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:02:06"); Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Found : user_pref("extensions.crossriderapp4926.4926.InstallationTime", 1338148586); Found : user_pref("extensions.crossriderapp4926.4926.active", true); Found : user_pref("extensions.crossriderapp4926.4926.addressbar", ""); Found : user_pref("extensions.crossriderapp4926.4926.affid", "0"); Found : user_pref("extensions.crossriderapp4926.4926.backgroundjs", "\n\n/**********************************[...] Found : user_pref("extensions.crossriderapp4926.4926.backgroundver", 2); Found : user_pref("extensions.crossriderapp4926.4926.can_run_bg_code", true); Found : user_pref("extensions.crossriderapp4926.4926.certdomaininstaller", ""); Found : user_pref("extensions.crossriderapp4926.4926.changeprevious", false); Found : user_pref("extensions.crossriderapp4926.4926.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...] Found : user_pref("extensions.crossriderapp4926.4926.cookie.InstallationTime.value", "1338148586"); Found : user_pref("extensions.crossriderapp4926.4926.description", "The Easiest Way To Remove Your Facebook [...] Found : user_pref("extensions.crossriderapp4926.4926.domain", "battle-stats.com"); Found : user_pref("extensions.crossriderapp4926.4926.emailsig", ""); Found : user_pref("extensions.crossriderapp4926.4926.enablesearch", false); Found : user_pref("extensions.crossriderapp4926.4926.exposesites", ""); Found : user_pref("extensions.crossriderapp4926.4926.fbremoteurl", ""); Found : user_pref("extensions.crossriderapp4926.4926.group", 0); Found : user_pref("extensions.crossriderapp4926.4926.homepage", ""); Found : user_pref("extensions.crossriderapp4926.4926.iframe", false); Found : user_pref("extensions.crossriderapp4926.4926.manifesturl", ""); Found : user_pref("extensions.crossriderapp4926.4926.name", "Timeline Remover"); Found : user_pref("extensions.crossriderapp4926.4926.newtab", ""); Found : user_pref("extensions.crossriderapp4926.4926.opensearch", ""); Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.code", "(function©{c.selectedText=f[...] Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.name", "CrossriderAppUtils"); Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.ver", 1); Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.code", "\"undefined\"===typeof appAPI[...] Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.name", "CrossriderUtils"); Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.ver", 1); Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.code", "(function(e){function u(c,b){[...] Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.name", "FacebookFFIE"); Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.ver", 1); Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.code", "(function(b,a){function i(){v[...] Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.name", "FFAppAPIWrapper"); Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.ver", 1); Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.code", "var $$jquery;\n(function(l,n)[...] Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.name", "jQuery"); Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.ver", 1); Found : user_pref("extensions.crossriderapp4926.4926.plugins_lists.plugins_0", "17,14,16"); Found : user_pref("extensions.crossriderapp4926.4926.plugins_lists.plugins_1", "17,14,13,16,15"); Found : user_pref("extensions.crossriderapp4926.4926.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...] Found : user_pref("extensions.crossriderapp4926.4926.pluginsversion", 1); Found : user_pref("extensions.crossriderapp4926.4926.premium", true); Found : user_pref("extensions.crossriderapp4926.4926.publisher", "Deximol"); Found : user_pref("extensions.crossriderapp4926.4926.searchstatus", 0); Found : user_pref("extensions.crossriderapp4926.4926.setnewtab", false); Found : user_pref("extensions.crossriderapp4926.4926.settingsurl", ""); Found : user_pref("extensions.crossriderapp4926.4926.thankyou", "hxxp://facebook.com/profile.php"); Found : user_pref("extensions.crossriderapp4926.4926.updateinterval", 360); Found : user_pref("extensions.crossriderapp4926.4926.ver", 57); Found : user_pref("extensions.crossriderapp4926.apps", "4926"); Found : user_pref("extensions.crossriderapp4926.bic", "1378fdf02f37922a1d507758d7b45da5"); Found : user_pref("extensions.crossriderapp4926.cid", 4926); Found : user_pref("extensions.crossriderapp4926.firstrun", false); Found : user_pref("extensions.crossriderapp4926.hadappinstalled", true); Found : user_pref("extensions.crossriderapp4926.installationdate", 1338148586); Found : user_pref("extensions.crossriderapp4926.lastcheck", 22305536); Found : user_pref("extensions.crossriderapp4926.lastcheckitem", 22305819); Found : user_pref("extensions.crossriderapp4926.misc.lastBgWorkerTimer", "1338349114426"); Found : user_pref("extensions.crossriderapp4926.misc.lastDomWorkerTimer", "1338349114422"); Found : user_pref("pagetweak.pref.hxxp://forums.malwarebytes.org/index.php?app=forums&module=post&section=po[...] File : C:\Users\Mcx1\AppData\Roaming\Mozilla\Firefox\Profiles\2r6q674j.default\prefs.js [OK] File is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\mbrandau\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [15203 octets] - [14/04/2013 11:58:30] ########## EOF - C:\AdwCleaner[R1].txt - [15264 octets] ##########
  8. RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : mbrandau [Admin rights] Mode : Scan -- Date : 04/14/2013 09:34:12 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : SearchProtection (C:\ProgramData\Search Protection\_run.bat) [x] -> FOUND [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\windows\system32\config\SOFTWARE -> D:\windows\system32\config\SYSTEM -> D:\Users\Default\NTUSER.DAT ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420ASG ATA Device +++++ --- User --- [MBR] 1394707c680c3b2b1e8e7a541c285b96 [bSP] 7d4755e7c820a24a8f2162a6ed0543bc : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 156 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 321536 | Size: 15360 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31778816 | Size: 461422 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_04142013_02d0934.txt >> RKreport[1]_S_04142013_02d0934.txt
  9. Only on Firefox do I have this issue. Words are underlined, advertising or surveys pop up when you place the arrow over the underlined word, etc. I have run many solution programs, including Malwarebytes. Each has found misc things and removed/solved them. None has fixed this issue with Firefox. I do not have any of the googled extensions or addons pertaining to this problem. Windoows Vista 64 bit SP2 Dell Studio XPS 1640 Intel Core 2 Duo CPU DDS files: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2 Run by mbrandau at 19:32:23 on 2013-04-13 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.1010 [GMT -4:00] . AV: ZoneAlarm Internet Security Suite Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Internet Security Suite Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} FW: ZoneAlarm Internet Security Suite Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_70d6d963\STacSV64.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_70d6d963\AESTSr64.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe C:\Windows\system32\dleacoms.exe C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Windows\system32\svchost.exe -k regsvc C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe C:\Windows\system32\taskeng.exe C:\Windows\ehome\ehtray.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Windows\ehome\ehmsas.exe C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Windows\system32\wuauclt.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=74082A05735DE6A2341BA0515F5303DF uWindow Title = Internet Explorer provided by Dell uProxyServer = :0 mWinlogon: Userinit = userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll BHO: CouponDropDown: {11111111-1111-1111-1111-110011431152} - BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned> BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned> BHO: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll uRun: [Google Update] "C:\Users\mbrandau\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe mRun: [FAStartup] <no file> dRunOnce: [ZAFFRegisterTrustChecker] "C:\Windows\System32\regsvr32.exe" -s "C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustChecker.dll" dRunOnce: [ZAFFRegisterTrustCheckerIE] "C:\Windows\System32\regsvr32.exe" -s "C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll" StartupFolder: C:\Users\mbrandau\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab TCP: NameServer = 167.206.254.1 167.206.254.2 TCP: Interfaces\{4338772A-C282-49D8-AE03-6679ED8A26DF} : DHCPNameServer = 167.206.254.1 167.206.254.2 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL LSA: Notification Packages = scecli FAPassSync LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe x64-Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe" x64-Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe" x64-Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" x64-mPolicies-Explorer: NoActiveDesktop = dword:1 x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1 x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-System: EnableLUA = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - LocalServer32 - <no file> x64-Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - <orphaned> x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\ FF - prefs.js: browser.startup.homepage - www.msn.com FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll FF - plugin: C:\Users\mbrandau\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Users\mbrandau\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll FF - plugin: C:\Users\mbrandau\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll FF - plugin: C:\Users\mbrandau\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\mbrandau\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\mbrandau\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-04-06 16:41; {15312e9a-4905-48da-aae4-15b24bdc2a24}; C:\Users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi FF - ExtSQL: 2013-04-11 21:11; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - ExtSQL: !HIDDEN! 2009-07-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=100484 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - d822c12b00000000000000234deb1d28 FF - user.js: extensions.BabylonToolbar_i.hardId - d822c12b00000000000000234deb1d28 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15347 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:02:06 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . . . ============= SERVICES / DRIVERS =============== . . =============== File Associations =============== . FileExt: .txt: opendocument.WriterDocument.1 - HKCR\Unknown\Shell=C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,OpenAs_RunDLL %1 [userChoice] [default=openas] FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %* FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2013-04-05 22:39:28 47496 ----a-w- C:\Windows\System32\sbbd.exe 2013-04-05 22:39:28 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys 2013-03-14 07:03:39 72013344 ----a-w- C:\Windows\System32\mrt.exe 2013-03-13 00:45:21 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 00:45:21 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-12 05:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe 2013-03-08 05:49:14 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-08 05:49:13 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-03-08 05:49:13 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-03-08 05:49:13 262560 ----a-w- C:\Windows\SysWow64\javaws.exe 2013-03-08 05:49:13 174496 ----a-w- C:\Windows\SysWow64\javaw.exe 2013-03-08 05:49:13 174496 ----a-w- C:\Windows\SysWow64\java.exe 2013-02-21 18:44:14 89944 ----a-w- C:\Windows\System32\drivers\klflt.sys 2013-02-21 18:44:14 613720 ----a-w- C:\Windows\System32\drivers\klif.sys 2013-02-12 02:18:19 19456 ----a-w- C:\Windows\System32\drivers\usb8023.sys 2013-02-02 07:31:33 17815040 ----a-w- C:\Windows\System32\mshtml.dll 2013-02-02 06:58:20 10925568 ----a-w- C:\Windows\System32\ieframe.dll 2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-02 06:48:08 1346048 ----a-w- C:\Windows\System32\urlmon.dll 2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-02-02 06:46:15 237056 ----a-w- C:\Windows\System32\url.dll 2013-02-02 06:43:51 85504 ----a-w- C:\Windows\System32\jsproxy.dll 2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-02 06:42:08 816640 ----a-w- C:\Windows\System32\jscript.dll 2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-02-02 06:40:19 729088 ----a-w- C:\Windows\System32\msfeeds.dll 2013-02-02 06:39:33 2147840 ----a-w- C:\Windows\System32\iertutil.dll 2013-02-02 06:38:20 96768 ----a-w- C:\Windows\System32\mshtmled.dll 2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-02 06:34:01 248320 ----a-w- C:\Windows\System32\ieui.dll 2013-02-02 04:09:34 12321792 ----a-w- C:\Windows\SysWow64\mshtml.dll 2013-02-02 03:42:27 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll 2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-02 03:31:03 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll 2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-02 03:29:22 231936 ----a-w- C:\Windows\SysWow64\url.dll 2013-02-02 03:27:56 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll 2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-02-02 03:26:45 717824 ----a-w- C:\Windows\SysWow64\jscript.dll 2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-02-02 03:25:16 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll 2013-02-02 03:23:51 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll 2013-02-02 03:23:44 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll 2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-02-02 03:20:00 176640 ----a-w- C:\Windows\SysWow64\ieui.dll . ============= FINISH: 19:34:36.40 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 3/23/2009 5:23:25 PM System Uptime: 4/11/2013 8:40:05 PM (47 hours ago) . Motherboard: Dell Inc. | | 0U785D Processor: Intel® Core2 Duo CPU P8700 @ 2.53GHz | U2E1 | 2534/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 451 GiB total, 252.169 GiB free. D: is FIXED (NTFS) - 15 GiB total, 7.514 GiB free. E: is CDROM () F: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: facap, FastAccess Video Capture Device ID: ROOT\IMAGE\0000 Manufacturer: Sensible Vision Name: facap, FastAccess Video Capture PNP Device ID: ROOT\IMAGE\0000 Service: FACAP . ==== System Restore Points =================== . RP1492: 4/8/2013 12:00:03 AM - Scheduled Checkpoint RP1493: 4/9/2013 12:00:07 AM - Scheduled Checkpoint RP1494: 4/9/2013 2:02:06 AM - Windows Update RP1495: 4/10/2013 2:27:23 AM - Scheduled Checkpoint RP1496: 4/11/2013 2:36:28 AM - Scheduled Checkpoint RP1497: 4/11/2013 9:12:05 PM - Device Driver Package Install: Check Point Software Technologies Ltd. Network Service RP1498: 4/12/2013 2:20:13 AM - Windows Update RP1499: 4/13/2013 12:00:06 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer ABBYY FineReader 6.0 Sprint AC3Filter 1.62b Acrobat.com Adobe AIR Adobe Download Manager Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.4 Adobe Shockwave Player 11.5 Advanced Audio FX Engine Advanced Site Submitter 1.0 Advertising Center Apple Application Support Apple Software Update ATI Catalyst Install Manager Banctec Service Agreement Bowflex i-Trainer Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish Choice Guard Cisco Connect Compatibility Pack for the 2007 Office system CT-S310 x64 v1581 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Online Dell Dock Dell Driver Download Manager Dell Edoc Viewer Dell Getting Started Guide Dell Toolbar Dell Touchpad Dell V310-V510 Series Dell Video Chat Dell Webcam Central Digi Traffic Generator Directory Submitter Full DivX Converter DivX Player DivX Plus DirectShow Filters DivX Setup DivX Version Checker DolbyFiles Easy Thumbnails (Remove only) FastAccess FileZilla Client 3.5.3 GoodSync Google Chrome Google Talk Plugin GoToAssist 8.0.0.514 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) ImagXpress Integrated Webcam Driver (1.06.03.0309) iSEEK AnswerWorks English Runtime ITECIR Java 7 Update 17 Java Auto Updater Java 6 Update 22 JavaFX 2.1.1 Junk Mail filter update Live! Cam Avatar Creator MagicDisc 2.7.106 Malwarebytes Anti-Malware version 1.70.0.1100 Menu Templates - Starter Kit Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Move Media Player Movie Templates - Starter Kit Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 17.0.5 (x86 en-US) MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Nero 9 Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero Disc Copy Gadget Nero DiscSpeed Nero DriveSpeed Nero InfoTool Nero Installer Nero Live Nero PhotoSnap Nero Recode Nero Rescue Agent Nero ShowTime Nero StartSmart Nero Vision Nero WaveEditor NeroBurningROM NeroExpress NeroLiveGadget neroxml Optimum Optimum App for Laptop 1.62 PC Tune-Up PowerDVD QuickBooks QuickBooks Pro 2011 Quickset QuickTime RankEnhancer RoboForm 7-8-7-5 (All Users) Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Skins Skype Click to Call Skype™ 5.10 SopCast 3.2.4 SoundTrax SPBBC 64bit Spybot - Search & Destroy System Requirements Lab System Requirements Lab for Intel TomTom HOME 2.8.4.2596 TomTom HOME Visual Studio Merge Modules Trillian TurboTax 2009 TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wnyiper TurboTax 2009 wrapper TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wnyiper TurboTax 2010 wrapper TVAnts 1.0 Tweet Whistle 2.3.5 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition VC 9.0 Runtime VC80CRTRedist - 8.0.50727.6195 Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WIDCOMM Bluetooth Software 6.1.0.4402 Winamp Winamp Detector Plug-in Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Media Player Firefox Plugin WinRAR ZoneAlarm Antivirus ZoneAlarm Firewall ZoneAlarm Internet Security Suite ZoneAlarm LTD Toolbar ZoneAlarm Security . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.