Maybe I'm paranoid, but...

zalloy · March 28, 2013

Hi all,

I noticed the last couple of days, I keep seeing MBAM blocking outgoing connections to 193.17.41.93. I'm using MBAM Pro and Avira, and have run full scans with each program, but they come up clean. I googled the offending IP address, and it comes up as an IP from Poland that is known to be associated with malware. I have also noticed that for the last week, my Google page doesn't look right. Instead of a box where you enter the search query, I'm just getting a blinking cursor. Additionally, I've been having issues with my clipboard, where copy/paste don't always work as planned. Please advise. Here are my DDS logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.17.2

Run by Laurie at 15:05:42 on 2013-03-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1686 [GMT -4:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe

C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe

C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe

C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

C:\Program Files (x86)\PDF Suite 2012\HelperService.exe

C:\Program Files (x86)\PDF Suite 2012\ConversionService.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe

C:\Program Files (x86)\PhraseExpress\phraseexpress.exe

C:\Users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe

C:\Program Files (x86)\Nuance\PDF Create 7\PdfCreate7Hook.exe

C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe

C:\Program Files (x86)\Ninite Updater\NiniteUpdater.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\NielsenOnline64.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\Laurie\AppData\Roaming\mjusbsp\magicJack.exe

C:\Windows\System32\taskmgr.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchProtocolHost.exe

c:\program files (x86)\real\realplayer\update\realsched.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Users\Laurie\AppData\Local\Mozilla Firefox\firefox.exe

C:\Users\Laurie\AppData\Local\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe

C:\Users\Laurie\AppData\Local\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://xfinity.comcast.net/?cid=cgps02122012

uProxyOverride = 127.0.0.1;*.local

uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: The Weather Channel Toolbar: {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWOW64\TwcToolbarIe7.dll

uRun: [cdloader] "C:\Users\Laurie\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK

uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"

uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe

uRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"

mRun: [NielsenOnline] C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create 7\RegistryController.exe

mRun: [OmniPage Preload] C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe /preload

mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exe

mRun: [Nuance OmniPage 18-reminder] "C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini"

mRun: [EKStatusMonitor] C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Ninite Updater] "C:\Program Files (x86)\Ninite Updater\NiniteUpdater.exe" /updaterclient /stub:trayapp /autorun

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Conime] C:\Windows\System32\conime.exe

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot

dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"

dRunOnce: [DeleteEngineAfterUpdate] reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine /f

StartupFolder: C:\Users\Laurie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Laurie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICF~1.LNK - C:\Users\Laurie\AppData\Local\MagicfeaturesPlugin\MagicfeaturesPlugin.exe

StartupFolder: C:\Users\Laurie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICJ~1.LNK - C:\Users\Laurie\AppData\Roaming\mjusbsp\magicJackLoader.exe

StartupFolder: C:\Users\Laurie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHRASE~1.LNK - C:\Program Files (x86)\PhraseExpress\phraseexpress.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{33419AC7-9DA5-4358-B712-A2F59E883293} : DHCPNameServer = 10.1.10.1

TCP: Interfaces\{4AAE8CCC-600E-457C-AA28-C0D50643B0CA} : DHCPNameServer = 75.75.75.75 75.75.76.76

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

Hosts: 127.0.0.1 ads.mcafee.com

Hosts: 127.0.0.1 analytics.microsoft.com

Hosts: 127.0.0.1 metrics.bitdefender.com

Hosts: 127.0.0.1 metrics.mcafee.com

Hosts: 127.0.0.1 om.symantec.com

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll

FF - plugin: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll

FF - plugin: C:\Program Files (x86)\PDF Suite 2012\firefoxextension2012\plugins\NPPdfExt2012.dll

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

FF - plugin: C:\Users\Laurie\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll

FF - plugin: C:\Users\Laurie\AppData\Local\RunRev\Components\LiveCodePlayer\9\nplcplugin.dll

FF - plugin: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll

FF - plugin: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll

FF - plugin: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll

FF - plugin: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-02-17 19:11; amznUWL2@amazon.com; C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\amznUWL2@amazon.com.xpi

FF - ExtSQL: 2013-02-19 21:59; {4324f4a6-3a89-477e-b388-6bca032df78b}; C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi

FF - ExtSQL: 2013-02-21 08:31; netsight@nielsen.com; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi

FF - ExtSQL: 2013-02-26 13:03; crossriderapp3858@crossrider.com; C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\crossriderapp3858@crossrider.com

FF - ExtSQL: 2013-03-03 17:24; compatibility@addons.mozilla.org; C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\compatibility@addons.mozilla.org.xpi

FF - ExtSQL: 2013-03-03 17:54; {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}; C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}

FF - ExtSQL: 2013-03-03 17:54; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi

FF - ExtSQL: 2013-03-03 18:17; {B17C1C5A-04B1-11DB-9804-B622A1EF5492}; C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi

FF - ExtSQL: 2013-03-03 18:17; savedpasswordeditor@daniel.dawson; C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\savedpasswordeditor@daniel.dawson.xpi

FF - ExtSQL: 2013-03-07 13:22; idme@abine.com; C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\idme@abine.com

FF - ExtSQL: 2013-03-08 12:10; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

FF - ExtSQL: 2013-03-10 10:53; autopager@mozilla.org; C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\autopager@mozilla.org.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-5-26 75904]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-5-26 38016]

R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2011-11-10 72240]

R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2011-11-10 15920]

R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-25 28600]

R1 nnfwdk;Nielsen WFP Driver;C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [2012-8-21 25648]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-5-26 204288]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-13 361984]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-3-5 86752]

R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-3-5 110816]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-25 100712]

R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-2-14 70352]

R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-9-23 46136]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-4 231440]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-30 24176]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-21 471144]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-5-26 38456]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AODDriver4.0;AODDriver4.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]

S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-7-23 24176]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-3 19456]

S3 rspSanity;rspSanity;C:\Windows\System32\drivers\rspSanity64.sys [2012-9-20 29752]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-3 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-3 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

.

=============== Created Last 30 ================

.

2013-03-25 15:12:25 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-03-25 14:56:28 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2013-03-25 14:56:28 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2013-03-22 17:30:23 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-08 14:19:58 -------- d-----w- C:\Users\Laurie\AppData\Local\Mozilla Firefox

2013-03-08 14:01:49 263064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2013-03-05 17:40:52 -------- d-----w- C:\Users\Laurie\AppData\Roaming\Avira

2013-03-05 17:35:06 -------- d-----w- C:\Program Files (x86)\Avira

2013-03-05 01:56:32 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-03-02 19:31:04 -------- d-----w- C:\Users\Laurie\AppData\Local\Mozilla

2013-02-28 16:59:17 -------- d-----w- C:\Users\Laurie\AppData\Roaming\AVG

2013-02-28 16:58:25 -------- d-----w- C:\ProgramData\AVG

2013-02-28 16:58:17 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2013-02-28 16:45:17 -------- d-----w- C:\Program Files (x86)\AVG

2013-02-28 16:43:01 -------- d-----w- C:\Users\Laurie\AppData\Local\MFAData

2013-02-28 16:43:01 -------- d-----w- C:\Users\Laurie\AppData\Local\Avg2013

2013-02-28 16:43:01 -------- d-----w- C:\ProgramData\MFAData

2013-02-28 16:16:31 33210 ----a-w- C:\ProgramData\1362068169.5904.bin

2013-02-28 16:16:21 4559 ----a-w- C:\ProgramData\1362068169.6756.bin

2013-02-28 16:16:21 3912 ----a-w- C:\ProgramData\1362068169.4232.bin

2013-02-28 16:16:09 29444 ----a-w- C:\ProgramData\1362068169.7036.bin

2013-02-28 16:13:28 17757 ----a-w- C:\ProgramData\1362068005.bdinstall.bin

2013-02-28 16:11:52 43220 ----a-w- C:\ProgramData\1362067642.bdinstall.bin

2013-02-28 15:59:57 43793 ----a-w- C:\ProgramData\1362067164.bdinstall.bin

2013-02-28 15:59:24 22692 ----a-w- C:\ProgramData\1362067161.bdinstall.bin

.

==================== Find3M ====================

.

2013-03-22 17:30:17 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-22 17:30:17 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-12 16:30:21 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 16:30:21 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-05 01:56:19 963488 ----a-w- C:\Windows\System32\deployJava1.dll

2013-03-05 01:56:19 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-02-24 16:27:22 7330 ----a-w- C:\cc_20130224_112712.reg

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-06 17:32:25 224698 ----a-w- C:\ProgramData\1360171210.bdinstall.bin

2013-02-06 17:14:36 27894 ----a-w- C:\ProgramData\1360170853.6772.bin

2013-02-06 17:14:36 1596 ----a-w- C:\ProgramData\1360170853.6748.bin

2013-02-06 17:14:28 2055 ----a-w- C:\ProgramData\1360170853.4148.bin

2013-02-06 17:13:33 28701 ----a-w- C:\ProgramData\1360170803.bdinstall.bin

2013-02-06 17:03:36 28966 ----a-w- C:\ProgramData\1360170204.bdinstall.bin

2013-01-25 01:42:52 32812 ----a-w- C:\cc_20130124_204239.reg

2013-01-16 09:51:12 183808 ----a-w- C:\Windows\System32\EKAiO2COI11.dll

2013-01-16 09:51:12 1649664 ----a-w- C:\Windows\System32\EKAiO2MON.dll

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-01-05 18:43:25 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2013-01-05 18:43:25 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-06-13 13:23:30 893560 ----a-w- C:\Program Files (x86)\Common Files\AutoCompletePro.exe

.

============= FINISH: 15:09:37.92 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/21/2011 4:14:38 PM

System Uptime: 3/25/2013 11:18:39 AM (76 hours ago)

.

Motherboard: FOXCONN | | 2AB1

Processor: AMD Phenom II X2 521 Processor | CPU 1 | 3500/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 920 GiB total, 804.457 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.372 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is CDROM ()

K: is CDROM ()

L: is FIXED (NTFS) - 1720 GiB total, 1218.308 GiB free.

M: is FIXED (NTFS) - 1074 GiB total, 972.108 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP311: 3/22/2013 12:00:07 AM - Scheduled Checkpoint

RP312: 3/22/2013 1:27:37 PM - Removed Java 7 Update 17

RP313: 3/22/2013 1:29:22 PM - Installed Java 7 Update 17

RP314: 3/25/2013 11:12:32 AM - Windows Update

.

==== Hosts File Hijack ======================

.

Hosts: 127.0.0.1 ads.mcafee.com

Hosts: 127.0.0.1 analytics.microsoft.com

Hosts: 127.0.0.1 metrics.bitdefender.com

Hosts: 127.0.0.1 metrics.mcafee.com

Hosts: 127.0.0.1 om.symantec.com

Hosts: 127.0.0.1 ads.bleepingcomputer.com

Hosts: 127.0.0.1 wdcs.trendmicro.com

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Community Help

Adobe Digital Editions 2.0

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop CS5

aioscnnr

Amazon Kindle

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Fuel

AMD Problem Report Wizard

AMD VISION Engine Control Center

Anonymous Guest v4.20 Pro Multilanguage

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audacity 1.3.13 (Unicode)

Audacity 2.0.3

Avira Free Antivirus

Bejeweled 2 Deluxe

Bejeweled 3

Bing Rewards Client Installer

Bitvise Tunnelier 4.40 (remove only)

Blio

Bonjour

C4USelfUpdater

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

center

Chrometa version 2.0.2.3.61

Classic Doom 3 1.3.1

Comcast Desktop Software (v1.2.1)

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Defraggler

Doomsday Engine 1.9.9

Dragon NaturallySpeaking 11

Dropbox

Duplicate Commander 3.1 Beta

ESET Online Scanner v3

essentials

EULAlyzer 2.2

Express Scribe

FBackup 4

FLAC 1.2.1b (remove only)

FTR TheRecord Player

GeekBuddy

Google Chrome

Google Earth

Google Update Helper

Grammarly Add-In

Hewlett-Packard ACLM.NET v1.2.1.1

HourGuard Time Sheet

HP Auto

HP Client Services

HP Customer Experience Enhancements

HP Games

HP LinkUp

HP MediaSmart/TouchSmart Netflix

HP Odometer

HP Product Detection

HP Setup

HP Setup Manager

HP Support Assistant

HP Support Information

HP Update

HP Vision Hardware Diagnostics

Hulu Desktop

HydraVision

iCloud

iTunes

JAP

Java 7 Update 17

Java 7 Update 17 (64-bit)

Java Auto Updater

Junk Mail filter update

Keylogger Detector

Kobo

Kodak AIO Printer

KODAK AiO Software

LabelPrint

LightScribe System Software

MagicDisc 2.7.106

MagicfeaturesPlugin Release 2.10

magicJack

Mah Jong Medley

Malwarebytes Anti-Malware version 1.70.0.1100

Mavis Beacon Teaches Typing Platinum 20

Mesh Runtime

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

Microsoft WSE 3.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Mobipocket Reader 6.2

Morphyre

Mozilla Firefox 19.0.2 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.4 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

Namco All-Stars PAC-MAN

Nero 11 Collection 1

Nero 11 Kwik Themes 3

Nero 11 Kwik Themes 4

Nero 11 Mini Repack

Nero 11 PiP Effects 1

Nero 11 Video Transitions 1

Nero Backup Drivers

Nielsen

Ninite Updater

Nuance Cloud Connector

Nuance OmniPage 18

Nuance PDF Create 7

ocr

oDesk Team

OpenOffice.org 3.4.1

PC Pitstop Exterminate2 2.0

PDF Settings CS5

PDF Suite 2012

PeerBlock 1.1 (r518)

PerformanceTest v7.0 (64-bit)

PhraseExpress

PhraseExpress v8.0.156

Pidgin

Pixillion Image Converter

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

Plex

Plex Media Server

Power2Go

PreReq

PressReader

Prism Video File Converter

Pure Networks Platform

QuickTime

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Recovery Manager

Remote Graphics Receiver

RunRev LiveCode Player Browser Plugin

Safari

SanityCheck 2.01

Scansoft PDF Create

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Sony Player Plug-in for Windows Media Player

Sophos Virus Removal Tool

SoulseekQt

Stella 3.4.1

Switch Sound File Converter

The FTW Transcriber version 2.1.0

The Weather Channel App

The Weather Channel Toolbar

Transcription Buddy 4.0 (build 38)

TuneUp 2.4.6.4

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.5

WebEx Support Manager for Internet Explorer

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Product Key Finder Pro® 2.3

WinPcap 4.1.2

WinRAR 4.20 (64-bit)

Wireshark 1.8.3 (64-bit)

Yahoo! Messenger

Yahoo! Toolbar

Zinio Reader 4

.

==== Event Viewer Messages From Past Week ========

.

3/25/2013 9:14:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

3/25/2013 11:19:37 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CFRMD

3/25/2013 10:56:09 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

.

==== End Of File ===========================

MrCharlie · March 28, 2013

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Removing malware can be unpredictable

...things can go very wrong!

Backup

any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>

Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>

Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

zalloy · March 28, 2013

Hi MrCharlie,

Thanks in advance for your help on this. I disconnected my external drive, and ran RogueKiller x64, as you suggested. Here's the report:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Laurie [Admin rights]

Mode : Scan -- Date : 03/28/2013 15:42:08

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Laurie\AppData\Local\Temp\IHU57E0.tmp.exe [x] -> FOUND

[sTARTUP][sUSP PATH] MagicfeaturesPlugin.lnk @Laurie : C:\Users\Laurie\AppData\Local\MagicfeaturesPlugin\MagicfeaturesPlugin.exe [-] -> FOUND

[sTARTUP][sUSP PATH] magicJack.lnk @Laurie : C:\Users\Laurie\AppData\Roaming\mjusbsp\magicJackLoader.exe [7] -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost #[iPv6]

127.0.0.1 fr.a2dfp.net

127.0.0.1 m.fr.a2dfp.net

127.0.0.1 ad.a8.net

127.0.0.1 asy.a8ww.net

127.0.0.1 abcstats.com

127.0.0.1 a.abv.bg

127.0.0.1 adserver.abv.bg

127.0.0.1 adv.abv.bg

127.0.0.1 bimg.abv.bg

127.0.0.1 ca.abv.bg

127.0.0.1 www2.a-counter.kiev.ua

127.0.0.1 track.acclaimnetwork.com

127.0.0.1 accuserveadsystem.com

127.0.0.1 www.accuserveadsystem.com

127.0.0.1 achmedia.com

127.0.0.1 aconti.net

127.0.0.1 secure.aconti.net

127.0.0.1 www.aconti.net #[Dialer.Aconti]

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721010CLA332 SATA Disk Device +++++

--- User ---

[MBR] 0898b5c44c58ee2b233b581feea6ca66

[bSP] 072f3ca5aad42da821a8c268faed96c8 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942267 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1929969664 | Size: 11500 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 0c959f160c0bfdaccc5ebf7fe9c560d2

[bSP] ede960c251a9b1bd984edccbf8c8278d : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo

Finished : << RKreport[1]_S_03282013_02d1542.txt >>

RKreport[1]_S_03282013_02d1542.txt

MrCharlie · March 28, 2013

Not much showing, lets run some scans:

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
If in doubt about an entry....please ask or choose Skip
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

New window that comes up.

MrC

zalloy · March 28, 2013

Ok. I ran that, like you said. I keep trying to post the file as an attachment, but I get an error that says "Upload Skipped (Error302)" :unsure:

zalloy · March 28, 2013

Trying to post again, after a reboot... Still having trouble. Same error as before. :unsure:

zalloy · March 28, 2013

Let me give it another go...Ah, success!

TDSSKiller.2.8.16.0_28.03.2013_16.07.27_log.txt

MrCharlie · March 28, 2013

Looks OK....Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

zalloy · March 28, 2013

Ok. I ran Combofix and rebooted. I noticed that Google now looks normal, but when I started Firefox, I got a dialog box stating that Firefox was not set as the default browser, and asking me to decide to set it to default. Also, I got a prompt asking for confirmation to run "Firefox Helper"

Here's the log:

ComboFix 13-03-28.01 - Laurie 03/28/2013 16:50:58.12.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2370 [GMT -4:00]

Running from: c:\users\Laurie\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\1360170204.bdinstall.bin

c:\programdata\1360170803.bdinstall.bin

c:\programdata\1360170853.4148.bin

c:\programdata\1360170853.6748.bin

c:\programdata\1360170853.6772.bin

c:\programdata\1360171210.bdinstall.bin

c:\programdata\1362067161.bdinstall.bin

c:\programdata\1362067164.bdinstall.bin

c:\programdata\1362067642.bdinstall.bin

c:\programdata\1362068005.bdinstall.bin

c:\programdata\1362068169.4232.bin

c:\programdata\1362068169.5904.bin

c:\programdata\1362068169.6756.bin

c:\programdata\1362068169.7036.bin

c:\programdata\boost_interprocess\20130328162343.375199

c:\programdata\boost_interprocess\20130328162343.375199\9334581e-7251-4ef7-a8ec-5bfe8e89ff68

c:\programdata\boost_interprocess\20130328162343.375199\plex_frame_mutex

.

((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-28 )))))))))))))))))))))))))))))))

.

2013-03-28 21:02 . 2013-03-28 21:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2013-03-28 21:02 . 2013-03-28 21:02 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-03-28 21:02 . 2013-03-28 21:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-25 15:12 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-25 14:56 . 2013-03-25 14:55 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys

2013-03-25 14:56 . 2013-03-25 14:55 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys

2013-03-25 14:56 . 2013-03-25 14:55 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2013-03-22 17:30 . 2013-03-22 17:30 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-03-22 17:30 . 2013-03-22 17:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-08 14:19 . 2013-03-08 14:20 -------- d-----w- c:\users\Laurie\AppData\Local\Mozilla Firefox

2013-03-05 17:40 . 2013-03-05 17:40 -------- d-----w- c:\users\Laurie\AppData\Roaming\Avira

2013-03-05 17:35 . 2013-03-05 17:35 -------- d-----w- c:\program files (x86)\Avira

2013-03-05 01:56 . 2013-03-05 01:56 310688 ----a-w- c:\windows\system32\javaws.exe

2013-03-05 01:56 . 2013-03-05 01:56 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-03-05 01:56 . 2013-03-05 01:56 188832 ----a-w- c:\windows\system32\javaw.exe

2013-03-05 01:56 . 2013-03-05 01:56 188320 ----a-w- c:\windows\system32\java.exe

2013-03-05 01:56 . 2013-03-05 01:56 -------- d-----w- c:\program files\Java

2013-03-02 19:31 . 2013-03-02 19:31 -------- d-----w- c:\users\Laurie\AppData\Local\Mozilla

2013-02-28 16:59 . 2013-02-28 16:59 -------- d-----w- c:\users\Laurie\AppData\Roaming\AVG

2013-02-28 16:58 . 2013-02-28 17:00 -------- d-----w- c:\programdata\AVG

2013-02-28 16:58 . 2013-02-28 16:58 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2013-02-28 16:45 . 2013-02-28 16:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2013

2013-02-28 16:45 . 2013-03-05 17:25 -------- d-----w- c:\program files (x86)\AVG

2013-02-28 16:43 . 2013-03-05 17:24 -------- d-----w- c:\programdata\MFAData

2013-02-28 16:43 . 2013-03-05 17:23 -------- d-----w- c:\users\Laurie\AppData\Local\Avg2013

2013-02-28 16:43 . 2013-02-28 16:43 -------- d-----w- c:\users\Laurie\AppData\Local\MFAData

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-22 17:30 . 2012-07-27 00:37 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-03-22 17:30 . 2011-07-23 20:17 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-03-13 07:27 . 2011-07-23 18:31 72013344 ----a-w- c:\windows\system32\MRT.exe

2013-03-12 16:30 . 2012-05-08 15:39 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-12 16:30 . 2011-07-23 21:26 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-05 01:56 . 2012-09-09 16:17 963488 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-05 01:56 . 2012-09-09 16:17 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-02-24 16:27 . 2013-02-24 16:27 7330 ----a-w- C:\cc_20130224_112712.reg

2013-02-12 05:45 . 2013-03-13 05:10 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 05:10 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 05:10 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 05:10 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 05:10 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 05:10 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-01-25 01:42 . 2013-01-25 01:42 32812 ----a-w- C:\cc_20130124_204239.reg

2013-01-16 09:51 . 2013-01-16 09:51 183808 ----a-w- c:\windows\system32\EKAiO2COI11.dll

2013-01-16 09:51 . 2013-01-16 09:51 1649664 ----a-w- c:\windows\system32\EKAiO2MON.dll

2013-01-05 18:43 . 2013-01-05 18:43 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2013-01-05 18:43 . 2013-01-05 18:43 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2013-01-05 05:53 . 2013-02-13 08:23 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-05 05:00 . 2013-02-13 08:23 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00 . 2013-02-13 08:23 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46 . 2013-02-13 08:23 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-01-04 04:51 . 2013-02-13 08:23 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-01-04 04:43 . 2013-02-13 08:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-01-04 03:26 . 2013-02-13 08:23 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-01-04 02:47 . 2013-02-13 08:23 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-01-04 02:47 . 2013-02-13 08:23 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-01-04 02:47 . 2013-02-13 08:23 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-01-04 02:47 . 2013-02-13 08:23 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-01-03 06:00 . 2013-02-13 08:23 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-03 06:00 . 2013-02-13 08:23 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-06-13 13:23 . 2012-10-23 00:51 893560 ----a-w- c:\program files (x86)\Common Files\AutoCompletePro.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]

@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"

[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]

2011-05-09 09:10 194416 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]

@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"

[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]

2011-05-09 09:13 194416 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\users\Laurie\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]

"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2013-02-04 13102080]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]

"Plex Media Server"="c:\program files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2013-03-13 3991720]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NielsenOnline"="c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2010-11-17 47424]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-13 336384]

"PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Create 7\RegistryController.exe" [2011-04-29 138528]

"OmniPage Preload"="c:\program files (x86)\Nuance\OmniPage18\OmniPage18.exe" [2011-05-10 2983200]

"PDFHook"="c:\program files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exe" [2011-04-29 606496]

"Nuance OmniPage 18-reminder"="c:\program files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" [2010-10-27 333088]

"EKStatusMonitor"="c:\program files (x86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE" [2012-06-19 2784256]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"Ninite Updater"="c:\program files (x86)\Ninite Updater\NiniteUpdater.exe" [2013-01-30 254160]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-25 345312]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-01-05 295072]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"DeleteEngineAfterUpdate"="reg DELETE HKCU\Software\AppDataLow\Software\ConduitEngine" [X]

"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]

.

c:\users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Laurie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-18 25793376]

MagicfeaturesPlugin.lnk - c:\users\Laurie\AppData\Local\MagicfeaturesPlugin\MagicfeaturesPlugin.exe [2012-8-22 221184]

magicJack.lnk - c:\users\Laurie\AppData\Roaming\mjusbsp\magicJackLoader.exe [2012-2-1 804672]

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

PhraseExpress.lnk - c:\program files (x86)\PhraseExpress\phraseexpress.exe [2013-2-27 14120448]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "c:\programdata\Nuance\NaturallySpeaking11\Ereg.ini

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart

"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\isuspm.exe" -scheduler

"gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

.

R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity64.sys [2010-08-23 29752]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-24 1255736]

R3 WUSB54GSCv2.NTamd64;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\DRIVERS\WUSB54GSCV2_AMD64.sys [x]

R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2008-10-21 77312]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-04 75904]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-04 38016]

S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-07-13 72240]

S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-07-13 15920]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-25 28600]

S1 nnfwdk;Nielsen WFP Driver;c:\program files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [2012-03-20 25648]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-13 361984]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-25 86752]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]

S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [2013-02-14 70352]

S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]

S2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-01-15 1851088]

S2 GladFileMonSvc;GladFileMonSvc;c:\program files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2011-05-09 29552]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-06-19 394712]

S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-06-19 777728]

S2 NielsenUpdate;Nielsen Update;c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2012-12-06 2833448]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]

S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-06-12 368640]

S2 PDF Suite 2012 Helper Service;PDF Suite 2012 Helper Service;c:\program files (x86)\PDF Suite 2012\HelperService.exe [2012-07-31 815496]

S2 PDF Suite 2012 Service;PDF Suite 2012 Service;c:\program files (x86)\PDF Suite 2012\ConversionService.exe [2012-07-31 724360]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-05 231440]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-12-22 38456]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2011-06-20 19:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-03-26 23:29 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 16:30]

.

2013-03-04 c:\windows\Tasks\Defraggler Volume C Task.job

- c:\program files\Defraggler\df64.exe [2013-02-06 12:44]

.

2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 15:54]

.

2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-17 15:54]

.

2013-03-03 c:\windows\Tasks\HPCeeScheduleForLaurie.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2013-03-07 c:\windows\Tasks\HPCeeScheduleForZINCS-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2013-03-28 c:\windows\Tasks\ReclaimerUpdateFiles_Laurie.job

- c:\users\Laurie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-26 02:26]

.

2013-03-28 c:\windows\Tasks\ReclaimerUpdateXML_Laurie.job

- c:\users\Laurie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-26 02:26]

.

2013-03-28 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Laurie.job

- c:\users\Laurie\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-26 02:26]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Laurie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]

@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"

[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]

2011-05-09 09:11 192368 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]

@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"

[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]

2011-05-09 09:13 195440 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uStart Page = hxxp://xfinity.comcast.net/?cid=cgps02122012

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

FF - ProfilePath - c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - ExtSQL: 2013-02-17 19:11; amznUWL2@amazon.com; c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\amznUWL2@amazon.com.xpi

FF - ExtSQL: 2013-02-19 21:59; {4324f4a6-3a89-477e-b388-6bca032df78b}; c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{4324f4a6-3a89-477e-b388-6bca032df78b}.xpi

FF - ExtSQL: 2013-02-21 08:31; netsight@nielsen.com; c:\program files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi

FF - ExtSQL: 2013-02-26 13:03; crossriderapp3858@crossrider.com; c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\crossriderapp3858@crossrider.com

FF - ExtSQL: 2013-03-03 17:24; compatibility@addons.mozilla.org; c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\compatibility@addons.mozilla.org.xpi

FF - ExtSQL: 2013-03-03 17:54; {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}; c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}

FF - ExtSQL: 2013-03-03 17:54; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi

FF - ExtSQL: 2013-03-03 18:17; {B17C1C5A-04B1-11DB-9804-B622A1EF5492}; c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi

FF - ExtSQL: 2013-03-03 18:17; savedpasswordeditor@daniel.dawson; c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\savedpasswordeditor@daniel.dawson.xpi

FF - ExtSQL: 2013-03-07 13:22; idme@abine.com; c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\idme@abine.com

FF - ExtSQL: 2013-03-08 12:10; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

FF - ExtSQL: 2013-03-10 10:53; autopager@mozilla.org; c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\autopager@mozilla.org.xpi

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{11aa5c56-b4e2-4b8f-803a-d340415532f3} - (no file)

Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe

SafeBoot-11819314.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,

89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b

"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,

5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b

"{2E5E800E-6AC0-411E-940A-369530A35E43}"=hex:51,66,7a,6c,4c,1d,38,12,60,83,4d,

2a,f2,24,70,04,eb,1c,75,d5,35,fd,1a,57

"{DCC70A83-E184-40A3-906B-779AF5E941C4}"=hex:51,66,7a,6c,4c,1d,38,12,ed,09,d4,

d8,b6,af,cd,05,ef,7d,34,da,f0,b7,05,d0

"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"=hex:51,66,7a,6c,4c,1d,38,12,b2,5b,08,

35,ee,ea,6a,0e,ce,a3,23,69,9f,8d,9c,17

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{37153479-1976-43C3-A1EE-557513977B64}"=hex:51,66,7a,6c,4c,1d,38,12,17,37,06,

33,44,57,ad,06,de,f8,16,35,16,c9,3f,70

"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,

43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87

"{06E58E5E-F8CB-4049-991E-A41C03BD419E}"=hex:51,66,7a,6c,4c,1d,38,12,30,8d,f6,

02,f9,b6,27,05,e6,08,e7,5c,06,e3,05,8a

"{C3947F4E-8894-4C04-98E0-DF182C706DDF}"=hex:51,66,7a,6c,4c,1d,38,12,20,7c,87,

c7,a6,c6,6a,09,e7,f6,9c,58,29,2e,29,cb

"{26525CA7-F3FF-47C2-B829-09083718BEE1}"=hex:51,66,7a,6c,4c,1d,38,12,c9,5f,41,

22,cd,bd,ac,02,c7,3f,4a,48,32,46,fa,f5

"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,

34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89

"{47980628-3844-42AA-A0DD-E2D86BBA9600}"=hex:51,66,7a,6c,4c,1d,38,12,46,05,8b,

43,76,76,c4,07,df,cb,a1,98,6e,e4,d2,14

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{2AAE80CE-5D5E-4AD2-B722-E9E0A506CE52}"=hex:51,66,7a,6c,4c,1d,38,12,a0,83,bd,

2e,6c,13,bc,0f,c8,34,aa,a0,a0,58,8a,46

"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,

34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de

"{3FDBA1BA-AE28-4045-9048-4ED2F3865629}"=hex:51,66,7a,6c,4c,1d,38,12,d4,a2,c8,

3b,1a,e0,2b,05,ef,5e,0d,92,f6,d8,12,3d

"{4BE60886-F6AA-4714-8109-EA6D8247DD57}"=hex:51,66,7a,6c,4c,1d,38,12,e8,0b,f5,

4f,98,b8,7a,02,fe,1f,a9,2d,87,19,99,43

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{66516A07-F617-488A-90CF-4E690CFB3C5F}"=hex:51,66,7a,6c,4c,1d,38,12,69,69,42,

62,25,b8,e4,0d,ef,d9,0d,29,09,a5,78,4b

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,

6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}"=hex:51,66,7a,6c,4c,1d,38,12,33,62,e8,

6b,fc,a6,b3,0f,f2,89,72,84,bb,c2,62,f0

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,

aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04

"{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}"=hex:51,66,7a,6c,4c,1d,38,12,92,9a,85,

b0,57,58,7a,01,de,dd,87,e2,a1,ff,7a,f8

"{B84CDBE7-1B46-494B-A188-01D4C52DEB61}"=hex:51,66,7a,6c,4c,1d,38,12,89,d8,5f,

bc,74,55,25,0c,de,9e,42,94,c0,73,af,75

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{E6D0B79E-ECAC-411B-8BF6-7A574981AF30}"=hex:51,66,7a,6c,4c,1d,38,12,f0,b4,c3,

e2,9e,a2,75,04,f4,e0,39,17,4c,df,eb,24

"{EDC0F17F-F4B7-47E4-B73E-887FAEB376FA}"=hex:51,66,7a,6c,4c,1d,38,12,11,f2,d3,

e9,85,ba,8a,02,c8,28,cb,3f,ab,ed,32,ee

"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,

f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63

"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,

f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:6a,d9,b4,e3,e8,59,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,08,ef,22,41,ed,e0,48,b0,e9,d4,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,08,ef,22,41,ed,e0,48,b0,e9,d4,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\NetRatingsNetSight]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\08\02\09\01\15;S"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-03-28 17:05:39

ComboFix-quarantined-files.txt 2013-03-28 21:05

ComboFix2.txt 2012-10-14 14:38

.

Pre-Run: 864,064,958,464 bytes free

Post-Run: 863,640,199,168 bytes free

.

- - End Of File - - 4F7FE6B237706A32441F2C7F7502048E

MrCharlie · March 28, 2013

Ok. I ran Combofix and rebooted. I noticed that Google now looks normal, but when I started Firefox, I got a dialog box stating that Firefox was not set as the default browser, and asking me to decide to set it to default.

Set it as your default browser

Also, I got a prompt asking for confirmation to run "Firefox Helper"

I'm not sure what that is?

--------------------

You no longer have AVG correct?

Then delete thefoldersse folderds:

2013-02-28 16:59 . 2013-02-28 16:59 -------- d-----w- c:\users\Laurie\AppData\Roaming\AVG

2013-02-28 16:58 . 2013-02-28 17:00 -------- d-----w- c:\programdata\AVG

2013-02-28 16:45 . 2013-03-05 17:25 -------- d-----w- c:\program files (x86)\AVG

2013-02-28 16:43 . 2013-03-05 17:23 -------- d-----w- c:\users\Laurie\AppData\Local\Avg2013

------------------------------------------

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.
AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)
It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

MrC

zalloy · March 28, 2013

I don't know what the "Firefox Helper" was either, so I didn't let it run. I hit the X, and closed it.

No, I don't still have AVG. I'm using Avira & MBAM, so I deleted the directories you said. Then I ran the adwcleaner. Here's the log:

# AdwCleaner v2.115 - Logfile created 03/28/2013 at 17:27:20

# Updated 17/03/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Laurie - ZINCS-HP

# Boot Mode : Normal

# Running from : C:\Users\Laurie\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\crossriderapp3858@crossrider.com

Folder Found : C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\jetpack

***** [Registry] *****

Key Found : HKCU\Software\InstallCore

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\prefs.js

Found : user_pref("extensions.crossriderapp3858.3858.InstallationTime", 1361901790);

Found : user_pref("extensions.crossriderapp3858.3858.active", true);

Found : user_pref("extensions.crossriderapp3858.3858.addressbar", "");

Found : user_pref("extensions.crossriderapp3858.3858.addressbarenhanced", "");

Found : user_pref("extensions.crossriderapp3858.3858.backgroundjs", "\n\n/**********************************[...]

Found : user_pref("extensions.crossriderapp3858.3858.backgroundver", 2);

Found : user_pref("extensions.crossriderapp3858.3858.can_run_bg_code", true);

Found : user_pref("extensions.crossriderapp3858.3858.certdomaininstaller", "");

Found : user_pref("extensions.crossriderapp3858.3858.changeprevious", false);

Found : user_pref("extensions.crossriderapp3858.3858.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]

Found : user_pref("extensions.crossriderapp3858.3858.cookie.InstallationTime.value", "1361901790");

Found : user_pref("extensions.crossriderapp3858.3858.cookie.inNetflix.expiration", "Fri Feb 01 2030 00:00:00[...]

Found : user_pref("extensions.crossriderapp3858.3858.cookie.inNetflix.value", "0");

Found : user_pref("extensions.crossriderapp3858.3858.cookie.naimStr.expiration", "Fri Feb 01 2030 00:00:00 G[...]

Found : user_pref("extensions.crossriderapp3858.3858.cookie.naimStr.value", "%22Laurie%7CJim%7CElla%7CNetfli[...]

Found : user_pref("extensions.crossriderapp3858.3858.description", "Add titles to your MultiQs instant watch[...]

Found : user_pref("extensions.crossriderapp3858.3858.domain", "");

Found : user_pref("extensions.crossriderapp3858.3858.enablesearch", false);

Found : user_pref("extensions.crossriderapp3858.3858.fbremoteurl", "");

Found : user_pref("extensions.crossriderapp3858.3858.group", 0);

Found : user_pref("extensions.crossriderapp3858.3858.homepage", "");

Found : user_pref("extensions.crossriderapp3858.3858.iframe", false);

Found : user_pref("extensions.crossriderapp3858.3858.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]

Found : user_pref("extensions.crossriderapp3858.3858.internaldb.Resources_appVer.value", "72");

Found : user_pref("extensions.crossriderapp3858.3858.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]

Found : user_pref("extensions.crossriderapp3858.3858.internaldb.Resources_lastVersion.value", "0");

Found : user_pref("extensions.crossriderapp3858.3858.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]

Found : user_pref("extensions.crossriderapp3858.3858.internaldb.Resources_meta.value", "%7B%7D");

Found : user_pref("extensions.crossriderapp3858.3858.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]

Found : user_pref("extensions.crossriderapp3858.3858.internaldb.Resources_queue.value", "%7B%7D");

Found : user_pref("extensions.crossriderapp3858.3858.js", "\n\n$jquery(document).ready(function(){var e;var [...]

Found : user_pref("extensions.crossriderapp3858.3858.manifesturl", "");

Found : user_pref("extensions.crossriderapp3858.3858.name", "MultiQs Netflix Extension");

Found : user_pref("extensions.crossriderapp3858.3858.newtab", "");

Found : user_pref("extensions.crossriderapp3858.3858.opensearch", "");

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_13.name", "CrossriderAppUtils");

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_13.ver", 2);

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_14.name", "CrossriderUtils");

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_14.ver", 2);

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_16.name", "FFAppAPIWrapper");

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_16.ver", 5);

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_17.name", "jQuery");

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_17.ver", 3);

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_47.name", "resources_background");

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_47.ver", 2);

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_64.name", "appApiMessage");

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_64.ver", 1);

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_72.name", "appApiValidation");

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_72.ver", 2);

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...]

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_78.name", "CrossriderInfo");

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_78.ver", 2);

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_98.code", "(function(){var b=\"cr_\"+app[...]

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_98.name", "omniCommands");

Found : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_98.ver", 1);

Found : user_pref("extensions.crossriderapp3858.3858.plugins_lists.plugins_0", "14,78,16,64,47,72,98");

Found : user_pref("extensions.crossriderapp3858.3858.plugins_lists.plugins_1", "17,14,78,13,16,64,72,98");

Found : user_pref("extensions.crossriderapp3858.3858.plugins_lists.plugins_5", "14,78,13,16,64,47,72");

Found : user_pref("extensions.crossriderapp3858.3858.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]

Found : user_pref("extensions.crossriderapp3858.3858.pluginsversion", 12);

Found : user_pref("extensions.crossriderapp3858.3858.publisher", "MultiQs");

Found : user_pref("extensions.crossriderapp3858.3858.searchstatus", 0);

Found : user_pref("extensions.crossriderapp3858.3858.setnewtab", false);

Found : user_pref("extensions.crossriderapp3858.3858.settingsurl", "");

Found : user_pref("extensions.crossriderapp3858.3858.thankyou", "hxxp://crossrider.com/thank_you/3858");

Found : user_pref("extensions.crossriderapp3858.3858.updateinterval", 360);

Found : user_pref("extensions.crossriderapp3858.3858.ver", 73);

Found : user_pref("extensions.crossriderapp3858.apps", "3858");

Found : user_pref("extensions.crossriderapp3858.bic", "13d17ac225dad08a7626f12d84705762");

Found : user_pref("extensions.crossriderapp3858.cid", 3858);

Found : user_pref("extensions.crossriderapp3858.firstrun", false);

Found : user_pref("extensions.crossriderapp3858.hadappinstalled", true);

Found : user_pref("extensions.crossriderapp3858.installationdate", 1361901790);

Found : user_pref("extensions.crossriderapp3858.lastcheck", 22741621);

Found : user_pref("extensions.crossriderapp3858.lastcheckitem", 22741751);

Found : user_pref("extensions.crossriderapp3858.modetype", "production");

Found : user_pref("extensions.crossriderapp3858.reportInstall", true);

Found : user_pref("extensions.crossriderapp3858.statsDailyCounter", 39);

Found : user_pref("extensions.enabledAddons", "addon%40tv-manager.org:1.8.2,%7B68d0652a-86ef-4c6a-89f4-80865[...]

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [76901 octets] - [13/10/2012 11:25:05]

AdwCleaner[R2].txt - [1144 octets] - [23/10/2012 21:30:09]

AdwCleaner[R3].txt - [1264 octets] - [01/11/2012 12:26:46]

AdwCleaner[R4].txt - [9728 octets] - [28/03/2013 17:27:20]

AdwCleaner[s1].txt - [78338 octets] - [13/10/2012 11:27:26]

AdwCleaner[s2].txt - [1206 octets] - [23/10/2012 21:31:15]

########## EOF - C:\AdwCleaner[R4].txt - [9909 octets] ##########

MrCharlie · March 28, 2013

Please create a new system restore point before continuing.

Lots of adware found....lets clear it out.....

Please re-run AdwCleaner
Click on Delete button.
Confirm each time with OK if asked.
Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please Post the contents of that document.
Do Not Attach It!!!

MrC

zalloy · March 28, 2013

Ok. Here come the logs :

# AdwCleaner v2.115 - Logfile created 03/28/2013 at 18:19:52

# Updated 17/03/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Laurie - ZINCS-HP

# Boot Mode : Normal

# Running from : C:\Users\Laurie\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\crossriderapp3858@crossrider.com

Folder Deleted : C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\prefs.js

Deleted : user_pref("extensions.crossriderapp3858.3858.InstallationTime", 1361901790);

Deleted : user_pref("extensions.crossriderapp3858.3858.active", true);

Deleted : user_pref("extensions.crossriderapp3858.3858.addressbar", "");

Deleted : user_pref("extensions.crossriderapp3858.3858.addressbarenhanced", "");

Deleted : user_pref("extensions.crossriderapp3858.3858.backgroundjs", "\n\n/**********************************[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.backgroundver", 2);

Deleted : user_pref("extensions.crossriderapp3858.3858.can_run_bg_code", true);

Deleted : user_pref("extensions.crossriderapp3858.3858.certdomaininstaller", "");

Deleted : user_pref("extensions.crossriderapp3858.3858.changeprevious", false);

Deleted : user_pref("extensions.crossriderapp3858.3858.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.cookie.InstallationTime.value", "1361901790");

Deleted : user_pref("extensions.crossriderapp3858.3858.cookie.inNetflix.expiration", "Fri Feb 01 2030 00:00:00[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.cookie.inNetflix.value", "0");

Deleted : user_pref("extensions.crossriderapp3858.3858.cookie.naimStr.expiration", "Fri Feb 01 2030 00:00:00 G[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.cookie.naimStr.value", "%22Laurie%7CJim%7CElla%7CNetfli[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.description", "Add titles to your MultiQs instant watch[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.domain", "");

Deleted : user_pref("extensions.crossriderapp3858.3858.enablesearch", false);

Deleted : user_pref("extensions.crossriderapp3858.3858.fbremoteurl", "");

Deleted : user_pref("extensions.crossriderapp3858.3858.group", 0);

Deleted : user_pref("extensions.crossriderapp3858.3858.homepage", "");

Deleted : user_pref("extensions.crossriderapp3858.3858.iframe", false);

Deleted : user_pref("extensions.crossriderapp3858.3858.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.internaldb.Resources_appVer.value", "72");

Deleted : user_pref("extensions.crossriderapp3858.3858.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]

Deleted : user_pref("extensions.crossriderapp3858.3858.internaldb.Resources_lastVersion.value", "0");

Deleted : user_pref("extensions.crossriderapp3858.3858.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.internaldb.Resources_meta.value", "%7B%7D");

Deleted : user_pref("extensions.crossriderapp3858.3858.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.internaldb.Resources_queue.value", "%7B%7D");

Deleted : user_pref("extensions.crossriderapp3858.3858.js", "\n\n$jquery(document).ready(function(){var e;var [...]

Deleted : user_pref("extensions.crossriderapp3858.3858.manifesturl", "");

Deleted : user_pref("extensions.crossriderapp3858.3858.name", "MultiQs Netflix Extension");

Deleted : user_pref("extensions.crossriderapp3858.3858.newtab", "");

Deleted : user_pref("extensions.crossriderapp3858.3858.opensearch", "");

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_13.name", "CrossriderAppUtils");

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_13.ver", 2);

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_14.name", "CrossriderUtils");

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_14.ver", 2);

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_16.name", "FFAppAPIWrapper");

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_16.ver", 5);

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_17.name", "jQuery");

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_17.ver", 3);

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_47.name", "resources_background");

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_47.ver", 2);

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_64.name", "appApiMessage");

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_64.ver", 1);

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_72.name", "appApiValidation");

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_72.ver", 2);

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_78.name", "CrossriderInfo");

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_78.ver", 2);

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_98.code", "(function(){var b=\"cr_\"+app[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_98.name", "omniCommands");

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins.plugin_98.ver", 1);

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins_lists.plugins_0", "14,78,16,64,47,72,98");

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins_lists.plugins_1", "17,14,78,13,16,64,72,98");

Deleted : user_pref("extensions.crossriderapp3858.3858.plugins_lists.plugins_5", "14,78,13,16,64,47,72");

Deleted : user_pref("extensions.crossriderapp3858.3858.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]

Deleted : user_pref("extensions.crossriderapp3858.3858.pluginsversion", 12);

Deleted : user_pref("extensions.crossriderapp3858.3858.publisher", "MultiQs");

Deleted : user_pref("extensions.crossriderapp3858.3858.searchstatus", 0);

Deleted : user_pref("extensions.crossriderapp3858.3858.setnewtab", false);

Deleted : user_pref("extensions.crossriderapp3858.3858.settingsurl", "");

Deleted : user_pref("extensions.crossriderapp3858.3858.thankyou", "hxxp://crossrider.com/thank_you/3858");

Deleted : user_pref("extensions.crossriderapp3858.3858.updateinterval", 360);

Deleted : user_pref("extensions.crossriderapp3858.3858.ver", 73);

Deleted : user_pref("extensions.crossriderapp3858.apps", "3858");

Deleted : user_pref("extensions.crossriderapp3858.bic", "13d17ac225dad08a7626f12d84705762");

Deleted : user_pref("extensions.crossriderapp3858.cid", 3858);

Deleted : user_pref("extensions.crossriderapp3858.firstrun", false);

Deleted : user_pref("extensions.crossriderapp3858.hadappinstalled", true);

Deleted : user_pref("extensions.crossriderapp3858.installationdate", 1361901790);

Deleted : user_pref("extensions.crossriderapp3858.lastcheck", 22741621);

Deleted : user_pref("extensions.crossriderapp3858.lastcheckitem", 22741804);

Deleted : user_pref("extensions.crossriderapp3858.modetype", "production");

Deleted : user_pref("extensions.crossriderapp3858.reportInstall", true);

Deleted : user_pref("extensions.crossriderapp3858.statsDailyCounter", 39);

Deleted : user_pref("extensions.enabledAddons", "addon%40tv-manager.org:1.8.2,%7B68d0652a-86ef-4c6a-89f4-80865[...]

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [76901 octets] - [13/10/2012 11:25:05]

AdwCleaner[R2].txt - [1144 octets] - [23/10/2012 21:30:09]

AdwCleaner[R3].txt - [1264 octets] - [01/11/2012 12:26:46]

AdwCleaner[R4].txt - [9978 octets] - [28/03/2013 17:27:20]

AdwCleaner[s1].txt - [78338 octets] - [13/10/2012 11:27:26]

AdwCleaner[s2].txt - [1206 octets] - [23/10/2012 21:31:15]

AdwCleaner[s3].txt - [10101 octets] - [28/03/2013 18:19:52]

########## EOF - C:\AdwCleaner[s3].txt - [10162 octets] ##########

Results of screen317's Security Check version 0.99.61

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Avira Desktop

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

TuneUp 2.4.6.4

Java 7 Update 17

Adobe Flash Player 11.6.602.180

Mozilla Firefox (19.0.2)

Mozilla Thunderbird (17.0.4)

Google Chrome 25.0.1364.172

Google Chrome 26.0.1410.43

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

NetRatingsNetSight NetSight NielsenOnline.exe

NetRatingsNetSight NetSight meter1 NielsenOnline64.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 5%

````````````````````End of Log``````````````````````

MrCharlie · March 28, 2013

Google Chrome 25.0.1364.172 <---Old

Google Chrome 26.0.1410.43 <---OK

You have old versions of Google Chrome on the system.

Please download and run OldChromeRemover.

@Windows Vista/Windows 7 users must use “Run As Administrator.”

The rest looks OK.

--------------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

zalloy · March 28, 2013

Thanks again for all your help! Most everything seems to be working right now. Google has reverted back to the blinking cursor instead of the text box. I'm not sure why. I ran the cleanup programs, as you suggested. Will let you know if I see anything else out of the ordinary.

zalloy · March 28, 2013

Still seeing the blocked outgoing IP 193.17.41.93. See the following log, from MBAM:

2013/03/28 07:51:06 -0400 ZINCS-HP Laurie MESSAGE Executing scheduled update: Daily

2013/03/28 07:51:15 -0400 ZINCS-HP Laurie MESSAGE Scheduled update executed successfully: database updated from version v2013.03.27.05 to version v2013.03.28.05

2013/03/28 07:51:15 -0400 ZINCS-HP Laurie MESSAGE Starting database refresh

2013/03/28 07:51:15 -0400 ZINCS-HP Laurie MESSAGE Stopping IP protection

2013/03/28 07:51:18 -0400 ZINCS-HP Laurie MESSAGE IP Protection stopped successfully

2013/03/28 07:51:28 -0400 ZINCS-HP Laurie MESSAGE Database refreshed successfully

2013/03/28 07:51:28 -0400 ZINCS-HP Laurie MESSAGE Starting IP protection

2013/03/28 07:51:42 -0400 ZINCS-HP Laurie MESSAGE IP Protection started successfully

2013/03/28 10:47:19 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 62676, Process: firefox.exe)

2013/03/28 10:47:20 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 62677, Process: firefox.exe)

2013/03/28 10:48:40 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 62682, Process: firefox.exe)

2013/03/28 10:48:40 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 62684, Process: firefox.exe)

2013/03/28 11:17:24 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 63156, Process: firefox.exe)

2013/03/28 11:17:24 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 63157, Process: firefox.exe)

2013/03/28 11:17:24 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 63163, Process: firefox.exe)

2013/03/28 11:17:24 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 63165, Process: firefox.exe)

2013/03/28 13:05:54 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 50941, Process: firefox.exe)

2013/03/28 13:05:54 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 50942, Process: firefox.exe)

2013/03/28 13:06:10 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 50947, Process: firefox.exe)

2013/03/28 13:06:10 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 50949, Process: firefox.exe)

2013/03/28 14:28:26 -0400 ZINCS-HP Laurie MESSAGE Starting database refresh

2013/03/28 14:28:26 -0400 ZINCS-HP Laurie MESSAGE Stopping IP protection

2013/03/28 14:28:28 -0400 ZINCS-HP Laurie MESSAGE IP Protection stopped successfully

2013/03/28 14:28:39 -0400 ZINCS-HP Laurie MESSAGE Database refreshed successfully

2013/03/28 14:28:39 -0400 ZINCS-HP Laurie MESSAGE Starting IP protection

2013/03/28 14:28:55 -0400 ZINCS-HP Laurie MESSAGE IP Protection started successfully

2013/03/28 14:32:33 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 51916, Process: firefox.exe)

2013/03/28 14:32:33 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 51917, Process: firefox.exe)

2013/03/28 14:33:21 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 51923, Process: firefox.exe)

2013/03/28 14:33:21 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 51925, Process: firefox.exe)

2013/03/28 14:52:36 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 52458, Process: firefox.exe)

2013/03/28 14:52:36 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 52459, Process: firefox.exe)

2013/03/28 14:52:36 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 52460, Process: firefox.exe)

2013/03/28 14:52:45 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 52464, Process: firefox.exe)

2013/03/28 14:52:45 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 52466, Process: firefox.exe)

2013/03/28 16:05:43 -0400 ZINCS-HP (null) MESSAGE Starting protection

2013/03/28 16:05:43 -0400 ZINCS-HP (null) MESSAGE Protection started successfully

2013/03/28 16:05:43 -0400 ZINCS-HP (null) MESSAGE Starting IP protection

2013/03/28 16:06:01 -0400 ZINCS-HP (null) MESSAGE IP Protection started successfully

2013/03/28 16:24:41 -0400 ZINCS-HP Laurie MESSAGE Starting protection

2013/03/28 16:24:44 -0400 ZINCS-HP Laurie MESSAGE Protection started successfully

2013/03/28 16:24:44 -0400 ZINCS-HP Laurie MESSAGE Starting IP protection

2013/03/28 16:25:03 -0400 ZINCS-HP Laurie MESSAGE IP Protection started successfully

2013/03/28 16:46:40 -0400 ZINCS-HP Laurie MESSAGE Stopping protection

2013/03/28 16:46:40 -0400 ZINCS-HP Laurie MESSAGE Protection stopped successfully

2013/03/28 16:46:40 -0400 ZINCS-HP Laurie MESSAGE Stopping IP protection

2013/03/28 16:46:41 -0400 ZINCS-HP Laurie MESSAGE IP Protection stopped successfully

2013/03/28 16:46:48 -0400 ZINCS-HP Laurie MESSAGE Protection stopped

2013/03/28 17:07:38 -0400 ZINCS-HP (null) MESSAGE Starting protection

2013/03/28 17:07:38 -0400 ZINCS-HP (null) MESSAGE Protection started successfully

2013/03/28 17:07:38 -0400 ZINCS-HP (null) MESSAGE Starting IP protection

2013/03/28 17:07:56 -0400 ZINCS-HP (null) MESSAGE IP Protection started successfully

2013/03/28 18:23:08 -0400 ZINCS-HP Laurie MESSAGE Starting protection

2013/03/28 18:23:08 -0400 ZINCS-HP Laurie MESSAGE Protection started successfully

2013/03/28 18:23:08 -0400 ZINCS-HP Laurie MESSAGE Starting IP protection

2013/03/28 18:23:27 -0400 ZINCS-HP Laurie MESSAGE IP Protection started successfully

2013/03/28 18:58:52 -0400 ZINCS-HP Laurie MESSAGE Stopping protection

2013/03/28 18:58:52 -0400 ZINCS-HP Laurie MESSAGE Protection stopped successfully

2013/03/28 18:58:52 -0400 ZINCS-HP Laurie MESSAGE Stopping IP protection

2013/03/28 18:58:53 -0400 ZINCS-HP Laurie MESSAGE IP Protection stopped successfully

2013/03/28 18:59:17 -0400 ZINCS-HP Laurie MESSAGE Protection stopped

2013/03/28 19:02:55 -0400 ZINCS-HP (null) MESSAGE Starting protection

2013/03/28 19:02:56 -0400 ZINCS-HP (null) MESSAGE Protection started successfully

2013/03/28 19:02:56 -0400 ZINCS-HP (null) MESSAGE Starting IP protection

2013/03/28 19:03:15 -0400 ZINCS-HP (null) MESSAGE IP Protection started successfully

2013/03/28 19:48:34 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 50053, Process: firefox.exe)

2013/03/28 19:48:34 -0400 ZINCS-HP Laurie IP-BLOCK 193.17.41.93 (Type: outgoing, Port: 50054, Process: firefox.exe)

MrCharlie · March 28, 2013

That's Malwarebytes doing its job.

Some links to read:

http://helpdesk.malw...malicious-site-

http://helpdesk.malw...re-block-Skype-

http://helpdesk.malw...g-my-antivirus-

http://helpdesk.malw...-pro-a-firewall

MrC

zalloy · March 29, 2013

Oh, okay. I guess I was being paranoid. Thanks for the help.

MrCharlie · March 29, 2013

The Website Blocking is a good feature of Malwarebytes, but when it does its job....people think they're infected. Sometimes this is true, but we checked the system and I don't see any malware on the system.

My protection logs have similar entries.

I have my notifications turned off.

If you would like to contact Malwarebytes about the problem, here's the options:

http://forums.malwarebytes.org/index.php?showtopic=119858

MrC

MrCharlie · March 29, 2013

So more info that's out there:

IP Blocking

IP blocks can indicate a number of things:

They could indicate that MBAM is doing its job of blocking bad content on websites.

They can also occur when running Skype and certain P2P programs, such as torrents. For example, please see this help desk topic about Skype and this one about P2P.

In some cases the blocks are a false positive.

However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.

--> There is more information about the IP blocking module in the FAQ - Section G (and in the Helpdesk topics HERE and HERE).

They include instructions on how to set MBAM to ignore a particular IP, if you wish to do so.

They also contain instructions on how to determine what process might be trying to make the connections.

You may also research the IP in question at www.ip-lookup.net or a similar site.

On the other hand, if you think the IP blocks might be a false positive, then please read this sticky topic before starting a new topic in the False Positives forum.

Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following for the available options to have a malware expert assist you with cleaning process Available Assistance For Possibly Infected Computers.

zalloy · March 29, 2013

Thanks again for the info. I don't bother with any P2P stuff anymore. It's more trouble than it's worth. :lol:

Maurice Naggar · March 29, 2013

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Maybe I'm paranoid, but...

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information