Jump to content

DealDropDown/Underlined Words Only On Firefox


Recommended Posts

Only on Firefox do I have this issue. Words are underlined, advertising or surveys pop up when you place the arrow over the underlined word, etc. I have run many solution programs, including Malwarebytes. Each has found misc things and removed/solved them. None has fixed this issue with Firefox. I do not have any of the googled extensions or addons pertaining to this problem.

Windoows Vista 64 bit

SP2

Dell Studio XPS 1640

Intel Core 2 Duo CPU

DDS files:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2

Run by mbrandau at 19:32:23 on 2013-04-13

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.1010 [GMT -4:00]

.

AV: ZoneAlarm Internet Security Suite Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Internet Security Suite Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

FW: ZoneAlarm Internet Security Suite Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_70d6d963\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_70d6d963\AESTSr64.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe

C:\Windows\system32\dleacoms.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

C:\Windows\system32\svchost.exe -k regsvc

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe

C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe

C:\Windows\system32\taskeng.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=74082A05735DE6A2341BA0515F5303DF

uWindow Title = Internet Explorer provided by Dell

uProxyServer = :0

mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll

BHO: CouponDropDown: {11111111-1111-1111-1111-110011431152} -

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>

BHO: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Dell Toolbar: {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll

TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

uRun: [Google Update] "C:\Users\mbrandau\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe

mRun: [FAStartup] <no file>

dRunOnce: [ZAFFRegisterTrustChecker] "C:\Windows\System32\regsvr32.exe" -s "C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustChecker.dll"

dRunOnce: [ZAFFRegisterTrustCheckerIE] "C:\Windows\System32\regsvr32.exe" -s "C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll"

StartupFolder: C:\Users\mbrandau\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab

TCP: NameServer = 167.206.254.1 167.206.254.2

TCP: Interfaces\{4338772A-C282-49D8-AE03-6679ED8A26DF} : DHCPNameServer = 167.206.254.1 167.206.254.2

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll

Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

LSA: Notification Packages = scecli FAPassSync

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll

x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide

x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe

x64-Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"

x64-Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"

x64-Run: [iSW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"

x64-mPolicies-Explorer: NoActiveDesktop = dword:1

x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1

x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

x64-mPolicies-System: EnableLUA = dword:0

x64-mPolicies-System: EnableUIADesktopToggle = dword:0

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll

x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll

x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - LocalServer32 - <no file>

x64-Handler: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - <orphaned>

x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\

FF - prefs.js: browser.startup.homepage - www.msn.com

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

FF - plugin: C:\Users\mbrandau\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\mbrandau\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: C:\Users\mbrandau\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll

FF - plugin: C:\Users\mbrandau\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\mbrandau\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\mbrandau\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-04-06 16:41; {15312e9a-4905-48da-aae4-15b24bdc2a24}; C:\Users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi

FF - ExtSQL: 2013-04-11 21:11; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

FF - ExtSQL: !HIDDEN! 2009-07-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack, affID=100484

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - d822c12b00000000000000234deb1d28

FF - user.js: extensions.BabylonToolbar_i.hardId - d822c12b00000000000000234deb1d28

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15347

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:02:06

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

.

.

.

============= SERVICES / DRIVERS ===============

.

.

=============== File Associations ===============

.

FileExt: .txt: opendocument.WriterDocument.1 - HKCR\Unknown\Shell=C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,OpenAs_RunDLL %1 [userChoice] [default=openas]

FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2013-04-05 22:39:28 47496 ----a-w- C:\Windows\System32\sbbd.exe

2013-04-05 22:39:28 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys

2013-03-14 07:03:39 72013344 ----a-w- C:\Windows\System32\mrt.exe

2013-03-13 00:45:21 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 00:45:21 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-12 05:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-03-08 05:49:14 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-08 05:49:13 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-08 05:49:13 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-03-08 05:49:13 262560 ----a-w- C:\Windows\SysWow64\javaws.exe

2013-03-08 05:49:13 174496 ----a-w- C:\Windows\SysWow64\javaw.exe

2013-03-08 05:49:13 174496 ----a-w- C:\Windows\SysWow64\java.exe

2013-02-21 18:44:14 89944 ----a-w- C:\Windows\System32\drivers\klflt.sys

2013-02-21 18:44:14 613720 ----a-w- C:\Windows\System32\drivers\klif.sys

2013-02-12 02:18:19 19456 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-02-02 07:31:33 17815040 ----a-w- C:\Windows\System32\mshtml.dll

2013-02-02 06:58:20 10925568 ----a-w- C:\Windows\System32\ieframe.dll

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:48:08 1346048 ----a-w- C:\Windows\System32\urlmon.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:46:15 237056 ----a-w- C:\Windows\System32\url.dll

2013-02-02 06:43:51 85504 ----a-w- C:\Windows\System32\jsproxy.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:42:08 816640 ----a-w- C:\Windows\System32\jscript.dll

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:40:19 729088 ----a-w- C:\Windows\System32\msfeeds.dll

2013-02-02 06:39:33 2147840 ----a-w- C:\Windows\System32\iertutil.dll

2013-02-02 06:38:20 96768 ----a-w- C:\Windows\System32\mshtmled.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 06:34:01 248320 ----a-w- C:\Windows\System32\ieui.dll

2013-02-02 04:09:34 12321792 ----a-w- C:\Windows\SysWow64\mshtml.dll

2013-02-02 03:42:27 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:31:03 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:29:22 231936 ----a-w- C:\Windows\SysWow64\url.dll

2013-02-02 03:27:56 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:45 717824 ----a-w- C:\Windows\SysWow64\jscript.dll

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:25:16 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll

2013-02-02 03:23:51 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll

2013-02-02 03:23:44 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-02 03:20:00 176640 ----a-w- C:\Windows\SysWow64\ieui.dll

.

============= FINISH: 19:34:36.40 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 3/23/2009 5:23:25 PM

System Uptime: 4/11/2013 8:40:05 PM (47 hours ago)

.

Motherboard: Dell Inc. | | 0U785D

Processor: Intel® Core2 Duo CPU P8700 @ 2.53GHz | U2E1 | 2534/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 252.169 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 7.514 GiB free.

E: is CDROM ()

F: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: facap, FastAccess Video Capture

Device ID: ROOT\IMAGE\0000

Manufacturer: Sensible Vision

Name: facap, FastAccess Video Capture

PNP Device ID: ROOT\IMAGE\0000

Service: FACAP

.

==== System Restore Points ===================

.

RP1492: 4/8/2013 12:00:03 AM - Scheduled Checkpoint

RP1493: 4/9/2013 12:00:07 AM - Scheduled Checkpoint

RP1494: 4/9/2013 2:02:06 AM - Windows Update

RP1495: 4/10/2013 2:27:23 AM - Scheduled Checkpoint

RP1496: 4/11/2013 2:36:28 AM - Scheduled Checkpoint

RP1497: 4/11/2013 9:12:05 PM - Device Driver Package Install: Check Point Software Technologies Ltd. Network Service

RP1498: 4/12/2013 2:20:13 AM - Windows Update

RP1499: 4/13/2013 12:00:06 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

ABBYY FineReader 6.0 Sprint

AC3Filter 1.62b

Acrobat.com

Adobe AIR

Adobe Download Manager

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.4

Adobe Shockwave Player 11.5

Advanced Audio FX Engine

Advanced Site Submitter 1.0

Advertising Center

Apple Application Support

Apple Software Update

ATI Catalyst Install Manager

Banctec Service Agreement

Bowflex i-Trainer

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

Choice Guard

Cisco Connect

Compatibility Pack for the 2007 Office system

CT-S310 x64 v1581

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Online

Dell Dock

Dell Driver Download Manager

Dell Edoc Viewer

Dell Getting Started Guide

Dell Toolbar

Dell Touchpad

Dell V310-V510 Series

Dell Video Chat

Dell Webcam Central

Digi Traffic Generator

Directory Submitter Full

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Setup

DivX Version Checker

DolbyFiles

Easy Thumbnails (Remove only)

FastAccess

FileZilla Client 3.5.3

GoodSync

Google Chrome

Google Talk Plugin

GoToAssist 8.0.0.514

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

ImagXpress

Integrated Webcam Driver (1.06.03.0309)

iSEEK AnswerWorks English Runtime

ITECIR

Java 7 Update 17

Java Auto Updater

Java 6 Update 22

JavaFX 2.1.1

Junk Mail filter update

Live! Cam Avatar Creator

MagicDisc 2.7.106

Malwarebytes Anti-Malware version 1.70.0.1100

Menu Templates - Starter Kit

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Move Media Player

Movie Templates - Starter Kit

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.5 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Nero 9

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero Disc Copy Gadget

Nero DiscSpeed

Nero DriveSpeed

Nero InfoTool

Nero Installer

Nero Live

Nero PhotoSnap

Nero Recode

Nero Rescue Agent

Nero ShowTime

Nero StartSmart

Nero Vision

Nero WaveEditor

NeroBurningROM

NeroExpress

NeroLiveGadget

neroxml

Optimum

Optimum App for Laptop 1.62

PC Tune-Up

PowerDVD

QuickBooks

QuickBooks Pro 2011

Quickset

QuickTime

RankEnhancer

RoboForm 7-8-7-5 (All Users)

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Skins

Skype Click to Call

Skype™ 5.10

SopCast 3.2.4

SoundTrax

SPBBC 64bit

Spybot - Search & Destroy

System Requirements Lab

System Requirements Lab for Intel

TomTom HOME 2.8.4.2596

TomTom HOME Visual Studio Merge Modules

Trillian

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wnyiper

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wnyiper

TurboTax 2010 wrapper

TVAnts 1.0

Tweet Whistle 2.3.5

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

VC 9.0 Runtime

VC80CRTRedist - 8.0.50727.6195

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WIDCOMM Bluetooth Software 6.1.0.4402

Winamp

Winamp Detector Plug-in

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Player Firefox Plugin

WinRAR

ZoneAlarm Antivirus

ZoneAlarm Firewall

ZoneAlarm Internet Security Suite

ZoneAlarm LTD Toolbar

ZoneAlarm Security

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>
Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>
Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User : mbrandau [Admin rights]

Mode : Scan -- Date : 04/14/2013 09:34:12

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : SearchProtection (C:\ProgramData\Search Protection\_run.bat) [x] -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> D:\windows\system32\config\SOFTWARE

-> D:\windows\system32\config\SYSTEM

-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420ASG ATA Device +++++

--- User ---

[MBR] 1394707c680c3b2b1e8e7a541c285b96

[bSP] 7d4755e7c820a24a8f2162a6ed0543bc : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 156 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 321536 | Size: 15360 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31778816 | Size: 461422 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_04142013_02d0934.txt >>

RKreport[1]_S_04142013_02d0934.txt

Link to post
Share on other sites

Well you're loaded with adware to begin with:

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

# AdwCleaner v2.200 - Logfile created 04/14/2013 at 11:58:30

# Updated 02/04/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)

# User : mbrandau - MCB_LAPTOP

# Boot Mode : Normal

# Running from : C:\Users\mbrandau\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\1ClickDownload

Folder Found : C:\Program Files (x86)\AVG Secure Search

Folder Found : C:\Program Files (x86)\Search Toolbar

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder

Folder Found : C:\ProgramData\Premium

Folder Found : C:\ProgramData\search protection

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\mbrandau\AppData\Local\Ilivid Player

Folder Found : C:\Users\mbrandau\AppData\Local\PackageAware

Folder Found : C:\Users\mbrandau\AppData\LocalLow\boost_interprocess

Folder Found : C:\Users\mbrandau\AppData\LocalLow\Conduit

Folder Found : C:\Users\mbrandau\AppData\Roaming\Media Finder

Folder Found : C:\Users\mbrandau\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

Folder Found : C:\Users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\jetpack

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload

Key Found : HKCU\Software\AppDataLow\HavingFunOnline

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\IGearSettings

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\MediaFinder

Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011431152}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011431152}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Zugo

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\SOFTWARE\Classes\1ClicktorrentFile

Key Found : HKLM\SOFTWARE\Classes\1ClicktorrentFile1

Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\b

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO.1

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004352.Sandbox

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004352.Sandbox.1

Key Found : HKLM\SOFTWARE\Classes\MF

Key Found : HKLM\SOFTWARE\Classes\oneclick

Key Found : HKLM\SOFTWARE\Classes\oneclickmg

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool

Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044434452}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}

Key Found : HKLM\Software\Iminent

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011431152}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011431152}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022432252}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055435552}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066436652}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011431152}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011431152}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011431152}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}

Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055435552}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066436652}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Key Found : HKLM\SOFTWARE\Tarma Installer

Key Found : HKU\S-1-5-21-1183755766-607871255-653630954-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKU\S-1-5-21-1183755766-607871255-653630954-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKU\S-1-5-21-1183755766-607871255-653630954-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\prefs.js

Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar_i.babExt", "");

Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100484");

Found : user_pref("extensions.BabylonToolbar_i.hardId", "d822c12b00000000000000234deb1d28");

Found : user_pref("extensions.BabylonToolbar_i.id", "d822c12b00000000000000234deb1d28");

Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15347");

Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");

Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:02:06");

Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Found : user_pref("extensions.crossriderapp4926.4926.InstallationTime", 1338148586);

Found : user_pref("extensions.crossriderapp4926.4926.active", true);

Found : user_pref("extensions.crossriderapp4926.4926.addressbar", "");

Found : user_pref("extensions.crossriderapp4926.4926.affid", "0");

Found : user_pref("extensions.crossriderapp4926.4926.backgroundjs", "\n\n/**********************************[...]

Found : user_pref("extensions.crossriderapp4926.4926.backgroundver", 2);

Found : user_pref("extensions.crossriderapp4926.4926.can_run_bg_code", true);

Found : user_pref("extensions.crossriderapp4926.4926.certdomaininstaller", "");

Found : user_pref("extensions.crossriderapp4926.4926.changeprevious", false);

Found : user_pref("extensions.crossriderapp4926.4926.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]

Found : user_pref("extensions.crossriderapp4926.4926.cookie.InstallationTime.value", "1338148586");

Found : user_pref("extensions.crossriderapp4926.4926.description", "The Easiest Way To Remove Your Facebook [...]

Found : user_pref("extensions.crossriderapp4926.4926.domain", "battle-stats.com");

Found : user_pref("extensions.crossriderapp4926.4926.emailsig", "");

Found : user_pref("extensions.crossriderapp4926.4926.enablesearch", false);

Found : user_pref("extensions.crossriderapp4926.4926.exposesites", "");

Found : user_pref("extensions.crossriderapp4926.4926.fbremoteurl", "");

Found : user_pref("extensions.crossriderapp4926.4926.group", 0);

Found : user_pref("extensions.crossriderapp4926.4926.homepage", "");

Found : user_pref("extensions.crossriderapp4926.4926.iframe", false);

Found : user_pref("extensions.crossriderapp4926.4926.manifesturl", "");

Found : user_pref("extensions.crossriderapp4926.4926.name", "Timeline Remover");

Found : user_pref("extensions.crossriderapp4926.4926.newtab", "");

Found : user_pref("extensions.crossriderapp4926.4926.opensearch", "");

Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.code", "(function©{c.selectedText=f[...]

Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.name", "CrossriderAppUtils");

Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.ver", 1);

Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.code", "\"undefined\"===typeof appAPI[...]

Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.name", "CrossriderUtils");

Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.ver", 1);

Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.code", "(function(e){function u(c,b){[...]

Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.name", "FacebookFFIE");

Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.ver", 1);

Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.code", "(function(b,a){function i(){v[...]

Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.name", "FFAppAPIWrapper");

Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.ver", 1);

Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.code", "var $$jquery;\n(function(l,n)[...]

Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.name", "jQuery");

Found : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.ver", 1);

Found : user_pref("extensions.crossriderapp4926.4926.plugins_lists.plugins_0", "17,14,16");

Found : user_pref("extensions.crossriderapp4926.4926.plugins_lists.plugins_1", "17,14,13,16,15");

Found : user_pref("extensions.crossriderapp4926.4926.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]

Found : user_pref("extensions.crossriderapp4926.4926.pluginsversion", 1);

Found : user_pref("extensions.crossriderapp4926.4926.premium", true);

Found : user_pref("extensions.crossriderapp4926.4926.publisher", "Deximol");

Found : user_pref("extensions.crossriderapp4926.4926.searchstatus", 0);

Found : user_pref("extensions.crossriderapp4926.4926.setnewtab", false);

Found : user_pref("extensions.crossriderapp4926.4926.settingsurl", "");

Found : user_pref("extensions.crossriderapp4926.4926.thankyou", "hxxp://facebook.com/profile.php");

Found : user_pref("extensions.crossriderapp4926.4926.updateinterval", 360);

Found : user_pref("extensions.crossriderapp4926.4926.ver", 57);

Found : user_pref("extensions.crossriderapp4926.apps", "4926");

Found : user_pref("extensions.crossriderapp4926.bic", "1378fdf02f37922a1d507758d7b45da5");

Found : user_pref("extensions.crossriderapp4926.cid", 4926);

Found : user_pref("extensions.crossriderapp4926.firstrun", false);

Found : user_pref("extensions.crossriderapp4926.hadappinstalled", true);

Found : user_pref("extensions.crossriderapp4926.installationdate", 1338148586);

Found : user_pref("extensions.crossriderapp4926.lastcheck", 22305536);

Found : user_pref("extensions.crossriderapp4926.lastcheckitem", 22305819);

Found : user_pref("extensions.crossriderapp4926.misc.lastBgWorkerTimer", "1338349114426");

Found : user_pref("extensions.crossriderapp4926.misc.lastDomWorkerTimer", "1338349114422");

Found : user_pref("pagetweak.pref.hxxp://forums.malwarebytes.org/index.php?app=forums&module=post&section=po[...]

File : C:\Users\Mcx1\AppData\Roaming\Mozilla\Firefox\Profiles\2r6q674j.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\mbrandau\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [15203 octets] - [14/04/2013 11:58:30]

########## EOF - C:\AdwCleaner[R1].txt - [15264 octets] ##########

Link to post
Share on other sites

Please create a new system restore point before continuing.

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Reboot and let me know if there's any difference.

MrC

Link to post
Share on other sites

# AdwCleaner v2.200 - Logfile created 04/14/2013 at 12:25:29

# Updated 02/04/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (64 bits)

# User : mbrandau - MCB_LAPTOP

# Boot Mode : Normal

# Running from : C:\Users\mbrandau\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\1ClickDownload

Deleted on reboot : C:\Program Files (x86)\AVG Secure Search

Deleted on reboot : C:\Program Files (x86)\Search Toolbar

Deleted on reboot : C:\ProgramData\boost_interprocess

Deleted on reboot : C:\ProgramData\InstallMate

Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder

Deleted on reboot : C:\ProgramData\Premium

Deleted on reboot : C:\ProgramData\search protection

Deleted on reboot : C:\ProgramData\Tarma Installer

Deleted on reboot : C:\Users\mbrandau\AppData\Local\Ilivid Player

Deleted on reboot : C:\Users\mbrandau\AppData\Local\PackageAware

Deleted on reboot : C:\Users\mbrandau\AppData\LocalLow\boost_interprocess

Deleted on reboot : C:\Users\mbrandau\AppData\LocalLow\Conduit

Deleted on reboot : C:\Users\mbrandau\AppData\Roaming\Media Finder

Deleted on reboot : C:\Users\mbrandau\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

Deleted on reboot : C:\Users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\AppDataLow\HavingFunOnline

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\MediaFinder

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011431152}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011431152}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile

Key Deleted : HKLM\SOFTWARE\Classes\1ClicktorrentFile1

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\b

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.BHO.1

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.Sandbox

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004352.Sandbox.1

Key Deleted : HKLM\SOFTWARE\Classes\MF

Key Deleted : HKLM\SOFTWARE\Classes\oneclick

Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044434452}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}

Key Deleted : HKLM\Software\Iminent

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011431152}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011431152}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022432252}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011431152}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011431152}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011431152}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055435552}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066436652}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\prefs.js

C:\Users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\user.js ... Deleted !

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100484");

Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d822c12b00000000000000234deb1d28");

Deleted : user_pref("extensions.BabylonToolbar_i.id", "d822c12b00000000000000234deb1d28");

Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15347");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:02:06");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Deleted : user_pref("extensions.crossriderapp4926.4926.InstallationTime", 1338148586);

Deleted : user_pref("extensions.crossriderapp4926.4926.active", true);

Deleted : user_pref("extensions.crossriderapp4926.4926.addressbar", "");

Deleted : user_pref("extensions.crossriderapp4926.4926.affid", "0");

Deleted : user_pref("extensions.crossriderapp4926.4926.backgroundjs", "\n\n/**********************************[...]

Deleted : user_pref("extensions.crossriderapp4926.4926.backgroundver", 2);

Deleted : user_pref("extensions.crossriderapp4926.4926.can_run_bg_code", true);

Deleted : user_pref("extensions.crossriderapp4926.4926.certdomaininstaller", "");

Deleted : user_pref("extensions.crossriderapp4926.4926.changeprevious", false);

Deleted : user_pref("extensions.crossriderapp4926.4926.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]

Deleted : user_pref("extensions.crossriderapp4926.4926.cookie.InstallationTime.value", "1338148586");

Deleted : user_pref("extensions.crossriderapp4926.4926.description", "The Easiest Way To Remove Your Facebook [...]

Deleted : user_pref("extensions.crossriderapp4926.4926.domain", "battle-stats.com");

Deleted : user_pref("extensions.crossriderapp4926.4926.emailsig", "");

Deleted : user_pref("extensions.crossriderapp4926.4926.enablesearch", false);

Deleted : user_pref("extensions.crossriderapp4926.4926.exposesites", "");

Deleted : user_pref("extensions.crossriderapp4926.4926.fbremoteurl", "");

Deleted : user_pref("extensions.crossriderapp4926.4926.group", 0);

Deleted : user_pref("extensions.crossriderapp4926.4926.homepage", "");

Deleted : user_pref("extensions.crossriderapp4926.4926.iframe", false);

Deleted : user_pref("extensions.crossriderapp4926.4926.manifesturl", "");

Deleted : user_pref("extensions.crossriderapp4926.4926.name", "Timeline Remover");

Deleted : user_pref("extensions.crossriderapp4926.4926.newtab", "");

Deleted : user_pref("extensions.crossriderapp4926.4926.opensearch", "");

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.code", "(function©{c.selectedText=f[...]

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.name", "CrossriderAppUtils");

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_13.ver", 1);

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.code", "\"undefined\"===typeof appAPI[...]

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.name", "CrossriderUtils");

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_14.ver", 1);

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.code", "(function(e){function u(c,b){[...]

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.name", "FacebookFFIE");

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_15.ver", 1);

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.code", "(function(b,a){function i(){v[...]

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.name", "FFAppAPIWrapper");

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_16.ver", 1);

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.code", "var $$jquery;\n(function(l,n)[...]

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.name", "jQuery");

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins.plugin_17.ver", 1);

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins_lists.plugins_0", "17,14,16");

Deleted : user_pref("extensions.crossriderapp4926.4926.plugins_lists.plugins_1", "17,14,13,16,15");

Deleted : user_pref("extensions.crossriderapp4926.4926.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]

Deleted : user_pref("extensions.crossriderapp4926.4926.pluginsversion", 1);

Deleted : user_pref("extensions.crossriderapp4926.4926.premium", true);

Deleted : user_pref("extensions.crossriderapp4926.4926.publisher", "Deximol");

Deleted : user_pref("extensions.crossriderapp4926.4926.searchstatus", 0);

Deleted : user_pref("extensions.crossriderapp4926.4926.setnewtab", false);

Deleted : user_pref("extensions.crossriderapp4926.4926.settingsurl", "");

Deleted : user_pref("extensions.crossriderapp4926.4926.thankyou", "hxxp://facebook.com/profile.php");

Deleted : user_pref("extensions.crossriderapp4926.4926.updateinterval", 360);

Deleted : user_pref("extensions.crossriderapp4926.4926.ver", 57);

Deleted : user_pref("extensions.crossriderapp4926.apps", "4926");

Deleted : user_pref("extensions.crossriderapp4926.bic", "1378fdf02f37922a1d507758d7b45da5");

Deleted : user_pref("extensions.crossriderapp4926.cid", 4926);

Deleted : user_pref("extensions.crossriderapp4926.firstrun", false);

Deleted : user_pref("extensions.crossriderapp4926.hadappinstalled", true);

Deleted : user_pref("extensions.crossriderapp4926.installationdate", 1338148586);

Deleted : user_pref("extensions.crossriderapp4926.lastcheck", 22305536);

Deleted : user_pref("extensions.crossriderapp4926.lastcheckitem", 22305819);

Deleted : user_pref("extensions.crossriderapp4926.misc.lastBgWorkerTimer", "1338349114426");

Deleted : user_pref("extensions.crossriderapp4926.misc.lastDomWorkerTimer", "1338349114422");

Deleted : user_pref("pagetweak.pref.hxxp://forums.malwarebytes.org/index.php?app=forums&module=post&section=po[...]

File : C:\Users\Mcx1\AppData\Roaming\Mozilla\Firefox\Profiles\2r6q674j.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\mbrandau\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [15316 octets] - [14/04/2013 11:58:30]

AdwCleaner[R2].txt - [15377 octets] - [14/04/2013 12:25:13]

AdwCleaner[s1].txt - [14969 octets] - [14/04/2013 12:25:29]

########## EOF - C:\AdwCleaner[s1].txt - [15030 octets] ##########

Link to post
Share on other sites

OK, lets run some scans:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 13-04-14.01 - mbrandau 04/14/2013 13:29:57.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.2461 [GMT -4:00]

Running from: c:\users\mbrandau\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\programdata\SPL1103.tmp

c:\programdata\SPL32A5.tmp

c:\programdata\SPL405B.tmp

c:\programdata\SPL9387.tmp

c:\programdata\SPL9A0.tmp

c:\programdata\SPLA94B.tmp

c:\users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\searchplugins\bing-zugo.xml

c:\users\mbrandau\GoToAssistDownloadHelper.exe

c:\windows\system32\FAPassSync.dll

c:\windows\wininit.ini

c:\windows\WinRAR

c:\windows\WinRAR\uninstall.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-03-14 to 2013-04-14 )))))))))))))))))))))))))))))))

.

.

2013-04-14 17:41 . 2013-04-14 17:41 -------- d-----w- c:\users\QBPOSDBSrvUser\AppData\Local\temp

2013-04-14 17:41 . 2013-04-14 17:41 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2013-04-14 17:41 . 2013-04-14 17:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-12 06:21 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{921A51F0-EA45-4E01-AC4B-69529348B2E7}\mpengine.dll

2013-04-12 01:11 . 2013-04-12 01:11 -------- d-----w- c:\program files\CheckPoint

2013-04-12 01:10 . 2012-11-16 01:06 458584 ----a-w- c:\windows\system32\drivers\kl1.sys

2013-04-12 01:10 . 2013-02-21 18:44 89944 ----a-w- c:\windows\system32\drivers\klflt.sys

2013-04-12 01:10 . 2013-02-21 18:44 613720 ----a-w- c:\windows\system32\drivers\klif.sys

2013-04-12 01:08 . 2013-04-12 01:09 -------- d-----w- c:\program files (x86)\CheckPoint

2013-04-11 22:22 . 2013-04-12 00:26 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 12

2013-04-10 06:27 . 2013-03-11 13:33 4691304 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 06:27 . 2013-03-09 04:16 85504 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 06:27 . 2013-03-09 01:48 75264 ----a-w- c:\windows\system32\smss.exe

2013-04-10 06:27 . 2013-03-05 01:57 2774016 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 06:27 . 2013-03-08 04:18 451072 ----a-w- c:\windows\system32\winsrv.dll

2013-04-10 06:26 . 2013-03-08 04:17 2425344 ----a-w- c:\windows\system32\mstscax.dll

2013-04-10 06:26 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-04-07 20:38 . 2013-04-07 20:38 -------- d-----w- C:\MGADiagToolOutput

2013-04-07 20:37 . 2013-04-07 20:37 -------- d-----w- c:\programdata\Office Genuine Advantage

2013-04-06 21:19 . 2013-04-06 21:19 -------- d-----w- c:\users\mbrandau\AppData\Roaming\Malwarebytes

2013-04-06 21:18 . 2013-04-06 21:18 -------- d-----w- c:\programdata\Malwarebytes

2013-04-06 20:30 . 2013-04-06 20:30 -------- d-----w- c:\windows\Sun

2013-04-06 17:03 . 2013-04-06 17:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2013-04-06 17:03 . 2013-04-06 17:03 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2013-04-05 22:43 . 2013-04-05 22:43 -------- d-----w- c:\users\mbrandau\AppData\Roaming\LavasoftStatistics

2013-04-05 22:41 . 2013-04-05 22:41 -------- d-----w- c:\programdata\Downloaded Installations

2013-04-05 22:39 . 2013-04-05 22:39 47496 ----a-w- c:\windows\system32\sbbd.exe

2013-04-05 22:39 . 2013-04-05 22:39 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys

2013-04-05 22:39 . 2013-04-05 22:39 -------- d-----w- c:\users\mbrandau\AppData\Roaming\Ad-Aware Antivirus

2013-04-03 00:06 . 2013-04-03 23:25 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird

2013-03-21 17:41 . 2013-02-12 02:18 19456 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-14 16:38 . 2006-11-02 12:35 72702784 ----a-w- c:\windows\system32\mrt.exe

2013-03-13 00:45 . 2012-03-31 13:49 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-13 00:45 . 2011-05-16 21:51 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 05:10 . 2009-10-02 21:42 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-03-08 05:49 . 2013-03-08 05:49 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-08 05:49 . 2012-07-12 03:04 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-08 05:49 . 2010-06-07 23:57 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-03-21 109784]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2008-09-05 95488]

"Dell V310-V510 Series"="c:\program files (x86)\Dell V310-V510 Series\fm3032.exe" [2009-07-10 316072]

"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ZAFFRegisterTrustChecker"="-s" [X]

"ZAFFRegisterTrustCheckerIE"="-s" [X]

.

c:\users\mbrandau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 1025576]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2008-09-05 22:16 140544 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_70d6d963\AESTSr64.exe [2009-01-19 88576]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 00:45]

.

2013-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1183755766-607871255-653630954-1000Core.job

- c:\users\mbrandau\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-28 01:25]

.

2013-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1183755766-607871255-653630954-1000UA.job

- c:\users\mbrandau\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-28 01:25]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-21 1657128]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2010-04-01 765952]

"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2009-07-10 139944]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 1127592]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=74082A05735DE6A2341BA0515F5303DF

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 167.206.254.1 167.206.254.2

FF - ProfilePath - c:\users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\

FF - prefs.js: browser.startup.homepage - www.msn.com

FF - ExtSQL: 2013-04-06 16:41; {15312e9a-4905-48da-aae4-15b24bdc2a24}; c:\users\mbrandau\AppData\Roaming\Mozilla\Firefox\Profiles\5jzmgxpx.default\extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi

FF - ExtSQL: 2013-04-11 21:11; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker

FF - ExtSQL: !HIDDEN! 2009-07-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

Wow6432Node-HKLM-Run-FAStartup - (no file)

Wow6432Node-HKLM-Run-SearchProtection - c:\programdata\Search Protection\_run.bat

Notify-GoToAssist - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-RankEnhancer - c:\windows\system32\GKSUI18.EXE

AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe

AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe

AddRemove-3709749306.optimumapp.iptv.optimum.net - c:\program files (x86)\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Dell\DellDock\DockLogin.exe

c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe

c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe

c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

.

**************************************************************************

.

Completion time: 2013-04-14 13:53:45 - machine was rebooted

ComboFix-quarantined-files.txt 2013-04-14 17:53

.

Pre-Run: 272,752,939,008 bytes free

Post-Run: 272,376,602,624 bytes free

.

- - End Of File - - DA3935076E97319B0E1E0CC5F9CF26EC

Link to post
Share on other sites

Next:

Please create a new system restore point before running Malwarebytes Anti-Rootkit if you can.

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites

OK...run this scan:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassoci...T-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Yeah, he accused me of using cracked illegal software on my laptop and never identified anything he just deleted me. I just need help with this situation. I am not actively doing anything illegal and haven't in years. It's not worth it anymore. I purchase my stuff. I could very easily crack, for example, zonealarm antivirus. But I have found more benefits in not doing it that way anymore. Plus I'm older and not a kid anymore.

Link to post
Share on other sites

  • Root Admin

This topic is closed due to Piracy - the following found software is used to crack programs.

These are not tools from years ago - these are semi recent cracks and there is an active crack for Quickbooks. So this software is still being downloaded and/or used under your own profile.

c:\program files (x86)\intuit\quickbooks point of sale 9.0\qbregcrack.exe

c:\program files (x86)\intuit\quickbooks point of sale 9.0\qbregcrack.exe
c:\users\mbrandau\downloads\tweetadder_3_with_serial_amp_crack_2012_-_100_working.torrent
c:\users\mbrandau\downloads\daemon tools pro advanced 4.35.0306 [pc ~ multi]\crack\options.dat
c:\users\mbrandau\downloads\daemon tools pro advanced 4.35.0306 [pc ~ multi]\crack\starter.exe
c:\users\mbrandau\downloads\dfx audio enhancer 9.301 + keygen [core] -trt\dfx audio enhancer 9.301 + keygen [core] -trt.rar
c:\users\mbrandau\downloads\dfx audio enhancer 9.301 + keygen [core] -trt\torrent downloaded from demonoid.com.txt
c:\users\mbrandau\downloads\dfx audio enhancer 9.301 + keygen [core] -trt\torrent downloaded from tgp-network.com.txt
c:\users\mbrandau\downloads\my programs\winrar v3.80 pro precracked by rezman1984 setup.exe

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.