    Dec 2007
    Daly City, CA
    Go on with GooredFix.

    Dec 2011

    D:\DropBox\Clients\Dropbox\Resources\cnet_PandoraRecovery2_1_1Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    D:\Temp\backwpup_1_2010-08-12_16-15-33.zip PHP/Kryptik.AB trojan deleted - quarantined
    D:\Temp\backwpup_1_2010-08-16_19-59-56.zip PHP/Kryptik.AB trojan deleted - quarantined
    D:\Temp\Nuance Dragon Naturally Speaking 11 Premium.rar Win32/Agent.QTP trojan deleted - quarantined

    GooredFix Log
    GooredFix by jpshortstuff (
    Log created at 22:51 on 03/01/2012 (JasonB)
    Firefox version 9.0.1 (en-US)

    ========== GooredScan ==========

    ========== GooredLog ==========

    C:\Program Files (x86)\Mozilla Firefox\extensions\
    {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [13:10 23/05/2011]
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [23:55 01/08/2011]

    C:\Users\JasonB\Application Data\Mozilla\Firefox\Profiles\febeprof.JasonB\extensions\
    foxmarks@kei.com [13:02 25/08/2011]
    LogMeInClient@logmein.com [02:26 17/12/2011]
    simplemail@telega.phpnet.us [17:07 24/10/2011]
    xtremenventor2@aol.com [18:54 31/10/2010]
    {317B5128-0B0B-49b2-B2DB-1E7560E16C74} [02:16 17/12/2011]
    {3b56bcc7-54e5-44a2-9b44-66c3ef58c13e} [17:17 30/12/2011]
    {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} [22:16 02/06/2011]
    {4BBDD651-70CF-4821-84F8-2B918CF89CA3} [21:39 06/09/2011]
    {6AC85730-7D0F-4de0-B3FA-21142DD85326} [16:11 05/12/2011]
    {76C80A11-FAD4-406c-8246-F5ED4F9367B5} [00:59 07/03/2011]
    {7CEA821D-3DAB-4238-B424-BF7324531750} [12:57 17/02/2011]
    {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [21:24 27/11/2011]
    {99B98C2C-7274-45a3-A640-D9DF1A1C8460} [21:42 14/05/2010]
    {b9db16a4-6edc-47ec-a1f4-b86292ed211d} [18:38 23/12/2011]
    {cc85cd4e-5a5b-4eda-a25c-bdaffa93b406} [19:34 07/10/2011]
    {e4a8a97b-f2ed-450b-b12d-ee082ba24781} [01:32 12/11/2011]
    {e968fc70-8f95-4ab9-9e79-304de2a71ee1} [17:06 10/01/2011]

    C:\Users\JasonB\Application Data\Mozilla\Firefox\Profiles\m3lid821.default\extensions\
    {4BBDD651-70CF-4821-84F8-2B918CF89CA3} [21:41 14/05/2010]

    "{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}"="D:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}" [02:22 15/05/2010]
    "{000a9d1c-beef-4f90-9363-039d445309b8}"="C:\Program Files (x86)\Google\Google Gears\Firefox\" [02:55 14/07/2011]
    "fiddlerhook@fiddler2.com"="D:\Program Files (x86)\Fiddler2\FiddlerHook" [18:17 13/10/2011]
    "{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox" [23:59 14/05/2010]


    Dec 2007
    Daly City, CA
    Let's try to reset your router.

    Go Start>Run (Start search in Vista), type in:
    Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"

    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and let me know if MBAM still complains.

    NOTE. You may need to re-check your router security settings, as described HERE

    Dec 2011
    I ran the ipconfig commands and reset the routers but it didn't help. I wanted to update you on the progress. I uninstalled skype thinking it could be associated with skype but i now get a firefox.exe block using malwarebytes. Also, my machine just froze and went to reboot and came up with the file hal.dll is missing or corrupt error. If i power the machine down and then power it up, it comes up fine. Before it froze i could tell it was slowly loosing memory. Each program started to not be responsive until it restarted.

    Here is the firefox.exe block

    Dec 2007
    Daly City, CA
    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Double click on downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log (FRST.txt) on your desktop.
    • Please copy and paste it to your reply.

