Advertisement
Advertisement
 Search | |
| |
15-Aug-2012, 05:30 PM
#1 | |||||||
| Running slowww Tech Support Guy System Info Utility version 1.0.0.2 OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit Processor: AMD Athlon(tm) II P340 Dual-Core Processor, AMD64 Family 16 Model 6 Stepping 3 Processor Count: 2 RAM: 2810 Mb Graphics Card: ATI Mobility Radeon HD 4200 Series, 256 Mb Hard Drives: C: Total - 294357 MB, Free - 191541 MB; Motherboard: TOSHIBA, Portable PC Antivirus: avast! Antivirus, Updated and Enabled Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:50:26 AM, on 8/15/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16447) Boot mode: Normal Running processes: C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\windows\SysWOW64\DllHost.exe C:\windows\SysWOW64\werfault.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Kent\Desktop\HijackThis(2).exe C:\windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript O4 - HKLM\..\RunOnce: [aswAhAScr.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll" O4 - HKLM\..\RunOnce: [aswasOutExt.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt.dll" O4 - HKLM\..\RunOnce: [aswasOutExt64.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr64.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt64.dll" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Kent\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup O4 - Startup: AutorunsDisabled O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe O4 - Startup: Monitor Ink Alerts - .lnk = ? O4 - Startup: Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk = ? O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: AutorunsDisabled O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13212 bytes . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Me at 16:49:53 on 2012-08-15 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1364 [GMT -4:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskeng.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\windows\system32\RunDll32.exe C:\windows\system32\RunDll32.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files\iPod\bin\iPodService.exe C:\windows\System32\alg.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\HP\HP Photosmart 5510 series\bin\HPNetworkCommunicator.exe C:\Program Files\HP\HP Photosmart 5510 series\bin\HPNetworkCommunicator.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\svchost.exe -k SDRSVC C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe C:\windows\system32\conhost.exe C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE C:\windows\splwow64.exe C:\windows\system32\taskhost.exe C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\windows\SysWOW64\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe C:\windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND uInternet Settings,ProxyOverride = <local> mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript mRunOnce: [aswAhAScr.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll" mRunOnce: [aswasOutExt.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt.dll" mRunOnce: [aswasOutExt64.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr64.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt64.dll" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\SAGEAC~1.LN K - C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Sync.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{6A9B4FE2-D45C-4A0C-A27F-53ABB82A770C} : DhcpNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{6A9B4FE2-D45C-4A0C-A27F-53ABB82A770C}\145627F61323 : DhcpNameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{6A9B4FE2-D45C-4A0C-A27F-53ABB82A770C}\4456E6E69737F575962756C6563737 : DhcpNameServer = 70.154.57.161 TCP: Interfaces\{6A9B4FE2-D45C-4A0C-A27F-53ABB82A770C}\C696E6B6379737 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{72561F24-83B2-4083-86F3-0692CF78E0D7} : DhcpNameServer = 65.32.5.111 65.32.5.112 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript mRunOnce-x64: [aswAhAScr.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll" mRunOnce-x64: [aswasOutExt.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt.dll" mRunOnce-x64: [aswasOutExt64.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr64.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt64.dll" IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE-X64: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Me.Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\4ouh58so.defau lt\ FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-7-10 44808] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-5-6 61913952] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-12-15 126392] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?] R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?] R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?] R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?] R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?] R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-19 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-20 250056] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-19 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?] S3 Ser2ph;Microsoft USB GPS driver;C:\windows\system32\DRIVERS\ser2ph64.sys --> C:\windows\system32\DRIVERS\ser2ph64.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?] S4 ACT! Scheduler;ACT! Scheduler;C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2010-8-19 81920] S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] S4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-5-6 59744] S4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-12-15 123320] S4 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-3-5 1257760] S4 RsFx0150;RsFx0150 Driver;C:\windows\system32\DRIVERS\RsFx0150.sys --> C:\windows\system32\DRIVERS\RsFx0150.sys [?] S4 SQLAgent$ACT7;SQL Server Agent (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-5-6 428384] S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-12-15 51512] S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560] . =============== Created Last 30 ================ . 2012-08-11 21:45:39 -------- d-----w- C:\Users\Me.Toshiba\AppData\Local\DYMO 2012-08-11 16:43:36 -------- d-----w- C:\Program Files (x86)\DYMO 2012-08-11 16:43:14 -------- d-----w- C:\ProgramData\DYMO 2012-08-03 10:50:28 -------- d-----w- C:\Users\Me.Toshiba\AppData\Local\Google 2012-08-02 23:26:28 -------- d-----w- C:\Program Files\iPod 2012-08-02 23:26:26 -------- d-----w- C:\Program Files\iTunes 2012-08-02 23:26:26 -------- d-----w- C:\Program Files (x86)\iTunes . ==================== Find3M ==================== . 2012-08-15 01:19:21 952 --sha-w- C:\ProgramData\KGyGaAvL.sys 2012-08-14 20:24:25 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-14 20:24:25 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-07-03 16:21:52 958400 ----a-w- C:\windows\System32\drivers\aswSnx.sys 2012-07-03 16:21:52 71064 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2012-07-03 16:21:52 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys 2012-07-03 16:21:32 41224 ----a-w- C:\windows\avastSS.scr 2012-06-12 03:08:36 3148800 ----a-w- C:\windows\System32\win32k.sys 2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll . ============= FINISH: 16:51:37.63 =============== |
18-Aug-2012, 09:56 AM
#3 | ||||||
| Hi Kesatini, my name is Mark and I will be helping you. While under my guidance please do not run any scans or make any other changes to the system that I have not asked for as this can cause misleading results. There is no need to resubmit the logs. Please uninstall Spybot Search and Destroy and replace it with SuperAntiSpyware. Spybot is no longer a recommended program and its Teatimer process can interfere with scanning tools and fixes. Please go into Task Manager by pressing the Ctrl, Alt and Delete keys on your keyboard and select Task Manager from the list. Scroll down the list of processes and find Teatimer.exe, click on it and then click on the End Process button. The go into Programs and Features via the Control Panel and click on Spybot Search & Destroy, then click on Uninstall. If Teatimer is not present in the list of processes then please proceed with the uninstall. Next, download and install this: SuperAntiSpyware run a scan with it and post the log. I see you have Malwarebytes on your system, please follow this to run a scan. Please run Malwarebytes and post the log as follows:
|
18-Aug-2012, 02:09 PM
#4 | |||||||
| Thanks Mark. Here's the logs for Super & MalwareBytes: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/18/2012 at 11:45 AM Application Version : 5.5.1012 Core Rules Database Version : 9083 Trace Rules Database Version: 6895 Scan type : Quick Scan Total Scan Time : 00:08:24 Operating System Information Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601) UAC Off - Limited User Memory items scanned : 574 Memory threats detected : 0 Registry items scanned : 58500 Registry threats detected : 0 File items scanned : 10926 File threats detected : 309 Adware.Tracking Cookie .adserver.adtechus.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y62LB6IG.txt [ Cookie:brad@realmedia.com/ ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\UJGHINA2.txt [ Cookie:brad@collective-media.net/ ] .realmedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .imrworldwide.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .imrworldwide.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .adbrite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\L4SFSL33.txt [ Cookie:brad@apmebf.com/ ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\6RA397P9.txt [ Cookie:brad@adxpose.com/ ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\RULEO0N7.txt [ Cookie:brad@adbrite.com/ ] .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\XZIT6ILQ.txt [ Cookie:brad@ads.pointroll.com/ ] .collective-media.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\7SFAFPOI.txt [ Cookie:brad@revsci.net/ ] .getclicky.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .static.getclicky.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] in.getclicky.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .interclick.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .interclick.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .adinterax.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\L3IKCOLS.txt [ Cookie:brad@network.realmedia.com/ ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\TNH69XO5.txt [ Cookie:brad@imrworldwide.com/cgi-bin ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .overture.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\IV58HIAC.txt [ Cookie:brad@serving-sys.com/ ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\U7XPDNC1.txt [ Cookie:brad@legolas-media.com/ ] .liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\IQBBFOXM.txt [ Cookie:brad@advertising.com/ ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\02GZZ68C.txt [ Cookie:brad@ru4.com/ ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\VREESZKL.txt [ Cookie:brad@insightexpressai.com/ ] .at.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\A2P7HN65.txt [ Cookie:brad@invitemedia.com/ ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHAWUL4X.txt [ Cookie:brad@edge.jeetyetmedia.com/ ] .adtech.de [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .legolas-media.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] officialrecords.lakecountyclerk.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\QENC2N1L.txt [ Cookie:brad@doubleclick.net/ ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\FW34IUR7.txt [ Cookie:brad@jeetyetmedia.com/ ] .247realmedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\GHCIIDS4.txt [ Cookie:brad@atdmt.com/ ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\YWM8S6FO.txt [ Cookie:brad@pro-market.net/ ] .112.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\L51F2MW0.txt [ Cookie:brad@at.atwola.com/ ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .amazon-adsystem.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .amazon-adsystem.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .kontera.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .realmedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .citi.bridgetrack.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .media2.legacy.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .myweather.112.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] www.lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .findthedata.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .findthedata.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .findthedata.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] media2.legacy.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] media2.legacy.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .realmedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .lakecountyclerk.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .lakecountyclerk.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .adinterax.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .solvemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .citi.bridgetrack.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .paypal.112.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .estat.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .xiti.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .1sadx.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .findthebest.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .findthebest.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .findthebest.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .fl-child-care.findthebest.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ar.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ar.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .gis.lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .gis.lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] adserver.arrests.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .yieldmanager.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .adbrite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .adbrite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .adbrite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .pro-market.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .interclick.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .traveladvertising.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .microsofthalo.122.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] mediaservices-d.openxenterprise.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .at.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .tacoda.at.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .tacoda.at.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .at.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .microsoftsto.112.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .accounts.google.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .accounts.google.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .legolas-media.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .legolas-media.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] stats.townnews.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] stats.townnews.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] stats.townnews.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] stats.townnews.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] pulse-analytics-beacon.reutersmedia.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .track.ringcentral.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .c.gigcount.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .accountonline.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] insight.torbit.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] dc.tremormedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] insightinterests.infusionsoft.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] insightinterests.infusionsoft.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] insightinterests.infusionsoft.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] insightinterests.infusionsoft.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .bizrate.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .bizrate.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] webanalytics.crownpeak.com.re.getclicky.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .findlaw.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .findlaw.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .overture.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .collective-media.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .findlaw.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .findlaw.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .findlaw.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .citi.bridgetrack.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] accounts.google.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] accounts.youtube.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .mmstat.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .lakecountyrepublicans.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .lakecountyrepublicans.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] lakecountygov.info [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .mediaforge.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .mediaforge.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .mediaforge.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] .liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] sales.liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] www.mediaite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] videos.mediaite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] www.mediaite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] accounts.youtube.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] www.lakecountyclerk.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] www.lakecountyclerk.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] accounts.youtube.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] accounts.youtube.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] accounts.youtube.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] accounts.google.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ] *************************************************************************** Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.29.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kent :: TOSHIBA [limited] 8/18/2012 11:53:35 AM mbam-log-2012-08-18 (11-53-35).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 362904 Time elapsed: 1 hour(s), 34 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
18-Aug-2012, 02:58 PM
#5 | ||||||
| SuperAntiSpyware has cleared out some junk, but only found harmless cookies. The Malwarebytes scan has come up clean. Is slow running of the PC the only problem, did it happen suddenly or did it get worse over a long period of time. Are you getting any freezing or total system crashes? Pleas run this scan, it may take several hours to complete. Eset online scan instructions. IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.
|
18-Aug-2012, 09:34 PM
#6 | |||||||
| The slowness didn't appear all of a sudden, but seemed to get worse over time. I have had Firefox crash quite a bit lately, and things are taking forever to load. Here's the estet info: C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\Users\Kent\AppData\Local\Temp\YontooLayers\background.html Win32/Adware.Yontoo.C application C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\gujvas2x.default\ext ensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application C:\Users\Kent\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe Win32/Adware.Yontoo application C:\Users\Kent\Downloads\cnet_KeePass-2_16-Setup_exe.exe a variant of Win32/InstallCore.D application Operating memory a variant of Win32/Adware.Yontoo.A application |
19-Aug-2012, 08:18 AM
#7 | ||||||
| The detections by Eset are all fairly minor and Adware related, nothing I have seen so far would explain why your system is running slowly, we shall continue with further scans. Please download ComboFix  from one of the locations below and save it to your Desktop. <-Important!!!Be sure to print out and follow these instructions: A guide and tutorial on using ComboFixVista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it. -- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security. If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier. NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return. Quote:
Disk Check
Windows 7 Disk Check log Once the log is in view then click on Copy in the right hand pane and select "Copy details as text". You can then right click on the message box on this forum and select Paste and the log will appear, add any further information asked for and then click on Submit/Post Quick Reply and your done. ________________________________________________________________
|
19-Aug-2012, 09:05 AM
#8 | |||||||
| Mark, it didn't like running ComboFix. Upon restart, the txt window comes up and is flashing across my screen (starts in upper left corner, works it way down to the center, and then repeats back to the top. Is flashing very quickly.). I tried a restart and it does the same thing. What now? |
19-Aug-2012, 11:54 AM
#11 | |||||||
| I am able to start in safe mode. I wasn't there when it rebooted, but I assume ComboFix finished. There is no text in the flashing window... I could read that the title was ComboFix. "I'm using my iPhone to access the forum." |
19-Aug-2012, 12:11 PM
#12 | ||||||
| If you start the PC in "Safe Mode with Networking" you can still use the internet to contact this forum. I'm not too sure what has gone wrong, but as it showed Combofix in the Window flashng across the screen it would indicate that Combofix was still working, I assume you did not give it a chance to finish and rebooted. We may have to resort to using System Restore, but first please boot into normal mode and leave it uninturupted and see what happens, try to read the full message in the text window. Post back and let me know what happens. |
19-Aug-2012, 05:26 PM
#14 | ||||||
| You will appreciate I cannot see what you are seeing and I am not 100% clear on what has happened. After Combofix has done a scan it reboots the PC and then creates the log, I understand you did not rush the process, but how long did you leave it for? If you now try to boot back into Normal Mode, what happens? |
19-Aug-2012, 06:27 PM
#15 | |||||||
| I just restarted in normal mode and I'm going to let it run while we grab some dinner. Can't read what it says above the black text area because it is blinking and moving so fast. Definitely ComboFix, but there may be additional wording. I'll let you know in an hour or so if anything has changed. Thanks again for your help! |
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
