Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Running slowww


(!)

kesatini's Avatar
kesatini kesatini is offline
Computer Specs
Member with 38 posts.
THREAD STARTER
 
Join Date: Oct 2010
Experience: Intermediate
15-Aug-2012, 05:30 PM #1
Running slowww
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II P340 Dual-Core Processor, AMD64 Family 16 Model 6 Stepping 3
Processor Count: 2
RAM: 2810 Mb
Graphics Card: ATI Mobility Radeon HD 4200 Series, 256 Mb
Hard Drives: C: Total - 294357 MB, Free - 191541 MB;
Motherboard: TOSHIBA, Portable PC
Antivirus: avast! Antivirus, Updated and Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:50:26 AM, on 8/15/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\SysWOW64\DllHost.exe
C:\windows\SysWOW64\werfault.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Kent\Desktop\HijackThis(2).exe
C:\windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKLM\..\RunOnce: [aswAhAScr.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll"
O4 - HKLM\..\RunOnce: [aswasOutExt.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt.dll"
O4 - HKLM\..\RunOnce: [aswasOutExt64.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr64.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt64.dll"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Kent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
O4 - Startup: AutorunsDisabled
O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
O4 - Startup: Monitor Ink Alerts - .lnk = ?
O4 - Startup: Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk = ?
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13212 bytes

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Me at 16:49:53 on 2012-08-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1364 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\RunDll32.exe
C:\windows\system32\RunDll32.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\HP Photosmart 5510 series\bin\HPNetworkCommunicator.exe
C:\Program Files\HP\HP Photosmart 5510 series\bin\HPNetworkCommunicator.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\windows\splwow64.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\SysWOW64\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce: [aswAhAScr.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll"
mRunOnce: [aswasOutExt.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt.dll"
mRunOnce: [aswasOutExt64.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr64.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt64.dll"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\SAGEAC~1.LN K - C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Sync.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{6A9B4FE2-D45C-4A0C-A27F-53ABB82A770C} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{6A9B4FE2-D45C-4A0C-A27F-53ABB82A770C}\145627F61323 : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{6A9B4FE2-D45C-4A0C-A27F-53ABB82A770C}\4456E6E69737F575962756C6563737 : DhcpNameServer = 70.154.57.161
TCP: Interfaces\{6A9B4FE2-D45C-4A0C-A27F-53ABB82A770C}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{72561F24-83B2-4083-86F3-0692CF78E0D7} : DhcpNameServer = 65.32.5.111 65.32.5.112
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
mRunOnce-x64: [aswAhAScr.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll"
mRunOnce-x64: [aswasOutExt.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt.dll"
mRunOnce-x64: [aswasOutExt64.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr64.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt64.dll"
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE-X64: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Me.Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\4ouh58so.defau lt\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-7-10 44808]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-5-6 61913952]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-12-15 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-19 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-20 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-19 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 Ser2ph;Microsoft USB GPS driver;C:\windows\system32\DRIVERS\ser2ph64.sys --> C:\windows\system32\DRIVERS\ser2ph64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S4 ACT! Scheduler;ACT! Scheduler;C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2010-8-19 81920]
S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-5-6 59744]
S4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-12-15 123320]
S4 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-3-5 1257760]
S4 RsFx0150;RsFx0150 Driver;C:\windows\system32\DRIVERS\RsFx0150.sys --> C:\windows\system32\DRIVERS\RsFx0150.sys [?]
S4 SQLAgent$ACT7;SQL Server Agent (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-5-6 428384]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-12-15 51512]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
.
=============== Created Last 30 ================
.
2012-08-11 21:45:39 -------- d-----w- C:\Users\Me.Toshiba\AppData\Local\DYMO
2012-08-11 16:43:36 -------- d-----w- C:\Program Files (x86)\DYMO
2012-08-11 16:43:14 -------- d-----w- C:\ProgramData\DYMO
2012-08-03 10:50:28 -------- d-----w- C:\Users\Me.Toshiba\AppData\Local\Google
2012-08-02 23:26:28 -------- d-----w- C:\Program Files\iPod
2012-08-02 23:26:26 -------- d-----w- C:\Program Files\iTunes
2012-08-02 23:26:26 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-08-15 01:19:21 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-08-14 20:24:25 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-14 20:24:25 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-03 16:21:52 958400 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2012-07-03 16:21:52 71064 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2012-07-03 16:21:52 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2012-07-03 16:21:32 41224 ----a-w- C:\windows\avastSS.scr
2012-06-12 03:08:36 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
.
============= FINISH: 16:51:37.63 ===============
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
kesatini's Avatar
kesatini kesatini is offline
Computer Specs
Member with 38 posts.
THREAD STARTER
 
Join Date: Oct 2010
Experience: Intermediate
16-Aug-2012, 08:45 AM #2
An update. My computer just automatically updated Windows this morning. Do I need to resubmit logs? Thanks!
Mark1956's Avatar
Malware Removal Specialist with 14,072 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
18-Aug-2012, 09:56 AM #3
Hi Kesatini, my name is Mark and I will be helping you.

While under my guidance please do not run any scans or make any other changes to the system that I have not asked for as this can cause misleading results.

There is no need to resubmit the logs.

Please uninstall Spybot Search and Destroy and replace it with SuperAntiSpyware. Spybot is no longer a recommended program and its Teatimer process can interfere with scanning tools and fixes.

Please go into Task Manager by pressing the Ctrl, Alt and Delete keys on your keyboard and select Task Manager from the list. Scroll down the list of processes and find Teatimer.exe, click on it and then click on the End Process button. The go into Programs and Features via the Control Panel and click on Spybot Search & Destroy, then click on Uninstall. If Teatimer is not present in the list of processes then please proceed with the uninstall. Next, download and install this: SuperAntiSpyware run a scan with it and post the log.

I see you have Malwarebytes on your system, please follow this to run a scan.


Please run Malwarebytes and post the log as follows:
  • Open Malwarebytes and allow it to update with the latest definitions, then run a Full Scan (not the Quick scan).
  • When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
kesatini's Avatar
kesatini kesatini is offline
Computer Specs
Member with 38 posts.
THREAD STARTER
 
Join Date: Oct 2010
Experience: Intermediate
18-Aug-2012, 02:09 PM #4
Thanks Mark. Here's the logs for Super & MalwareBytes:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/18/2012 at 11:45 AM

Application Version : 5.5.1012

Core Rules Database Version : 9083
Trace Rules Database Version: 6895

Scan type : Quick Scan
Total Scan Time : 00:08:24

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Limited User

Memory items scanned : 574
Memory threats detected : 0
Registry items scanned : 58500
Registry threats detected : 0
File items scanned : 10926
File threats detected : 309

Adware.Tracking Cookie
.adserver.adtechus.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y62LB6IG.txt [ Cookie:brad@realmedia.com/ ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\UJGHINA2.txt [ Cookie:brad@collective-media.net/ ]
.realmedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.imrworldwide.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.imrworldwide.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.adbrite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\L4SFSL33.txt [ Cookie:brad@apmebf.com/ ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\6RA397P9.txt [ Cookie:brad@adxpose.com/ ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\RULEO0N7.txt [ Cookie:brad@adbrite.com/ ]
.revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\XZIT6ILQ.txt [ Cookie:brad@ads.pointroll.com/ ]
.collective-media.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\7SFAFPOI.txt [ Cookie:brad@revsci.net/ ]
.getclicky.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.static.getclicky.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
in.getclicky.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.interclick.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.interclick.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.adinterax.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\L3IKCOLS.txt [ Cookie:brad@network.realmedia.com/ ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\TNH69XO5.txt [ Cookie:brad@imrworldwide.com/cgi-bin ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.overture.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\IV58HIAC.txt [ Cookie:brad@serving-sys.com/ ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\U7XPDNC1.txt [ Cookie:brad@legolas-media.com/ ]
.liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\IQBBFOXM.txt [ Cookie:brad@advertising.com/ ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\02GZZ68C.txt [ Cookie:brad@ru4.com/ ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\VREESZKL.txt [ Cookie:brad@insightexpressai.com/ ]
.at.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\A2P7HN65.txt [ Cookie:brad@invitemedia.com/ ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHAWUL4X.txt [ Cookie:brad@edge.jeetyetmedia.com/ ]
.adtech.de [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.legolas-media.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
officialrecords.lakecountyclerk.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\QENC2N1L.txt [ Cookie:brad@doubleclick.net/ ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\FW34IUR7.txt [ Cookie:brad@jeetyetmedia.com/ ]
.247realmedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\GHCIIDS4.txt [ Cookie:brad@atdmt.com/ ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\YWM8S6FO.txt [ Cookie:brad@pro-market.net/ ]
.112.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\L51F2MW0.txt [ Cookie:brad@at.atwola.com/ ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.kontera.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.realmedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.citi.bridgetrack.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.media2.legacy.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.myweather.112.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
www.lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.findthedata.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.findthedata.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.findthedata.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
media2.legacy.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
media2.legacy.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.realmedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.lakecountyclerk.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.lakecountyclerk.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.adinterax.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.solvemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.citi.bridgetrack.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.estat.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.xiti.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.1sadx.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.findthebest.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.findthebest.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.findthebest.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.fl-child-care.findthebest.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ar.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ar.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.gis.lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.gis.lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
adserver.arrests.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.yieldmanager.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.adbrite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.adbrite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.adbrite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.pro-market.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.interclick.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.traveladvertising.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.microsofthalo.122.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
mediaservices-d.openxenterprise.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.at.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.at.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.accounts.google.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.accounts.google.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.legolas-media.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.legolas-media.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
stats.townnews.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
stats.townnews.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
stats.townnews.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
stats.townnews.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
pulse-analytics-beacon.reutersmedia.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.track.ringcentral.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.c.gigcount.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.accountonline.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
insight.torbit.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
insightinterests.infusionsoft.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
insightinterests.infusionsoft.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
insightinterests.infusionsoft.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
insightinterests.infusionsoft.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.bizrate.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.bizrate.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
webanalytics.crownpeak.com.re.getclicky.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.findlaw.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.findlaw.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.overture.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.collective-media.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.findlaw.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.findlaw.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.findlaw.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.citi.bridgetrack.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
accounts.google.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
accounts.youtube.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.mmstat.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.lakecountyrepublicans.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.lakecountyrepublicans.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
lakecountygov.info [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.mediaforge.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.mediaforge.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.mediaforge.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
.liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
sales.liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
www.mediaite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
videos.mediaite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
www.mediaite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
accounts.youtube.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
www.lakecountyclerk.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
www.lakecountyclerk.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
accounts.youtube.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
accounts.youtube.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
accounts.youtube.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]
accounts.google.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COO KIES.SQLITE ]

***************************************************************************

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kent :: TOSHIBA [limited]

8/18/2012 11:53:35 AM
mbam-log-2012-08-18 (11-53-35).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 362904
Time elapsed: 1 hour(s), 34 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Mark1956's Avatar
Malware Removal Specialist with 14,072 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
18-Aug-2012, 02:58 PM #5
SuperAntiSpyware has cleared out some junk, but only found harmless cookies.

The Malwarebytes scan has come up clean.

Is slow running of the PC the only problem, did it happen suddenly or did it get worse over a long period of time. Are you getting any freezing or total system crashes?

Pleas run this scan, it may take several hours to complete.


Eset online scan instructions.
IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.
  • Disable your existing Anti Virus following these instructions.
  • Please go here to use the Eset Online Scanner.
  • When the web page opens click on this button
  • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
  • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
  • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
  • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
  • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
  • Back on the Eset window, click the Back button and then click on Finish.
kesatini's Avatar
kesatini kesatini is offline
Computer Specs
Member with 38 posts.
THREAD STARTER
 
Join Date: Oct 2010
Experience: Intermediate
18-Aug-2012, 09:34 PM #6
The slowness didn't appear all of a sudden, but seemed to get worse over time. I have had Firefox crash quite a bit lately, and things are taking forever to load. Here's the estet info:


C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Kent\AppData\Local\Temp\YontooLayers\background.html Win32/Adware.Yontoo.C application
C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\gujvas2x.default\ext ensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application
C:\Users\Kent\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe Win32/Adware.Yontoo application
C:\Users\Kent\Downloads\cnet_KeePass-2_16-Setup_exe.exe a variant of Win32/InstallCore.D application
Operating memory a variant of Win32/Adware.Yontoo.A application
Mark1956's Avatar
Malware Removal Specialist with 14,072 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
19-Aug-2012, 08:18 AM #7
The detections by Eset are all fairly minor and Adware related, nothing I have seen so far would explain why your system is running slowly, we shall continue with further scans.


Please download ComboFix from one of the locations below and save it to your Desktop. <-Important!!!Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • If ComboFix detects an older version of itself, you will be asked to update the program.
  • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.
-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.
If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.
NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.
Quote:
Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.
____________________________________________________________

Disk Check
  • Click on Start then type cmd in the search box. A menu will pop up with cmd at the top, right click on it and select Run as Administrator. Another box will open, at the prompt type chkdsk /r and hit Enter. Note: you must include a space between the k and the /
  • You will then see the following message:
    chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
  • Type Y for yes, and hit Enter. Then reboot the computer.
  • chkdsk will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (The chkdsk process may take an hour or more to finish, if it appears to freeze this is normal so do not interrupt it. On drives above 500GB it can take several hours.)
  • When the Disk Check is done, it will finish loading Windows.
Then follow this guide to find the chkdsk log. NOTE: You need to do the search for wininit not chkdsk.
Windows 7 Disk Check log
Once the log is in view then click on Copy in the right hand pane and select "Copy details as text".
You can then right click on the message box on this forum and select Paste and the log will appear, add any further information asked for and then click on Submit/Post Quick Reply and your done.

________________________________________________________________

  • Windows 7 System File Checker
  • Click on Start and type cmd in the search box. Right click on cmd in the popup menu and select Run as Administrator.
  • Another box will open, at the Command Prompt, type sfc /scannow and press Enter. (Note the gap between the c and the /)
  • Let the check run to completion.
    To find the log
  • Copy & Paste the following command at the Command Prompt and press Enter:
    findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
  • This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
  • Zip up the file and attach it to your next post.
kesatini's Avatar
kesatini kesatini is offline
Computer Specs
Member with 38 posts.
THREAD STARTER
 
Join Date: Oct 2010
Experience: Intermediate
19-Aug-2012, 09:05 AM #8
Mark, it didn't like running ComboFix. Upon restart, the txt window comes up and is flashing across my screen (starts in upper left corner, works it way down to the center, and then repeats back to the top. Is flashing very quickly.). I tried a restart and it does the same thing.

What now?
Mark1956's Avatar
Malware Removal Specialist with 14,072 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
19-Aug-2012, 09:15 AM #9
Did the Combofix scan complete before it rebooted?

Can you start it in Safe Mode?
Mark1956's Avatar
Malware Removal Specialist with 14,072 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
19-Aug-2012, 09:54 AM #10
One other thing I should have asked, what was the text in the flashing window, if you could read it.
kesatini's Avatar
kesatini kesatini is offline
Computer Specs
Member with 38 posts.
THREAD STARTER
 
Join Date: Oct 2010
Experience: Intermediate
19-Aug-2012, 11:54 AM #11
I am able to start in safe mode. I wasn't there when it rebooted, but I assume ComboFix finished.

There is no text in the flashing window... I could read that the title was ComboFix.

"I'm using my iPhone to access the forum."
Mark1956's Avatar
Malware Removal Specialist with 14,072 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
19-Aug-2012, 12:11 PM #12
If you start the PC in "Safe Mode with Networking" you can still use the internet to contact this forum.

I'm not too sure what has gone wrong, but as it showed Combofix in the Window flashng across the screen it would indicate that Combofix was still working, I assume you did not give it a chance to finish and rebooted.

We may have to resort to using System Restore, but first please boot into normal mode and leave it uninturupted and see what happens, try to read the full message in the text window. Post back and let me know what happens.
kesatini's Avatar
kesatini kesatini is offline
Computer Specs
Member with 38 posts.
THREAD STARTER
 
Join Date: Oct 2010
Experience: Intermediate
19-Aug-2012, 02:11 PM #13
To clarify Mark, I did not rush the process. It restarted in its own and opened a small window (a regular log window but there was no text)
Mark1956's Avatar
Malware Removal Specialist with 14,072 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
19-Aug-2012, 05:26 PM #14
You will appreciate I cannot see what you are seeing and I am not 100% clear on what has happened. After Combofix has done a scan it reboots the PC and then creates the log, I understand you did not rush the process, but how long did you leave it for?

If you now try to boot back into Normal Mode, what happens?
kesatini's Avatar
kesatini kesatini is offline
Computer Specs
Member with 38 posts.
THREAD STARTER
 
Join Date: Oct 2010
Experience: Intermediate
19-Aug-2012, 06:27 PM #15
I just restarted in normal mode and I'm going to let it run while we grab some dinner. Can't read what it says above the black text area because it is blinking and moving so fast. Definitely ComboFix, but there may be additional wording. I'll let you know in an hour or so if anything has changed. Thanks again for your help!
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑