1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Running slowww

Discussion in 'Virus & Other Malware Removal' started by kesatini, Aug 15, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. kesatini

    kesatini Thread Starter

    Joined:
    Oct 4, 2010
    Messages:
    38
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
    Processor: AMD Athlon(tm) II P340 Dual-Core Processor, AMD64 Family 16 Model 6 Stepping 3
    Processor Count: 2
    RAM: 2810 Mb
    Graphics Card: ATI Mobility Radeon HD 4200 Series, 256 Mb
    Hard Drives: C: Total - 294357 MB, Free - 191541 MB;
    Motherboard: TOSHIBA, Portable PC
    Antivirus: avast! Antivirus, Updated and Enabled

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:50:26 AM, on 8/15/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\windows\SysWOW64\DllHost.exe
    C:\windows\SysWOW64\werfault.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Kent\Desktop\HijackThis(2).exe
    C:\windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    O4 - HKLM\..\RunOnce: [aswAhAScr.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll"
    O4 - HKLM\..\RunOnce: [aswasOutExt.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt.dll"
    O4 - HKLM\..\RunOnce: [aswasOutExt64.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr64.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt64.dll"
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Kent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
    O4 - Startup: AutorunsDisabled
    O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    O4 - Startup: Monitor Ink Alerts - .lnk = ?
    O4 - Startup: Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk = ?
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    O4 - Global Startup: AutorunsDisabled
    O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 13212 bytes

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Me at 16:49:53 on 2012-08-15
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1364 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\taskeng.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\windows\system32\RunDll32.exe
    C:\windows\system32\RunDll32.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\System32\alg.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\HP\HP Photosmart 5510 series\bin\HPNetworkCommunicator.exe
    C:\Program Files\HP\HP Photosmart 5510 series\bin\HPNetworkCommunicator.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\windows\system32\conhost.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\windows\system32\conhost.exe
    C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    C:\windows\splwow64.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\windows\SysWOW64\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
    uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    mRunOnce: [aswAhAScr.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll"
    mRunOnce: [aswasOutExt.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt.dll"
    mRunOnce: [aswasOutExt64.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr64.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt64.dll"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTORU~1\SAGEAC~1.LNK - C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Sync.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{6A9B4FE2-D45C-4A0C-A27F-53ABB82A770C} : DhcpNameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{6A9B4FE2-D45C-4A0C-A27F-53ABB82A770C}\145627F61323 : DhcpNameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{6A9B4FE2-D45C-4A0C-A27F-53ABB82A770C}\4456E6E69737F575962756C6563737 : DhcpNameServer = 70.154.57.161
    TCP: Interfaces\{6A9B4FE2-D45C-4A0C-A27F-53ABB82A770C}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{72561F24-83B2-4083-86F3-0692CF78E0D7} : DhcpNameServer = 65.32.5.111 65.32.5.112
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
    BHO-X64: Yontoo Layers - No File
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    mRunOnce-x64: [aswAhAScr.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\AhAScr.dll"
    mRunOnce-x64: [aswasOutExt.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt.dll"
    mRunOnce-x64: [aswasOutExt64.dll] "C:\Program Files\Alwil Software\Avast5\aswRegSvr64.exe" "C:\Program Files\Alwil Software\Avast5\asOutExt64.dll"
    IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE-X64: {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PlotSoft\PDFill\DownloadPDF.exe
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Me.Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\4ouh58so.default\
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-7-10 44808]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 MSSQL$ACT7;SQL Server (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-5-6 61913952]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-12-15 126392]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
    R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-19 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-20 250056]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-19 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
    S3 Ser2ph;Microsoft USB GPS driver;C:\windows\system32\DRIVERS\ser2ph64.sys --> C:\windows\system32\DRIVERS\ser2ph64.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
    S4 ACT! Scheduler;ACT! Scheduler;C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2010-8-19 81920]
    S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    S4 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-5-6 59744]
    S4 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-12-15 123320]
    S4 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-3-5 1257760]
    S4 RsFx0150;RsFx0150 Driver;C:\windows\system32\DRIVERS\RsFx0150.sys --> C:\windows\system32\DRIVERS\RsFx0150.sys [?]
    S4 SQLAgent$ACT7;SQL Server Agent (ACT7);C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-5-6 428384]
    S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-12-15 51512]
    S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
    .
    =============== Created Last 30 ================
    .
    2012-08-11 21:45:39 -------- d-----w- C:\Users\Me.Toshiba\AppData\Local\DYMO
    2012-08-11 16:43:36 -------- d-----w- C:\Program Files (x86)\DYMO
    2012-08-11 16:43:14 -------- d-----w- C:\ProgramData\DYMO
    2012-08-03 10:50:28 -------- d-----w- C:\Users\Me.Toshiba\AppData\Local\Google
    2012-08-02 23:26:28 -------- d-----w- C:\Program Files\iPod
    2012-08-02 23:26:26 -------- d-----w- C:\Program Files\iTunes
    2012-08-02 23:26:26 -------- d-----w- C:\Program Files (x86)\iTunes
    .
    ==================== Find3M ====================
    .
    2012-08-15 01:19:21 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
    2012-08-14 20:24:25 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-14 20:24:25 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-03 16:21:52 958400 ----a-w- C:\windows\System32\drivers\aswSnx.sys
    2012-07-03 16:21:52 71064 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
    2012-07-03 16:21:52 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
    2012-07-03 16:21:32 41224 ----a-w- C:\windows\avastSS.scr
    2012-06-12 03:08:36 3148800 ----a-w- C:\windows\System32\win32k.sys
    2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
    2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
    2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
    2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
    .
    ============= FINISH: 16:51:37.63 ===============
     

    Attached Files:

  2. kesatini

    kesatini Thread Starter

    Joined:
    Oct 4, 2010
    Messages:
    38
    An update. My computer just automatically updated Windows this morning. Do I need to resubmit logs? Thanks!
     
  3. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi Kesatini, my name is Mark and I will be helping you.

    While under my guidance please do not run any scans or make any other changes to the system that I have not asked for as this can cause misleading results.

    There is no need to resubmit the logs.

    Please uninstall Spybot Search and Destroy and replace it with SuperAntiSpyware. Spybot is no longer a recommended program and its Teatimer process can interfere with scanning tools and fixes.

    Please go into Task Manager by pressing the Ctrl, Alt and Delete keys on your keyboard and select Task Manager from the list. Scroll down the list of processes and find Teatimer.exe, click on it and then click on the End Process button. The go into Programs and Features via the Control Panel and click on Spybot Search & Destroy, then click on Uninstall. If Teatimer is not present in the list of processes then please proceed with the uninstall. Next, download and install this: SuperAntiSpyware run a scan with it and post the log.

    I see you have Malwarebytes on your system, please follow this to run a scan.


    Please run Malwarebytes and post the log as follows:
    • Open Malwarebytes and allow it to update with the latest definitions, then run a Full Scan (not the Quick scan).
    • When finished, a message box will say "The scan completed successfully. Click Show Results to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab .
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
  4. kesatini

    kesatini Thread Starter

    Joined:
    Oct 4, 2010
    Messages:
    38
    Thanks Mark. Here's the logs for Super & MalwareBytes:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 08/18/2012 at 11:45 AM

    Application Version : 5.5.1012

    Core Rules Database Version : 9083
    Trace Rules Database Version: 6895

    Scan type : Quick Scan
    Total Scan Time : 00:08:24

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC Off - Limited User

    Memory items scanned : 574
    Memory threats detected : 0
    Registry items scanned : 58500
    Registry threats detected : 0
    File items scanned : 10926
    File threats detected : 309

    Adware.Tracking Cookie
    .adserver.adtechus.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y62LB6IG.txt [ Cookie:[email protected]/ ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\UJGHINA2.txt [ Cookie:[email protected]/ ]
    .realmedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\L4SFSL33.txt [ Cookie:[email protected]/ ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\6RA397P9.txt [ Cookie:[email protected]/ ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\RULEO0N7.txt [ Cookie:[email protected]/ ]
    .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\XZIT6ILQ.txt [ Cookie:[email protected]/ ]
    .collective-media.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\7SFAFPOI.txt [ Cookie:[email protected]/ ]
    .getclicky.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .static.getclicky.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    in.getclicky.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .adinterax.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\L3IKCOLS.txt [ Cookie:[email protected]/ ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\TNH69XO5.txt [ Cookie:[email protected]/cgi-bin ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .overture.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\IV58HIAC.txt [ Cookie:[email protected]/ ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\U7XPDNC1.txt [ Cookie:[email protected]/ ]
    .liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\IQBBFOXM.txt [ Cookie:[email protected]/ ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\02GZZ68C.txt [ Cookie:[email protected]/ ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\VREESZKL.txt [ Cookie:[email protected]/ ]
    .at.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\A2P7HN65.txt [ Cookie:[email protected]/ ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\JHAWUL4X.txt [ Cookie:[email protected]/ ]
    .adtech.de [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    officialrecords.lakecountyclerk.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\QENC2N1L.txt [ Cookie:[email protected]/ ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\FW34IUR7.txt [ Cookie:[email protected]/ ]
    .247realmedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\GHCIIDS4.txt [ Cookie:[email protected]/ ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\YWM8S6FO.txt [ Cookie:[email protected]/ ]
    .112.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\BRAD\AppData\Roaming\Microsoft\Windows\Cookies\Low\L51F2MW0.txt [ Cookie:[email protected]/ ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .kontera.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .citi.bridgetrack.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .media2.legacy.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .myweather.112.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .naked-investor.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    www.lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .findthedata.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .findthedata.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .findthedata.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    media2.legacy.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    media2.legacy.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .lakecountyclerk.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .lakecountyclerk.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .adinterax.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .solvemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .citi.bridgetrack.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .paypal.112.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .estat.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .xiti.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .1sadx.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .findthebest.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .findthebest.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .findthebest.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .fl-child-care.findthebest.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ar.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ar.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .gis.lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .gis.lakecountyfl.gov [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    adserver.arrests.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .yieldmanager.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .traveladvertising.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .microsofthalo.122.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    mediaservices-d.openxenterprise.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .microsoftsto.112.2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    stats.townnews.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    stats.townnews.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    stats.townnews.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    stats.townnews.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    pulse-analytics-beacon.reutersmedia.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .track.ringcentral.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .c.gigcount.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .accountonline.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    insight.torbit.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    dc.tremormedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    insightinterests.infusionsoft.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    insightinterests.infusionsoft.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    insightinterests.infusionsoft.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    insightinterests.infusionsoft.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .bizrate.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .bizrate.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    webanalytics.crownpeak.com.re.getclicky.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .findlaw.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .findlaw.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .overture.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .findlaw.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .findlaw.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .findlaw.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .citi.bridgetrack.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .mmstat.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .lakecountyrepublicans.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .lakecountyrepublicans.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    lakecountygov.info [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .mediaforge.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .mediaforge.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .mediaforge.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    sales.liveperson.net [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    www.mediaite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    videos.mediaite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    www.mediaite.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    www.lakecountyclerk.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    www.lakecountyclerk.org [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\KENT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GUJVAS2X.DEFAULT\COOKIES.SQLITE ]

    ***************************************************************************

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.29.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Kent :: TOSHIBA [limited]

    8/18/2012 11:53:35 AM
    mbam-log-2012-08-18 (11-53-35).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 362904
    Time elapsed: 1 hour(s), 34 minute(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  5. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    SuperAntiSpyware has cleared out some junk, but only found harmless cookies.

    The Malwarebytes scan has come up clean.

    Is slow running of the PC the only problem, did it happen suddenly or did it get worse over a long period of time. Are you getting any freezing or total system crashes?

    Pleas run this scan, it may take several hours to complete.


    Eset online scan instructions.
    IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.
    • Disable your existing Anti Virus following these instructions.
    • Please go here to use the Eset Online Scanner.
    • When the web page opens click on this button [​IMG]
    • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
    • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
    • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
    • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
    • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
    • Back on the Eset window, click the Back button and then click on Finish.
     
  6. kesatini

    kesatini Thread Starter

    Joined:
    Oct 4, 2010
    Messages:
    38
    The slowness didn't appear all of a sudden, but seemed to get worse over time. I have had Firefox crash quite a bit lately, and things are taking forever to load. Here's the estet info:


    C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
    C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Users\Kent\AppData\Local\Temp\YontooLayers\background.html Win32/Adware.Yontoo.C application
    C:\Users\Kent\AppData\Roaming\Mozilla\Firefox\Profiles\gujvas2x.default\extensions\[email protected]\content\overlay.js Win32/Adware.Yontoo application
    C:\Users\Kent\Downloads\BestVideoDownloaderSetup-TurboUpgrade.exe Win32/Adware.Yontoo application
    C:\Users\Kent\Downloads\cnet_KeePass-2_16-Setup_exe.exe a variant of Win32/InstallCore.D application
    Operating memory a variant of Win32/Adware.Yontoo.A application
     
  7. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    The detections by Eset are all fairly minor and Adware related, nothing I have seen so far would explain why your system is running slowly, we shall continue with further scans.


    Please download ComboFix [​IMG] from one of the locations below and save it to your Desktop. <-Important!!!
    Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

    Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.
    • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
    • If ComboFix detects an older version of itself, you will be asked to update the program.
    • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
    • Follow the prompts and click on Yes to continue scanning for malware.
    • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
    • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
    • Be sure to re-enable your anti-virus and other security programs.
    -- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
    -- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
    -- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.
    If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.
    NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.
    ____________________________________________________________

    Disk Check
    • Click on Start then type cmd in the search box. A menu will pop up with cmd at the top, right click on it and select Run as Administrator. Another box will open, at the prompt type chkdsk /r and hit Enter. Note: you must include a space between the k and the /
    • You will then see the following message:
      chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)
    • Type Y for yes, and hit Enter. Then reboot the computer.
    • chkdsk will start when Windows begins loading again. Let all 5 phases run and don't use or turn off the computer. (The chkdsk process may take an hour or more to finish, if it appears to freeze this is normal so do not interrupt it. On drives above 500GB it can take several hours.)
    • When the Disk Check is done, it will finish loading Windows.
    Then follow this guide to find the chkdsk log. NOTE: You need to do the search for wininit not chkdsk.
    Windows 7 Disk Check log
    Once the log is in view then click on Copy in the right hand pane and select "Copy details as text".
    You can then right click on the message box on this forum and select Paste and the log will appear, add any further information asked for and then click on Submit/Post Quick Reply and your done.

    ________________________________________________________________


    • Windows 7 System File Checker
    • Click on Start and type cmd in the search box. Right click on cmd in the popup menu and select Run as Administrator.
    • Another box will open, at the Command Prompt, type sfc /scannow and press Enter. (Note the gap between the c and the /)
    • Let the check run to completion.
      To find the log
    • Copy & Paste the following command at the Command Prompt and press Enter:
      findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
    • This will place a file on your desktop called sfcdetails.txt which contains the results of the scan.
    • Zip up the file and attach it to your next post.
     
  8. kesatini

    kesatini Thread Starter

    Joined:
    Oct 4, 2010
    Messages:
    38
    Mark, it didn't like running ComboFix. Upon restart, the txt window comes up and is flashing across my screen (starts in upper left corner, works it way down to the center, and then repeats back to the top. Is flashing very quickly.). I tried a restart and it does the same thing.

    What now?
     
  9. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Did the Combofix scan complete before it rebooted?

    Can you start it in Safe Mode?
     
  10. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    One other thing I should have asked, what was the text in the flashing window, if you could read it.
     
  11. kesatini

    kesatini Thread Starter

    Joined:
    Oct 4, 2010
    Messages:
    38
    I am able to start in safe mode. I wasn't there when it rebooted, but I assume ComboFix finished.

    There is no text in the flashing window... I could read that the title was ComboFix.

    "I'm using my iPhone to access the forum."
     
  12. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    If you start the PC in "Safe Mode with Networking" you can still use the internet to contact this forum.

    I'm not too sure what has gone wrong, but as it showed Combofix in the Window flashng across the screen it would indicate that Combofix was still working, I assume you did not give it a chance to finish and rebooted.

    We may have to resort to using System Restore, but first please boot into normal mode and leave it uninturupted and see what happens, try to read the full message in the text window. Post back and let me know what happens.
     
  13. kesatini

    kesatini Thread Starter

    Joined:
    Oct 4, 2010
    Messages:
    38
    To clarify Mark, I did not rush the process. It restarted in its own and opened a small window (a regular log window but there was no text)
     
  14. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    You will appreciate I cannot see what you are seeing and I am not 100% clear on what has happened. After Combofix has done a scan it reboots the PC and then creates the log, I understand you did not rush the process, but how long did you leave it for?

    If you now try to boot back into Normal Mode, what happens?
     
  15. kesatini

    kesatini Thread Starter

    Joined:
    Oct 4, 2010
    Messages:
    38
    I just restarted in normal mode and I'm going to let it run while we grab some dinner. Can't read what it says above the black text area because it is blinking and moving so fast. Definitely ComboFix, but there may be additional wording. I'll let you know in an hour or so if anything has changed. Thanks again for your help!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1065237