# ads appearing



## bbudesa

John - I've also been having problems with pop up ads, and have been following instructions given to others to try and solve the problem.  the one program I'm not able to download from your other instructions is HighjackThis.

the other logs so far look like this:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.05.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Bob :: BUDESAPC [administrator]

Protection: Enabled

10/5/2013 7:39:29 AM
MBAM-log-2013-10-05 (07-43-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267074
Time elapsed: 3 minute(s), 48 second(s)

Memory Processes Detected: 3
C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe (PUP.Optional.OptimizerPro.A) -> 4228 -> No action taken.
C:\Program Files (x86)\Optimizer Pro\OptProStart.exe (PUP.Optional.OptimizerPro.A) -> 5308 -> No action taken.
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> 4728 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\70e6ca8c (PUP.Optional.OptimizerPro.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 (PUP.Optional.OptimizerPro.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> No action taken.
HKCU\SOFTWARE\OPTIMIZER PRO (PUP.Optional.OptimizerPro.A) -> No action taken.
HKCU\SOFTWARE\SEARCHPROTECT (PUP.Optional.SearchProtect.A) -> No action taken.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.
HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.

Registry Values Detected: 7
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Optimizer Pro (PUP.Optional.OptimizePro.A) -> Data: C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BrowserSafeguard (PUP.Optional.BrowserSafeGuard.A) -> Data: C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe -> No action taken.
HKCU\Software\Optimizer Pro|AdsBuyNowURL (PUP.Optional.OptimizerPro.A) -> Data: http://pcup26b.pcutilitiespro.reven...7-US-006_49F9E2C3-B06F-9D1F-D3FD-404CAD56537E -> No action taken.
HKCU\Software\SearchProtect|IELastInstalledTBHomepage (PUP.Optional.SearchProtect.A) -> Data: http://search.conduit.com?SearchSource=10&CUI=UN15816199932515321&UM=2&ctid=CT3310511 -> No action taken.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {5DF51917-2DCB-11E3-9BC1-00E04C77C924} -> No action taken.
HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: google_groovestream-display-us-CPC-300x250-28480164530 -> No action taken.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {5DF51917-2DCB-11E3-9BC1-00E04C77C924} -> No action taken.

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.OptimizerPro.A) -> Bad: (c:\progra~2\optimi~1\optpro~1.dll) Good: () -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN15816199932515321&UM=2&ctid=CT3310511) Good: (http://www.google.com) -> No action taken.

Folders Detected: 13
C:\Program Files (x86)\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Users\Bob\Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\Resources (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\plugins (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\xpi\defaults (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> No action taken.
C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> No action taken.
C:\ProgramData\Conduit\IE\CT3310511 (PUP.Optional.Conduit.A) -> No action taken.
C:\Windows\System32\WNLT\Installation (PUP.Optional.InstallBrain.A) -> No action taken.
C:\Windows\SysWOW64\WNLT\Installation (PUP.Optional.InstallBrain.A) -> No action taken.

Files Detected: 73
C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PUP.Optional.OptimizePro.A) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-1832021186-1526691404-913494652-1000\$RBOS79N.exe (PUP.Optional.iBryte) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\nsl8B98.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\nsq1238.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\nsq3C44.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\nsqF939.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\nsv31B6.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\Shortcut_IMsetup.exe (PUP.Optional.SweetIM) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\WSSetup.exe (PUP.Optional.InstallBrain.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\ffLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\sl.exe (PUP.Optional.Conduit) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\spch.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\spff.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\stub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\Downloads\Player_Setup.exe (PUP.Optional.DomaIQ) -> No action taken.
C:\Users\Bob\Local Settings\Temporary Internet Files\Content.IE5\E6DOSC2M\checktbexist[1].exe (PUP.Optional.Conduit) -> No action taken.
C:\Users\Bob\Local Settings\Temporary Internet Files\Content.IE5\XR7QX2CO\checktbexist[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\Local Settings\Temporary Internet Files\Content.IE5\XR7QX2CO\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.chm (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\English.ini (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\file_id.diz (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\HomePage.url (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\OptProCrash.dll (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\OptProCrash.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\OptProGuard.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\OptProSchedule.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\OptProStart.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\OptProUninstaller.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\scan.gif (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\sqlite3.dll (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\StartupList.txt (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\unins000.dat (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\unins000.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Optimizer Pro\unins000.msg (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Users\Bob\Documents\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\ewebstorewrapper.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\install.log (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\makecert.exe (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\TrustedRoot.cer (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\Resources\certutil.exe (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\Resources\libnspr4.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\Resources\libplc4.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\Resources\libplds4.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\Resources\nss3.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\Resources\smime3.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Program Files (x86)\Browsersafeguard\Resources\softokn3.dll (PUP.Optional.BrowserSafeGuard.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\conduit.xml (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\CT3310511.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\CT3310511.xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\initData.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\version.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\xpi\install.rdf (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Bob\AppData\Local\Temp\ct3310511\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> No action taken.
C:\ProgramData\Conduit\IE\CT3310511\UninstallerUI.exe (PUP.Optional.Conduit.A) -> No action taken.

(end)

# AdwCleaner v3.006 - Report created 04/10/2013 at 22:59:31
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bob - BUDESAPC
# Running from : C:\Users\Bob\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\SweetPacks
Folder Deleted : C:\Users\Bob\AppData\LocalLow\SweetPacks
Folder Deleted : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\phm5365y.default\Smartbar
Folder Deleted : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\phm5365y.default\CT3299872
Folder Deleted : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\phm5365y.default\Extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0551D68-A212-447F-BBC3-241ACBD69FAE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C04318C5-579B-443C-903A-934F09679CD7}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\SweetPacks
Key Deleted : HKLM\Software\SweetPacks
Key Deleted : [x64] HKLM\SOFTWARE\wnlt

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\phm5365y.default\prefs.js ]

Line Deleted : user_pref("CT3299872.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3299872.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
Line Deleted : user_pref("CT3299872.1000234.TWC_TMP_city", "JACKSONVILLE");
Line Deleted : user_pref("CT3299872.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3299872.1000234.TWC_country", "UNITED STATES");
Line Deleted : user_pref("CT3299872.1000234.TWC_locId", "USOR0173");
Line Deleted : user_pref("CT3299872.1000234.TWC_location", "Jacksonville, OR");
Line Deleted : user_pref("CT3299872.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3299872.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3299872.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3299872.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.FirstTime", "true");
Line Deleted : user_pref("CT3299872.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3299872.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3299872.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3299872.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3299872.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299872&SearchSource=2&CUI=UN38310724284265119&UM=2&q=");
Line Deleted : user_pref("CT3299872.UserID", "UN38310724284265119");
Line Deleted : user_pref("CT3299872.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3299872.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3299872.cbfirsttime.enc", "RnJpIE9jdCAwNCAyMDEzIDIyOjEzOjQxIEdNVC0wNzAwIChQYWNpZmljIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3299872.countryCode", "US");
Line Deleted : user_pref("CT3299872.embeddedsData", "[{\"appId\":\"130116395078024690\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3299872.event_data.enc", "JTVCJTVE");
Line Deleted : user_pref("CT3299872.fired_events.enc", "");
Line Deleted : user_pref("CT3299872.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3299872.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3299872.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3299872.fullUserID", "UN38310724284265119.XP.202304221315");
Line Deleted : user_pref("CT3299872.homepageuserchanged", true);
Line Deleted : user_pref("CT3299872.installType", "Unknown");
Line Deleted : user_pref("CT3299872.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3299872.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3299872.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3299872.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.key_date.enc", "NA==");
Line Deleted : user_pref("CT3299872.keyword", true);
Line Deleted : user_pref("CT3299872.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3299872&octid=CT3299872&SearchSource=15&CUI=UN38310724284265119&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3299872.lastVersion", "10.20.1.8");
Line Deleted : user_pref("CT3299872.mam_gk_appStateReportTime.enc", "MTM4MDk1MDAxNTExNA==");
Line Deleted : user_pref("CT3299872.mam_gk_appState_ACplus.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3299872.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5IiwidXJsIjoiaHR0cDovL3d3dy5zb2NpYWxncm93dGh0ZWNobm9sb2dpZXMuY29tL2NvdXBvbmJ1ZGR5X3YwMDMvaW5kZXgucGhwP2N0aWQ9RUJUT09MQkFS[...]
Line Deleted : user_pref("CT3299872.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3299872.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJkOTM0ZDI1My0wODliLTRkODUtOWIxNS0zYTM3N2MxNWEzMmYiLCJ[...]
Line Deleted : user_pref("CT3299872.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Deleted : user_pref("CT3299872.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3299872.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3299872.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Deleted : user_pref("CT3299872.mam_gk_lastLoginTime.enc", "MTM4MDk1MDAxMTc2Mg==");
Line Deleted : user_pref("CT3299872.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3299872.mam_gk_newApps.enc", "W3siaWQiOiJQcmljZUdyYWJiZXIiLCJuYW1lIjoiUHJpY2VHcmFiYmVyIiwiZGVzY3JpcHRpb24iOiJDb21wYXJlIHByb2R1Y3QgcHJpY2VzIGFuZCB3YXRjaCBmb3IgZGVhbHMhIFRoZSBvZmZlciBjaGVja[...]
Line Deleted : user_pref("CT3299872.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3299872.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3299872.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
Line Deleted : user_pref("CT3299872.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3299872.mam_gk_userId.enc", "ZGE1ZDdjMjktOWMwNC00YWUzLWI0ZDYtNzlmNGIyYTQ0YzQw");
Line Deleted : user_pref("CT3299872.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3299872.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3299872.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.yahoo.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"Yahoo\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://Inst[...]
Line Deleted : user_pref("CT3299872.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Line Deleted : user_pref("CT3299872.originalSearchAddressUrl", false);
Line Deleted : user_pref("CT3299872.originalSearchEngine", "Google");
Line Deleted : user_pref("CT3299872.originalSearchEngineName", "Google");
Line Deleted : user_pref("CT3299872.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"]\"}");
Line Deleted : user_pref("CT3299872.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3299872.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3299872.search.searchAppId", "130116395078024690");
Line Deleted : user_pref("CT3299872.search.searchCount", "0");
Line Deleted : user_pref("CT3299872.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3299872.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3299872.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3299872.searchSuggestEnabledByUser", "TRUE");
Line Deleted : user_pref("CT3299872.searchUserMode", "2");
Line Deleted : user_pref("CT3299872.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3299872\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InstalllConverter.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Installl Converter \"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3299872.serviceLayer_services_Configuration_lastUpdate", "1380950004380");
Line Deleted : user_pref("CT3299872.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1380950006377");
Line Deleted : user_pref("CT3299872.serviceLayer_services_appsMetadata_lastUpdate", "1380950005915");
Line Deleted : user_pref("CT3299872.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1380950005967");
Line Deleted : user_pref("CT3299872.serviceLayer_services_login_10.20.1.8_lastUpdate", "1380950019033");
Line Deleted : user_pref("CT3299872.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1380950006197");
Line Deleted : user_pref("CT3299872.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1380950006244");
Line Deleted : user_pref("CT3299872.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1380950005999");
Line Deleted : user_pref("CT3299872.serviceLayer_services_searchAPI_lastUpdate", "1380950005058");
Line Deleted : user_pref("CT3299872.serviceLayer_services_serviceMap_lastUpdate", "1380950000440");
Line Deleted : user_pref("CT3299872.serviceLayer_services_setupAPI_lastUpdate", "1380950004810");
Line Deleted : user_pref("CT3299872.serviceLayer_services_toolbarContextMenu_lastUpdate", "1380950005877");
Line Deleted : user_pref("CT3299872.serviceLayer_services_toolbarSettings_lastUpdate", "1380950004969");
Line Deleted : user_pref("CT3299872.serviceLayer_services_translation_lastUpdate", "1380950006024");
Line Deleted : user_pref("CT3299872.settingsINI", true);
Line Deleted : user_pref("CT3299872.showToolbarPermission", "false");
Line Deleted : user_pref("CT3299872.smartbar.CTID", "CT3299872");
Line Deleted : user_pref("CT3299872.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3299872.smartbar.homepage", true);
Line Deleted : user_pref("CT3299872.smartbar.toolbarName", "Installl Converter ");
Line Deleted : user_pref("CT3299872.toolbarBornServerTime", "5-10-2013");
Line Deleted : user_pref("CT3299872.toolbarCurrentServerTime", "5-10-2013");
Line Deleted : user_pref("CT3299872.toolbarLoginClientTime", "Fri Oct 04 2013 22:13:39 GMT-0700 (Pacific Standard Time)");
Line Deleted : user_pref("CT3299872.userIdGenerationCounter", "1");
Line Deleted : user_pref("CT3299872_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1380952715081,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3310511.FF19Solved", "true");
Line Deleted : user_pref("CT3310511.UserID", "UN85074045849673028");
Line Deleted : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3310511.fullUserID", "UN85074045849673028.IN.20131004210946");
Line Deleted : user_pref("CT3310511.installDate", "04/10/2013 21:09:48");
Line Deleted : user_pref("CT3310511.installSessionId", "{3B681802-1D65-4F14-9AC1-C26C642356E0}");
Line Deleted : user_pref("CT3310511.installSp", "TRUE");
Line Deleted : user_pref("CT3310511.installerVersion", "1.7.1.4");
Line Deleted : user_pref("CT3310511.keyword", "true");
Line Deleted : user_pref("CT3310511.originalHomepage", "hxxp://my.msn.com/?ppud=4");
Line Deleted : user_pref("CT3310511.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3310511.originalSearchEngine", "");
Line Deleted : user_pref("CT3310511.originalSearchEngineName", "");
Line Deleted : user_pref("CT3310511.searchRevert", "false");
Line Deleted : user_pref("CT3310511.searchUserMode", "2");
Line Deleted : user_pref("CT3310511.versionFromInstaller", "10.20.1.8");
Line Deleted : user_pref("CT3310511.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Installl Converter Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299872&SearchSource=2&CUI=UN38310724284265119&UM=2&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3299872");
Line Deleted : user_pref("browser.search.defaultenginename", "Installl Converter Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Installl Converter Customized Web Search");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299872&SearchSource=2&CUI=UN38310724284265119&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3299872");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?UM=2&ctid=CT3299872&SearchSource=13&CUI=UN38310724284265119");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299872&SearchSource=2&CUI=UN38310724284265119&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3299872");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3299872");
Line Deleted : user_pref("smartbar.machineId", "OKPQQXAROCHHCAWPFEJN0SMAZCYYRCEYRDVSJFS4M/7+MOQ6+2JXIOZFNPEQBJKHS5NQUNTK+ATB3NNX1YHBLA");

[ File : C:\Users\Terri\AppData\Roaming\Mozilla\Firefox\Profiles\mtmtq4fd.default\prefs.js ]


-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

[ File : C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [36293 octets] - [03/10/2013 16:52:31]
AdwCleaner[R1].txt - [36354 octets] - [03/10/2013 17:11:26]
AdwCleaner[R2].txt - [36362 octets] - [03/10/2013 19:09:20]
AdwCleaner[R3].txt - [1884 octets] - [03/10/2013 19:28:43]
AdwCleaner[R4].txt - [1942 octets] - [04/10/2013 20:41:46]
AdwCleaner[R5].txt - [17070 octets] - [04/10/2013 22:58:58]
AdwCleaner[S0].txt - [35952 octets] - [03/10/2013 19:12:38]
AdwCleaner[S1].txt - [2013 octets] - [04/10/2013 20:42:34]
AdwCleaner[S2].txt - [17081 octets] - [04/10/2013 22:59:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [17142 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by Bob on Fri 10/04/2013 at 21:40:10.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e8a1050-cf67-4575-92df-dcc60e7d952d}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3310511
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{389B2410-5C1A-488F-9269-1B2DF8BFF98F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7e8a1050-cf67-4575-92df-dcc60e7d952d}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\Users\Bob\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\Bob\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Bob\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Bob\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Windows\syswow64\arfc"
Successfully deleted: [Folder] "C:\Windows\syswow64\jmdp"
Successfully deleted: [Folder] "C:\Windows\syswow64\wnlt"



~~~ FireFox

Successfully deleted: [File] C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\phm5365y.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\phm5365y.default\searchplugins\mystart search.xml
Successfully deleted: [Folder] C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\phm5365y.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
Successfully deleted the following from C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\phm5365y.default\prefs.js

user_pref("CT3310511.smartbar.homepage", "true");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN85074045849673028&UM=2&SearchSource=13&UP=SP6BEC4209-332C-4996-A7A6-EB33CDEA8069");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("browser.search.defaultenginename", "SweetPacks Customized Web Search");
user_pref("browser.search.defaultthis.engineName", "SweetPacks Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&CUI=UN85074045849673028&UM=2&SearchSource=3&q={searchTerms}");
user_pref("browser.search.selectedEngine", "SweetPacks Customized Web Search");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN85074045849673028&UM=2&SearchSource=13&UP=SP6BEC4209-332C-4996-A7A6-EB33CDEA8069");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN85074045849673028&UM=2&q=");
user_pref("smartbar.addressBarOwnerCTID", "CT3310511");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN85074045849673028&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3310511&CUI
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN85074045849673028&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511");
user_pref("smartbar.homePageOwnerCTID", "CT3310511");
user_pref("smartbar.machineId", "OKPQQXAROCHHCAWPFEJN0SMAZCYYRCEYRDVSJFS4M/7+MOQ6+2JXIOZFNPEQBJKHS5NQUNTK+ATB3NNX1YHBLA");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/04/2013 at 21:48:24.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 13-10-04.02 - Bob 10/04/2013  22:43:04.1.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7935.5661 [GMT -7:00]
Running from: c:\users\Bob\Desktop\Combofix.exe
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-05 to 2013-10-05  )))))))))))))))))))))))))))))))
.
.
2013-10-05 05:49 . 2013-10-05 05:49	--------	d-----w-	c:\users\Terri\AppData\Local\temp
2013-10-05 05:49 . 2013-10-05 05:49	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2013-10-05 04:54 . 2013-10-05 04:54	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3145EE68-C558-44B8-93D4-827A908E1EF1}\offreg.dll
2013-10-05 04:10 . 2013-10-05 04:10	--------	d-----w-	c:\program files (x86)\SweetPacks
2013-10-05 04:09 . 2013-10-05 04:09	--------	d-----w-	c:\windows\system32\ljkb
2013-10-05 04:09 . 2013-09-17 17:25	1761584	----a-w-	c:\windows\system32\dmwu.exe
2013-10-05 04:09 . 2013-09-17 17:20	33792	----a-w-	c:\windows\system32\ImHttpComm.dll
2013-10-05 03:54 . 2013-10-05 03:54	--------	d-----w-	c:\windows\ERUNT
2013-10-04 13:37 . 2013-09-05 05:32	9694160	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3145EE68-C558-44B8-93D4-827A908E1EF1}\mpengine.dll
2013-10-04 03:51 . 2013-10-04 03:51	--------	d-----w-	c:\users\Bob\AppData\Local\Diagnostics
2013-10-03 23:50 . 2013-10-05 03:42	--------	d-----w-	C:\AdwCleaner
2013-10-03 22:21 . 2013-10-03 22:21	--------	d-----w-	c:\users\Bob\AppData\Local\Programs
2013-10-03 22:21 . 2013-10-03 22:21	--------	d-----w-	c:\users\Bob\AppData\Local\GreatArcadeHits
2013-10-02 13:43 . 2013-10-02 13:43	--------	d-----w-	c:\users\Bob\AppData\Roaming\DiskDefrag
2013-10-01 22:27 . 2013-10-01 22:27	--------	d-----w-	c:\users\Bob\AppData\Local\Macromedia
2013-10-01 16:20 . 2013-10-05 02:32	--------	d-----w-	c:\programdata\GlarySoft
2013-10-01 13:08 . 2013-10-01 13:08	--------	d-----w-	c:\program files (x86)\WinDirStat
2013-10-01 03:05 . 2013-09-09 07:57	829264	----a-w-	c:\windows\system32\msvcr100.dll
2013-10-01 03:05 . 2013-09-09 07:57	608080	----a-w-	c:\windows\system32\msvcp100.dll
2013-09-30 22:51 . 2013-09-30 22:51	--------	d-----w-	c:\program files\iPod
2013-09-30 22:50 . 2013-09-30 22:51	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-30 22:50 . 2013-09-30 22:51	--------	d-----w-	c:\program files\iTunes
2013-09-30 22:50 . 2013-09-30 22:51	--------	d-----w-	c:\program files (x86)\iTunes
2013-09-25 02:21 . 2013-09-25 02:21	--------	d-----w-	c:\programdata\ClubSanDisk
2013-09-11 23:17 . 2013-08-05 02:25	155584	----a-w-	c:\windows\system32\drivers\ataport.sys
2013-09-05 14:04 . 2013-09-05 14:04	209272	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-09-05 14:04 . 2013-09-05 14:04	209272	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 13:42 . 2012-04-06 00:31	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 13:42 . 2011-06-03 00:49	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 10:06 . 2009-12-12 17:49	79143768	----a-w-	c:\windows\system32\MRT.exe
2013-08-30 07:48 . 2013-03-15 13:47	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-03-15 13:47	204880	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2012-03-25 17:46	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2011-06-25 21:21	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2010-01-26 04:44	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2010-01-26 04:44	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2012-03-25 17:46	22600	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2013-08-30 07:48 . 2011-12-22 17:59	131232	----a-w-	c:\windows\system32\drivers\aswFW.sys
2013-08-30 07:48 . 2011-12-22 17:59	270824	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2013-08-30 07:48 . 2010-01-26 04:44	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2010-01-26 04:44	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2010-06-29 11:12	41664	----a-w-	c:\windows\avastSS.scr
2013-08-30 07:47 . 2011-01-23 21:24	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-08-07 11:22 . 2009-12-11 00:47	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-11 23:17	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-17 21:52	1888768	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-17 21:52	1620992	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-17 21:53	2048	----a-w-	c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-17 21:53	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-17 21:52	224256	----a-w-	c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-17 21:52	1217024	----a-w-	c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-17 21:52	1472512	----a-w-	c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-17 21:52	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-17 21:52	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-17 21:52	663552	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-17 21:52	175104	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-17 21:52	1166848	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-17 21:52	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-17 21:52	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-03-31 05:01 . 2013-03-31 05:01	2000040	----a-w-	c:\program files (x86)\DriverRestore.exe
2011-05-17 09:53 . 2011-05-17 09:53	411136	----a-w-	c:\program files (x86)\googleearth.exe
2011-05-17 09:41 . 2011-05-17 09:41	291840	----a-w-	c:\program files (x86)\gpsbabel.exe
2011-05-17 09:40 . 2011-05-17 09:40	56320	----a-w-	c:\program files (x86)\earthflashsol.exe
2011-05-17 09:18 . 2011-05-17 09:18	632656	----a-w-	c:\program files (x86)\msvcr80.dll
2011-05-17 09:18 . 2011-05-17 09:18	554832	----a-w-	c:\program files (x86)\msvcp80.dll
2011-05-17 09:17 . 2011-05-17 09:17	53248	----a-w-	c:\program files (x86)\wavdest.ax
2011-05-17 09:14 . 2011-05-17 09:14	5816320	----a-w-	c:\program files (x86)\gdal17.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D0C21091-FF8E-432C-9006-0540E81BA9D7}]
2013-08-14 07:17	321488	----a-w-	c:\users\Bob\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2013-08-30 4858968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-18 152392]
.
c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 PrintNotify;Printer Extensions and Notifications;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$XMAP7;SQL Server Agent (XMAP7);c:\program files (x86)\Microsoft SQL Server\MSSQL10.XMAP7\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.XMAP7\MSSQL\Binn\SQLAGENT.EXE [x]
S0 aswKbd;aswKbd; [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe;c:\program files\Alwil Software\Avast5\afwServ.exe [x]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 MSSQL$XMAP7;SQL Server (XMAP7);c:\program files (x86)\Microsoft SQL Server\MSSQL10.XMAP7\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10.XMAP7\MSSQL\Binn\sqlservr.exe [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 21:43	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-04 18:44	1185744	----a-w-	c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 13:42]
.
2013-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-15 23:17]
.
2013-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-15 23:17]
.
2013-10-05 c:\windows\Tasks\GreatArcadeHits.job
- c:\users\Bob\AppData\Local\GreatArcadeHits\GAHUpdate.exe [2013-08-07 07:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47	133840	----a-w-	c:\program files\Alwil Software\Avast5\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:60124;https=127.0.0.1:60124
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\phm5365y.default\
FF - prefs.js: browser.search.selectedEngine - Installl Converter Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?UM=2&ctid=CT3299872&SearchSource=13&CUI=UN38310724284265119
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3299872&SearchSource=2&CUI=UN38310724284265119&UM=2&q=
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-10-04 22:13; {6ec74131-08b2-4f67-a9bc-5914ef1edb97}; c:\users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\phm5365y.default\extensions\{6ec74131-08b2-4f67-a9bc-5914ef1edb97}
FF - ExtSQL: !HIDDEN! 2010-04-05 14:44; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
Toolbar-10 - (no file)
Toolbar-{0134af61-7a0c-4649-aeca-90d776060cb3} - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-04  22:56:10
ComboFix-quarantined-files.txt  2013-10-05 05:56
.
Pre-Run: 343,056,830,464 bytes free
Post-Run: 343,267,287,040 bytes free
.
- - End Of File - - 3FF6632D12BE89362A4B7FDA366BB781
A36C5E4F47E84449FF07ED3517B43A31


----------



## bbudesa

John - Finally got HighjackThis loaded.

When I ran it, an error message box showed up, which told me to go to:
wordpad c:\windows\system32\drivers\etc\hosts, and look for files with 'highjackthis' in any lines and delete them.

When I looked at the file, this is what popped up:

#623
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.icksor.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups
127.0.0.1 ads.tersecta.com # hosts anti-adware / pups
127.0.0.1 a.dungtank.com # hosts anti-adware / pups
127.0.0.1 adwcleaner.programmesetjeux.com # hosts anti-adware / pups
127.0.0.1 adwcleaner.telecharger.toggle.com # hosts anti-adware / pups
127.0.0.1 aff.foxtab.com # hosts anti-adware / pups 
127.0.0.1 affilibot.eu # hosts anti-adware / pups
127.0.0.1 agence-exusive.com # hosts anti-adware / pups
127.0.0.1 a.juiceknowledge.com # hosts anti-adware / pups
127.0.0.1 ak.imgfa.com # hosts anti-adware / pups
127.0.0.1 ak.imgfarm.com # hosts anti-adware / pups
127.0.0.1 antivirusgratuit.vg # hosts anti-adware / pups
127.0.0.1 antivirus.nouvee-version.net # hosts anti-adware / pups
127.0.0.1 api.downloadmr.com # hosts anti-adware / pups
127.0.0.1 api.ibario.com # hosts anti-adware / pups
127.0.0.1 api.yontoo.com # hosts anti-adware / pups
127.0.0.1 apnmedia.ask.com # hosts anti-adware / pups
127.0.0.1 app.elegantupdate.net # hosts anti-adware / pups
127.0.0.1 app.installdistribution.net # hosts anti-adware / pups
127.0.0.1 application-error.net # hosts anti-adware / pups
127.0.0.1 app.localxpath.net # hosts anti-adware / pups
127.0.0.1 app.media-app.com # hosts anti-adware / pups
127.0.0.1 app.offerbox.com # hosts anti-adware / pups
127.0.0.1 app.softimizer.com # hosts anti-adware / pups
127.0.0.1 app.wideseam6.com # hosts anti-adware / pups
127.0.0.1 argentastuce.com # hosts anti-adware / pups
127.0.0.1 argent-avail-domicile.fr # hosts anti-adware / pups
127.0.0.1 argent-domicile.eu # hosts anti-adware / pups
127.0.0.1 argent-vital.com # hosts anti-adware / pups
127.0.0.1 atelecharger.info # hosts anti-adware / pups
127.0.0.1 avaaffic.com # hosts anti-adware / pups
127.0.0.1 availchezsoi.onlc.fr # hosts anti-adware / pups
127.0.0.1 bfd34af056e54c8abcb9dd50862f0b9b.integration.download.conduit-services.com # hosts anti-adware / pups
127.0.0.1 b.juiceknowledge.com # hosts anti-adware / pups
127.0.0.1 blog.upoharbd.com # hosts anti-adware / pups
127.0.0.1 boolu.springjapan.info # hosts anti-adware / pups
127.0.0.1 boostersonpc.com # hosts anti-adware / pups
127.0.0.1 buzz-france.info # hosts anti-adware / pups
127.0.0.1 cache-download.real.com # hosts anti-adware / pups
127.0.0.1 caefourinternet.com # hosts anti-adware / pups
127.0.0.1 cash-avalanches.com # hosts anti-adware / pups
127.0.0.1 cash-methodes.be # hosts anti-adware / pups
127.0.0.1 cash-professor.com # hosts anti-adware / pups
127.0.0.1 casinoonlinecash.org # hosts anti-adware / pups
127.0.0.1 cdn1.outbrowse.com # hosts anti-adware / pups
127.0.0.1 cdn2.otherdownload.com # hosts anti-adware / pups
127.0.0.1 cdn2.recentdownload.com # hosts anti-adware / pups
127.0.0.1 cdn3.otherdownload.com # hosts anti-adware / pups
127.0.0.1 cdn.appround.biz # hosts anti-adware / pups
127.0.0.1 cdn.bigspeedpro.com # hosts anti-adware / pups
127.0.0.1 cdn.bispd.com # hosts anti-adware / pups
127.0.0.1 cdn.bisrv.com # hosts anti-adware / pups
127.0.0.1 cdn.cdndp.com # hosts anti-adware / pups
127.0.0.1 cdn.download.sweetpacks.com # hosts anti-adware / pups
127.0.0.1 cdneu.bestflvplayer.net # hosts anti-adware / pups
127.0.0.1 cdneu.coolflvplayer.com # hosts anti-adware / pups
127.0.0.1 cdneu.coolvideoconverter.com # hosts anti-adware / pups
127.0.0.1 cdneu.driverpackcdn.com # hosts anti-adware / pups
127.0.0.1 cdneu.friedcookiescdn.com # hosts anti-adware / pups
127.0.0.1 cdneu.onedownloadspot.com # hosts anti-adware / pups
127.0.0.1 cdneu.telechargercdn.com # hosts anti-adware / pups
127.0.0.1 cdn.goateastcach.us # hosts anti-adware / pups
127.0.0.1 cdn.guttastatdk.us # hosts anti-adware / pups
127.0.0.1 cdn.inskinmedia.com # hosts anti-adware / pups
127.0.0.1 cdn.insta.oibundles2.com # hosts anti-adware / pups
127.0.0.1 cdn.insta.playbryte.com # hosts anti-adware / pups
127.0.0.1 cdn.llogetfastcach.us # hosts anti-adware / pups
127.0.0.1 cdn.montiera.com # hosts anti-adware / pups
127.0.0.1 cdn.msdwnld.com # hosts anti-adware / pups
127.0.0.1 cdn.ppdownload.com # hosts anti-adware / pups
127.0.0.1 cdn.riceateastcach.us # hosts anti-adware / pups
127.0.0.1 cdn.shyapotato.us # hosts anti-adware / pups
127.0.0.1 cdn.solimba.com # hosts anti-adware / pups
127.0.0.1 cdn.tuto4pc.com # hosts anti-adware / pups
127.0.0.1 cdnus.bestflvplayer.net # hosts anti-adware / pups
127.0.0.1 cdnus.coolflvplayer.com # hosts anti-adware / pups
127.0.0.1 cdnus.coolvideoconverter.com # hosts anti-adware / pups
127.0.0.1 cdnus.driverpackcdn.com # hosts anti-adware / pups
127.0.0.1 cdnus.extrimdownloadmanager.com # hosts anti-adware / pups
127.0.0.1 cdnus.ironcdn.com # hosts anti-adware / pups
127.0.0.1 cdnus.onedownloadspot.com # hosts anti-adware / pups
127.0.0.1 cdnus.telechargercdn.com # hosts anti-adware / pups
127.0.0.1 cdn.visualbee.net # hosts anti-adware / pups
127.0.0.1 c.download-best-softwares.com # hosts anti-adware / pups
127.0.0.1 cen.incredibar.com # hosts anti-adware / pups
127.0.0.1 cf1.vuze.com # hosts anti-adware / pups
127.0.0.1 cia.mediahubaffiliates.biz # hosts anti-adware / pups
127.0.0.1 clubcasino.biz # hosts anti-adware / pups
127.0.0.1 c-mediaplayer-2010.com # hosts anti-adware / pups
127.0.0.1 cms.distributionengine.conduit-services.com # hosts anti-adware / pups
127.0.0.1 coachforlife.info # hosts anti-adware / pups
127.0.0.1 commeneussir.com # hosts anti-adware / pups
127.0.0.1 comment-gagner-argent-internet.fr # hosts anti-adware / pups
127.0.0.1 content.sweetim.com # hosts anti-adware / pups
127.0.0.1 counter.d.adapd.com # hosts anti-adware / pups
127.0.0.1 cpadominator.com # hosts anti-adware / pups
127.0.0.1 cpafixadvertiser.info # hosts anti-adware / pups
127.0.0.1 cp.tuguu.com # hosts anti-adware / pups
127.0.0.1 crazyspandacasino.com # hosts anti-adware / pups
127.0.0.1 create-ringtones.com # hosts anti-adware / pups
127.0.0.1 cs.adxpansion.com # hosts anti-adware / pups
127.0.0.1 d11ftuwdwpx4fl.cloudfront.net # hosts anti-adware / pups
127.0.0.1 d1m9ge5vns34so.oudfront.net # hosts anti-adware / pups
127.0.0.1 d1w467en2eqqh2.oudfront.net # hosts anti-adware / pups
127.0.0.1 d2qsma9t6l5kt7.oudfront.net # hosts anti-adware / pups
127.0.0.1 d30p0quhwpvm.cloudfront.net # hosts anti-adware / pups
127.0.0.1 d61.newplaysite.com # hosts anti-adware / pups
127.0.0.1 d62.newplaysite.com # hosts anti-adware / pups
127.0.0.1 d63.newplaysite.com # hosts anti-adware / pups
127.0.0.1 d64.newplaysite.com # hosts anti-adware / pups
127.0.0.1 d71.newplaysite.com # hosts anti-adware / pups
127.0.0.1 d74.newplaysite.com # hosts anti-adware / pups
127.0.0.1 d.adapd.com # hosts anti-adware / pups
127.0.0.1 data.downloadstaer.net # hosts anti-adware / pups
127.0.0.1 data.oa-software.com # hosts anti-adware / pups
127.0.0.1 datefks.info # hosts anti-adware / pups
127.0.0.1 db.nordicx.net # hosts anti-adware / pups
127.0.0.1 db.prepay-africa.com # hosts anti-adware / pups
127.0.0.1 dde.integration.storage.conduit-services.com # hosts anti-adware / pups
127.0.0.1 dec.pcvideosfreedownload.com # hosts anti-adware / pups
127.0.0.1 delivery.afficbroker.com # hosts anti-adware / pups
127.0.0.1 delta.goforfiles.com # hosts anti-adware / pups
127.0.0.1 depanne-pc.com # hosts anti-adware / pups
127.0.0.1 depanne-pc.info # hosts anti-adware / pups
127.0.0.1 dfc.mediaformatconverter.com # hosts anti-adware / pups
127.0.0.1 d.freevideosfordownload.com # hosts anti-adware / pups
127.0.0.1 dfr.eorezo.com # hosts anti-adware / pups
127.0.0.1 dgc.freemediavideoconverter.com # hosts anti-adware / pups
127.0.0.1 dhc.freewindowsmediaconverter.com # hosts anti-adware / pups
127.0.0.1 direct.excellerater.com # hosts anti-adware / pups
127.0.0.1 dl01.socdn.com # hosts anti-adware / pups
127.0.0.1 dl6.iq7download.com # hosts anti-adware / pups
127.0.0.1 dl.babylon.com # hosts anti-adware / pups
127.0.0.1 dl.cdn-services.com # hosts anti-adware / pups
127.0.0.1 dl.elex.soft365.com # hosts anti-adware / pups
127.0.0.1 dl.flvplayer123.com # hosts anti-adware / pups
127.0.0.1 dlfr.tuto4pc.com # hosts anti-adware / pups
127.0.0.1 dl.instaiq.com # hosts anti-adware / pups
127.0.0.1 dlmanager.net # hosts anti-adware / pups
127.0.0.1 dlp.downloadyourplayer.com # hosts anti-adware / pups
127.0.0.1 dlp.latestplayerplugin.com # hosts anti-adware / pups
127.0.0.1 dl-plugin.com # hosts anti-adware / pups
127.0.0.1 dlp.ooopsvideo.com # hosts anti-adware / pups
127.0.0.1 dlp.totalvideoplugin.com # hosts anti-adware / pups
127.0.0.1 dls.nicdls.com # hosts anti-adware / pups
127.0.0.1 dl.softservers.net # hosts anti-adware / pups
127.0.0.1 dls.softgratuit.com # hosts anti-adware / pups
127.0.0.1 dls.softlate.com # hosts anti-adware / pups
127.0.0.1 dl.v2.domaiq.com # hosts anti-adware / pups
127.0.0.1 dn.download-manage.com # hosts anti-adware / pups
127.0.0.1 dnld.instacore.com # hosts anti-adware / pups
127.0.0.1 domaiq.com # hosts anti-adware / pups
127.0.0.1 down1oads.com # hosts anti-adware / pups
127.0.0.1 downlesoft.com # hosts anti-adware / pups
127.0.0.1 download2.us # hosts anti-adware / pups
127.0.0.1 download366.net # hosts anti-adware / pups
127.0.0.1 download.cdn013.com # hosts anti-adware / pups
127.0.0.1 downloadcdn.beerinstaller.com # hosts anti-adware / pups
127.0.0.1 downloadcdn.betterinstaller.com # hosts anti-adware / pups
127.0.0.1 downloadcdn.filebulldog.com # hosts anti-adware / pups
127.0.0.1 download.cdn.ftalk.com # hosts anti-adware / pups
127.0.0.1 download.cdn.imesh.com # hosts anti-adware / pups
127.0.0.1 download.cdn.koyotesoft.com # hosts anti-adware / pups
127.0.0.1 download.cdnperformance.info # hosts anti-adware / pups
127.0.0.1 download.cdn.torchbrowser.com # hosts anti-adware / pups
127.0.0.1 do-wn-lo-ad.com # hosts anti-adware / pups
127.0.0.1 downloader.downloadinfo.co # hosts anti-adware / pups
127.0.0.1 download.fr.filewin.com # hosts anti-adware / pups
127.0.0.1 download.fuzezip.com # hosts anti-adware / pups
127.0.0.1 download.ilivid.com # hosts anti-adware / pups
127.0.0.1 download.imesh.com # hosts anti-adware / pups
127.0.0.1 downloadinfo.co # hosts anti-adware / pups
127.0.0.1 download.instabrain.com # hosts anti-adware / pups
127.0.0.1 download.ircfast.com # hosts anti-adware / pups
127.0.0.1 download.jzip.com # hosts anti-adware / pups
127.0.0.1 download.lollipop-network.com # hosts anti-adware / pups
127.0.0.1 downloadsecurise.com # hosts anti-adware / pups
127.0.0.1 downloads.getsoftfree.com # hosts anti-adware / pups
127.0.0.1 download.shoptowin.net # hosts anti-adware / pups
127.0.0.1 downloads.malavida.net # hosts anti-adware / pups
127.0.0.1 downloadsoftfr.com # hosts anti-adware / pups
127.0.0.1 download.softiglu.com # hosts anti-adware / pups
127.0.0.1 download.telechargers.net # hosts anti-adware / pups
127.0.0.1 download.televisionfanatic.com # hosts anti-adware / pups
127.0.0.1 download.toggle.com # hosts anti-adware / pups
127.0.0.1 download.wajam.com # hosts anti-adware / pups
127.0.0.1 download.winds10.com # hosts anti-adware / pups
127.0.0.1 driverutilities.com # hosts anti-adware / pups
127.0.0.1 dt3j8jg8ei6zr.oudfront.net # hosts anti-adware / pups
127.0.0.1 dtrack.secdls.com # hosts anti-adware / pups
127.0.0.1 enigmasoftware.com # hosts anti-adware / pups
127.0.0.1 eorezo.com # hosts anti-adware / pups
127.0.0.1 ero-odnoklassniki.info # hosts anti-adware / pups
127.0.0.1 eu.paydaycashloanadvancea2478.com # hosts anti-adware / pups
127.0.0.1 explorer-2010.com # hosts anti-adware / pups
127.0.0.1 facebookmotdepasse.blogspot.fr # hosts anti-adware / pups
127.0.0.1 facebook-piraters.blogspot.fr # hosts anti-adware / pups
127.0.0.1 facenouf.com # hosts anti-adware / pups
127.0.0.1 ff.conduit-download.com # hosts anti-adware / pups
127.0.0.1 fichier1.easycommander.com # hosts anti-adware / pups
127.0.0.1 file-exactor.com # hosts anti-adware / pups
127.0.0.1 files123321.uk.to # hosts anti-adware / pups
127.0.0.1 files.download1ick.ws # hosts anti-adware / pups
127.0.0.1 files.iranapps.com # hosts anti-adware / pups
127.0.0.1 files.vaultnoir.com # hosts anti-adware / pups
127.0.0.1 find2download.fr # hosts anti-adware / pups
127.0.0.1 flexweb.getyoursoft.com # hosts anti-adware / pups
127.0.0.1 flvmplayer.com # hosts anti-adware / pups
127.0.0.1 flvmplayer.s3-website-us-east-1.amazonaws.com # hosts anti-adware / pups
127.0.0.1 fmccijsu.changeip.org # hosts anti-adware / pups
127.0.0.1 francais.babylon.com # hosts anti-adware / pups
127.0.0.1 fr.ask.com # hosts anti-adware / pups
127.0.0.1 freeaddons.free.fr # hosts anti-adware / pups
127.0.0.1 freecompressor.com # hosts anti-adware / pups
127.0.0.1 french.ircfast.com # hosts anti-adware / pups
127.0.0.1 fr.excite.eu # hosts anti-adware / pups
127.0.0.1 fr.iminent.com # hosts anti-adware / pups
127.0.0.1 fr.malavida.com # hosts anti-adware / pups
127.0.0.1 fr.phreat.com # hosts anti-adware / pups
127.0.0.1 fr.smeet.com # hosts anti-adware / pups
127.0.0.1 fr.winds10.com # hosts anti-adware / pups
127.0.0.1 ftp2solls.org # hosts anti-adware / pups
127.0.0.1 functionjs.com # hosts anti-adware / pups
127.0.0.1 fupackcodecs.com # hosts anti-adware / pups
127.0.0.1 fupackvista.com # hosts anti-adware / pups
127.0.0.1 gagner-argent.blog4ever.com # hosts anti-adware / pups
127.0.0.1 gagnerargent.blog4ever.com # hosts anti-adware / pups
127.0.0.1 gagner-argent-domicile.be # hosts anti-adware / pups
127.0.0.1 gagnerargentnet.canalblog.com # hosts anti-adware / pups
127.0.0.1 gagner-de-l-argent-facile.net # hosts anti-adware / pups
127.0.0.1 gagner-de-l-argent.org # hosts anti-adware / pups
127.0.0.1 gagner-du-temps.eu # hosts anti-adware / pups
127.0.0.1 gagner-facile.net # hosts anti-adware / pups
127.0.0.1 gagner-rapidemen.ifrance.com # hosts anti-adware / pups
127.0.0.1 gagner-rapidement.ifrance.com # hosts anti-adware / pups
127.0.0.1 gains-complementaires.com # hosts anti-adware / pups
127.0.0.1 gamepoluss.eu # hosts anti-adware / pups
127.0.0.1 gapokga.com # hosts anti-adware / pups
127.0.0.1 gask.samo-project.com # hosts anti-adware / pups
127.0.0.1 getfreemediaonline.com # hosts anti-adware / pups
127.0.0.1 gimp.soft32.fr # hosts anti-adware / pups
127.0.0.1 ginyas.com # hosts anti-adware / pups
127.0.0.1 gogo20.cusi.fr # hosts anti-adware / pups
127.0.0.1 go.goforfiles.com # hosts anti-adware / pups
127.0.0.1 gooofu.com # hosts anti-adware / pups
127.0.0.1 go.tvnoop.com # hosts anti-adware / pups
127.0.0.1 greattubeporn.com # hosts anti-adware / pups
127.0.0.1 hpm.tbm-ntwk.com # hosts anti-adware / pups
127.0.0.1 icargent.com # hosts anti-adware / pups
127.0.0.1 ic.illyx.com # hosts anti-adware / pups
127.0.0.1 ie.conduit-download.com # hosts anti-adware / pups
127.0.0.1 ie.dealply.com # hosts anti-adware / pups
127.0.0.1 imesh.com # hosts anti-adware / pups
127.0.0.1 img.planetsappho.net # hosts anti-adware / pups
127.0.0.1 insta.iminent.com # hosts anti-adware / pups
127.0.0.1 installer.betterinstaller.com # hosts anti-adware / pups
127.0.0.1 installer.filebulldog.com # hosts anti-adware / pups
127.0.0.1 installertechcontent.com # hosts anti-adware / pups
127.0.0.1 install.outbrowse.com # hosts anti-adware / pups
127.0.0.1 installs.peepsrv.com # hosts anti-adware / pups
127.0.0.1 insta.optimum-installer.com # hosts anti-adware / pups
127.0.0.1 insta.optimuminstaller.com # hosts anti-adware / pups
127.0.0.1 institut-dulac.com # hosts anti-adware / pups
127.0.0.1 interdescargas.com # hosts anti-adware / pups
127.0.0.1 i.vertitechnologygroup.com # hosts anti-adware / pups
127.0.0.1 jdownloader.org # hosts anti-adware / pups
127.0.0.1 jeboost.com # hosts anti-adware / pups
127.0.0.1 jlyxe.changeip.name # hosts anti-adware / pups
127.0.0.1 landing.etype.com # hosts anti-adware / pups
127.0.0.1 la.playerflv.com # hosts anti-adware / pups
127.0.0.1 lcstatx.dallasdroidapps.com # hosts anti-adware / pups
127.0.0.1 lestutoriels-enarchives.com # hosts anti-adware / pups
127.0.0.1 lesvirus.fr # hosts anti-adware / pups
127.0.0.1 linkfixerplus.com # hosts anti-adware / pups
127.0.0.1 live-casino-online.org # hosts anti-adware / pups
127.0.0.1 load.keygendb.net # hosts anti-adware / pups
127.0.0.1 load.scanscout.com # hosts anti-adware / pups
127.0.0.1 lp.ick2saveapp.com # hosts anti-adware / pups
127.0.0.1 lp.ilivid.com # hosts anti-adware / pups
127.0.0.1 lp.imesh.com # hosts anti-adware / pups
127.0.0.1 lproot.soft365.com # hosts anti-adware / pups
127.0.0.1 lp.sweetim.com # hosts anti-adware / pups
127.0.0.1 lp.torchbrowser.com # hosts anti-adware / pups
127.0.0.1 media-app.com # hosts anti-adware / pups
127.0.0.1 media.comesvita.com.es # hosts anti-adware / pups
127.0.0.1 mediaplayer-codecpack.com # hosts anti-adware / pups
127.0.0.1 media-player-helper.com # hosts anti-adware / pups
127.0.0.1 media.pussycash.com # hosts anti-adware / pups
127.0.0.1 messenger.descargar.es # hosts anti-adware / pups
127.0.0.1 methode-cash.com # hosts anti-adware / pups
127.0.0.1 methodegagnante.com # hosts anti-adware / pups
127.0.0.1 mfd.malavida.com # hosts anti-adware / pups
127.0.0.1 mflashplayer.com # hosts anti-adware / pups
127.0.0.1 milfs****.com # hosts anti-adware / pups
127.0.0.1 mires.eorezo.com # hosts anti-adware / pups
127.0.0.1 mirfr.eorezo.com # hosts anti-adware / pups
127.0.0.1 mn.babcdn.com # hosts anti-adware / pups
127.0.0.1 mntr.babcdn.com # hosts anti-adware / pups
127.0.0.1 new-2011.net # hosts anti-adware / pups
127.0.0.1 new-2012.net # hosts anti-adware / pups
127.0.0.1 new-windows7.com # hosts anti-adware / pups
127.0.0.1 offers.avazuscd.net # hosts anti-adware / pups
127.0.0.1 offre-surprise.com # hosts anti-adware / pups
127.0.0.1 onedownloadspot.com # hosts anti-adware / pups
127.0.0.1 os.coolvideoconverter.com # hosts anti-adware / pups
127.0.0.1 pageerror-download.com # hosts anti-adware / pups
127.0.0.1 pcpitstop.com # hosts anti-adware / pups
127.0.0.1 pctuto.com # hosts anti-adware / pups
127.0.0.1 planetedata.free.fr # hosts anti-adware / pups
127.0.0.1 protectorlb-1556088852.us-east-1.elb.amazonaws.com # hosts anti-adware / pups
127.0.0.1 pu.plugrush.com # hosts anti-adware / pups
127.0.0.1 qiweol.info # hosts anti-adware / pups
127.0.0.1 qoqoz.com # hosts anti-adware / pups
127.0.0.1 quad-anti-spyware.com # hosts anti-adware / pups
127.0.0.1 quad-eaner.com # hosts anti-adware / pups
127.0.0.1 qwe.goforfiles.com # hosts anti-adware / pups
127.0.0.1 regisybooster2010.fr # hosts anti-adware / pups
127.0.0.1 regisyonwindows.com # hosts anti-adware / pups
127.0.0.1 regisywinner.com # hosts anti-adware / pups
127.0.0.1 repair-my-pc.info # hosts anti-adware / pups
127.0.0.1 repair-pc-eors.info # hosts anti-adware / pups
127.0.0.1 repare-internet-explorer.com # hosts anti-adware / pups
127.0.0.1 reparer-windowsvista.com # hosts anti-adware / pups
127.0.0.1 reparer-windowsxp.com # hosts anti-adware / pups
127.0.0.1 reparez-internet-explorer.com # hosts anti-adware / pups
127.0.0.1 reparez-windows.com # hosts anti-adware / pups
127.0.0.1 reparez-windows.info # hosts anti-adware / pups
127.0.0.1 reparez-windows-vista.com # hosts anti-adware / pups
127.0.0.1 reparez-windows-xp.com # hosts anti-adware / pups
127.0.0.1 reussiteaffiliation.com # hosts anti-adware / pups
127.0.0.1 ron.protectorwide.asia # hosts anti-adware / pups
127.0.0.1 rpc.hitexchangeserver.com # hosts anti-adware / pups
127.0.0.1 rp.funmoodscdn.com # hosts anti-adware / pups
127.0.0.1 rp.telechargercdn.com # hosts anti-adware / pups
127.0.0.1 scache.regiedepub.com # hosts anti-adware / pups
127.0.0.1 scriptsname.com # hosts anti-adware / pups
127.0.0.1 search.babylon.com # hosts anti-adware / pups
127.0.0.1 searchqu.com # hosts anti-adware / pups
127.0.0.1 secured-download.com # hosts anti-adware / pups
127.0.0.1 securelinkdownload.com # hosts anti-adware / pups
127.0.0.1 securisedownload.com # hosts anti-adware / pups
127.0.0.1 service.getwebcake.com # hosts anti-adware / pups
127.0.0.1 servicemap.conduit-services.com # hosts anti-adware / pups
127.0.0.1 service.yontoo.com # hosts anti-adware / pups
127.0.0.1 setup2.iminent.com # hosts anti-adware / pups
127.0.0.1 skype.telecharger-france.com # hosts anti-adware / pups
127.0.0.1 soft-2011.com # hosts anti-adware / pups
127.0.0.1 soft2pcfr.com # hosts anti-adware / pups
127.0.0.1 soft4click.com # hosts anti-adware / pups
127.0.0.1 soft.foxtab.com # hosts anti-adware / pups
127.0.0.1 softgratuit.com # hosts anti-adware / pups
127.0.0.1 softigloo.com # hosts anti-adware / pups
127.0.0.1 softingo.com # hosts anti-adware / pups
127.0.0.1 softmor.org # hosts anti-adware / pups
127.0.0.1 softs.illyx.com # hosts anti-adware / pups
127.0.0.1 soft.tc # hosts anti-adware / pups
127.0.0.1 soft.telecharger.com # hosts anti-adware / pups
127.0.0.1 software.cdn012.com # hosts anti-adware / pups
127.0.0.1 software.cdnredire01.info # hosts anti-adware / pups
127.0.0.1 softwareprovisioning.com # hosts anti-adware / pups
127.0.0.1 softwares.the-ad.net # hosts anti-adware / pups
127.0.0.1 software.the-ad.net # hosts anti-adware / pups
127.0.0.1 solutionsmiions.com # hosts anti-adware / pups
127.0.0.1 sondages-remuneres.net # hosts anti-adware / pups
127.0.0.1 spamfighter.com # hosts anti-adware / pups
127.0.0.1 speedmaxpc.com # hosts anti-adware / pups
127.0.0.1 spoau.com # hosts anti-adware / pups
127.0.0.1 spybotseah-full.info # hosts anti-adware / pups
127.0.0.1 spynomore.com # hosts anti-adware / pups
127.0.0.1 spywareremove.com # hosts anti-adware / pups
127.0.0.1 static.bicdn.com # hosts anti-adware / pups
127.0.0.1 staticrr.newdownloadls.com # hosts anti-adware / pups
127.0.0.1 static.v2.madodls.com # hosts anti-adware / pups
127.0.0.1 step.yourfiledownloader.com # hosts anti-adware / pups
127.0.0.1 storage.conduit.com # hosts anti-adware / pups
127.0.0.1 stp.babylon.com # hosts anti-adware / pups
127.0.0.1 stream-actu.com # hosts anti-adware / pups
127.0.0.1 streaming-direct.tv # hosts anti-adware / pups
127.0.0.1 streaming-vlc.com # hosts anti-adware / pups
127.0.0.1 suesliberte.net # hosts anti-adware / pups
127.0.0.1 supprimer-spyware.com # hosts anti-adware / pups
127.0.0.1 s.xingcloud.com # hosts anti-adware / pups
127.0.0.1 telecharger-0.driverutilities.com # hosts anti-adware / pups
127.0.0.1 telecharger-2012.com # hosts anti-adware / pups
127.0.0.1 telecharger-gratuit.com # hosts anti-adware / pups
127.0.0.1 telecharger.logiciel.net # hosts anti-adware / pups
127.0.0.1 tele-charger.org # hosts anti-adware / pups
127.0.0.1 telecharger.superfiles.com # hosts anti-adware / pups
127.0.0.1 telecharger.toggle.com # hosts anti-adware / pups
127.0.0.1 tools.dpliveupdate.com # hosts anti-adware / pups
127.0.0.1 top-2011.com # hosts anti-adware / pups
127.0.0.1 top-2012.com # hosts anti-adware / pups
127.0.0.1 top-regisy-cleaner.net # hosts anti-adware / pups
127.0.0.1 totaediaconverter-u.com # hosts anti-adware / pups
127.0.0.1 totalmediaconverter-u.com # hosts anti-adware / pups
127.0.0.1 tracking.toroadvertising.com # hosts anti-adware / pups
127.0.0.1 trf33pro.euroclicaelimite.netdna-cdn.com # hosts anti-adware / pups
127.0.0.1 trojan-killer.net # hosts anti-adware / pups
127.0.0.1 ttb.ooopsvideo.com # hosts anti-adware / pups
127.0.0.1 tuto4pc.com # hosts anti-adware / pups
127.0.0.1 tutoriales100.com # hosts anti-adware / pups
127.0.0.1 ude.conduit-data.com # hosts anti-adware / pups
127.0.0.1 uitow.info # hosts anti-adware / pups
127.0.0.1 uniblue.com # hosts anti-adware / pups
127.0.0.1 universal-downloader.en.softonic.com # hosts anti-adware / pups
127.0.0.1 universal-downloader.softonic.fr # hosts anti-adware / pups
127.0.0.1 up.lollipop-network.com # hosts anti-adware / pups
127.0.0.1 up.soft365.com # hosts anti-adware / pups
127.0.0.1 usage.toolbar.conduit-services.com # hosts anti-adware / pups
127.0.0.1 utils.babylon.com # hosts anti-adware / pups
127.0.0.1 utorrent.portalux.com # hosts anti-adware / pups
127.0.0.1 uwjem.info # hosts anti-adware / pups
127.0.0.1 v3.emicam.net  # hosts anti-adware / pups
127.0.0.1 viccpm03.victoryproads.com # hosts anti-adware / pups
127.0.0.1 viccpm08.victoryproads.com # hosts anti-adware / pups
127.0.0.1 vipm03.victoryproads.com # hosts anti-adware / pups
127.0.0.1 vipm08.victoryproads.com # hosts anti-adware / pups
127.0.0.1 virusremovalhelpcenter.blogspot.com # hosts anti-adware / pups
127.0.0.1 vlc.load4free.net # hosts anti-adware / pups
127.0.0.1 voe-travail-a-domicile.com # hosts anti-adware / pups
127.0.0.1 vos-revenus-sur-internet.com # hosts anti-adware / pups
127.0.0.1 vsharetv.ouoolbar.com # hosts anti-adware / pups
127.0.0.1 vube.com # hosts anti-adware / pups
127.0.0.1 vzapp.iminent.com # hosts anti-adware / pups
127.0.0.1 want.suck-my-candy.com # hosts anti-adware / pups
127.0.0.1 webplayerddl.com # hosts anti-adware / pups
127.0.0.1 webplayer.tv # hosts anti-adware / pups
127.0.0.1 winskeat.fr # hosts anti-adware / pups
127.0.0.1 winzip-fu.net # hosts anti-adware / pups
127.0.0.1 wiseconvert15.greattoolbars.com # hosts anti-adware / pups
127.0.0.1 wiseconvert.com # hosts anti-adware / pups
127.0.0.1 ww.anti-spyware-101.com # hosts anti-adware / pups
127.0.0.1 www.01-telecharger.com # hosts anti-adware / pups
127.0.0.1 www.123mplayer.com # hosts anti-adware / pups
127.0.0.1 www.2012-plus.org # hosts anti-adware / pups
127.0.0.1 www.2607.cn # hosts anti-adware / pups
127.0.0.1 www2l.incredimail.com # hosts anti-adware / pups
127.0.0.1 www.2-removevirus.com # hosts anti-adware / pups
127.0.0.1 www.2-spyware.com # hosts anti-adware / pups
127.0.0.1 www.2-viruses.com # hosts anti-adware / pups
127.0.0.1 www3l.incredimail.com # hosts anti-adware / pups
127.0.0.1 www.411-spyware.com # hosts anti-adware / pups
127.0.0.1 www4l.incredimail.com # hosts anti-adware / pups
127.0.0.1 www5l.incredimail.com # hosts anti-adware / pups
127.0.0.1 www.77zip.com # hosts anti-adware / pups
127.0.0.1 www.ackinn.com # hosts anti-adware / pups
127.0.0.1 www.acksguru.com # hosts anti-adware / pups
127.0.0.1 www.affiliation-france.com # hosts anti-adware / pups
127.0.0.1 www.affpx.com # hosts anti-adware / pups
127.0.0.1 www.agence-exusive.com # hosts anti-adware / pups
127.0.0.1 www.americanpendulum.com # hosts anti-adware / pups
127.0.0.1 www.amoninst.com # hosts anti-adware / pups
127.0.0.1 www.anti-spyware-101.com # hosts anti-adware / pups
127.0.0.1 www.appround.biz # hosts anti-adware / pups
127.0.0.1 www.appround.net # hosts anti-adware / pups
127.0.0.1 www.asoftwareplus.com # hosts anti-adware / pups
127.0.0.1 www.assure-le.com # hosts anti-adware / pups
127.0.0.1 www.babylon.com # hosts anti-adware / pups
127.0.0.1 www.bestnewzipmy.info # hosts anti-adware / pups
127.0.0.1 www.bigspeedpro.com # hosts anti-adware / pups
127.0.0.1 www.bioartmed.com # hosts anti-adware / pups
127.0.0.1 www.bit-mania.com # hosts anti-adware / pups
127.0.0.1 www.blupapps.com # hosts anti-adware / pups
127.0.0.1 www.boxore.com # hosts anti-adware / pups
127.0.0.1 www.cloud4widget.com # hosts anti-adware / pups
127.0.0.1 www.contrejour.ie # hosts anti-adware / pups
127.0.0.1 www.cool-applications.com # hosts anti-adware / pups
127.0.0.1 www.coolzipextractorapp.com # hosts anti-adware / pups
127.0.0.1 www.coupon-miner.com # hosts anti-adware / pups
127.0.0.1 www.createstockdoingzero.biz # hosts anti-adware / pups
127.0.0.1 www.cyberfitex.com # hosts anti-adware / pups
127.0.0.1 www.deletevirus.net # hosts anti-adware / pups
127.0.0.1 www.direct-telecharger.com # hosts anti-adware / pups
127.0.0.1 www.dlsafebrowse.com # hosts anti-adware / pups
127.0.0.1 www.downlesoft.com # hosts anti-adware / pups
127.0.0.1 www.download-best-softwares.com # hosts anti-adware / pups
127.0.0.1 www.download-free.com # hosts anti-adware / pups
127.0.0.1 www.downloadsoftfr.com # hosts anti-adware / pups
127.0.0.1 www.downxsoft.com # hosts anti-adware / pups
127.0.0.1 www.duuqu.com # hosts anti-adware / pups
127.0.0.1 www.dynamicmonetizer.com # hosts anti-adware / pups
127.0.0.1 www.eanallvirus.com # hosts anti-adware / pups
127.0.0.1 www.easycuisinevideo.com # hosts anti-adware / pups
127.0.0.1 www.easy-money-making-idea.info # hosts anti-adware / pups
127.0.0.1 www.e-downloader.net # hosts anti-adware / pups
127.0.0.1 www.enigmasoftware.com # hosts anti-adware / pups
127.0.0.1 www.eorezo.com # hosts anti-adware / pups
127.0.0.1 www.extrimdownloadmanager.com # hosts anti-adware / pups
127.0.0.1 www.fasterpleanclean.com # hosts anti-adware / pups
127.0.0.1 www.flash-player-france.com # hosts anti-adware / pups
127.0.0.1 www.freemake.com # hosts anti-adware / pups
127.0.0.1 www.freemalwarecheck.com # hosts anti-adware / pups
127.0.0.1 www.frflashplayer.com # hosts anti-adware / pups
127.0.0.1 www.getyourplayer.com # hosts anti-adware / pups
127.0.0.1 www.getyoursoft.com # hosts anti-adware / pups
127.0.0.1 www.goplayer.cc # hosts anti-adware / pups
127.0.0.1 www.gpil.org # hosts anti-adware / pups
127.0.0.1 www.grabatimstat.us # hosts anti-adware / pups
127.0.0.1 www.gratuit-telecharger.com # hosts anti-adware / pups
127.0.0.1 www.greatappsdownload.com # hosts anti-adware / pups
127.0.0.1 www.help-removevirus.com # hosts anti-adware / pups
127.0.0.1 www.ilivid.com # hosts anti-adware / pups
127.0.0.1 www.imagup.com # hosts anti-adware / pups
127.0.0.1 www.intactdownload.com # hosts anti-adware / pups
127.0.0.1 www.keygendb.com # hosts anti-adware / pups
127.0.0.1 www.kgdbase.com # hosts anti-adware / pups
127.0.0.1 www.kiallvirus.com # hosts anti-adware / pups
127.0.0.1 www.koyotesoft.com # hosts anti-adware / pups
127.0.0.1 www.lavideobuzz.com # hosts anti-adware / pups
127.0.0.1 www.livecamsxxxnow.com # hosts anti-adware / pups
127.0.0.1 www.media-app.com # hosts anti-adware / pups
127.0.0.1 www.messengerdusexe.com # hosts anti-adware / pups
127.0.0.1 www.mille-logiciels.com # hosts anti-adware / pups
127.0.0.1 www.my-movie-player.com # hosts anti-adware / pups
127.0.0.1 www.newhtsoft.com # hosts anti-adware / pups
127.0.0.1 www.newzipopenerfun.com # hosts anti-adware / pups
127.0.0.1 www.nouveau-avast.com # hosts anti-adware / pups
127.0.0.1 www.noyapps.com # hosts anti-adware / pups
127.0.0.1 www.ntdlzone.com # hosts anti-adware / pups
127.0.0.1 www.officialvideoconverter.com # hosts anti-adware / pups
127.0.0.1 www.oldmo.org # hosts anti-adware / pups
127.0.0.1 www.onefloorsoft.com # hosts anti-adware / pups
127.0.0.1 www.onlineaway.net # hosts anti-adware / pups
127.0.0.1 www.onlinesafety411.com # hosts anti-adware / pups
127.0.0.1 www.ooopsvideo.com # hosts anti-adware / pups
127.0.0.1 www.openadserving.com # hosts anti-adware / pups
127.0.0.1 www.piraterfacebook.ws  # hosts anti-adware / pups
127.0.0.1 www.pisk.com # hosts anti-adware / pups
127.0.0.1 www.playerplus.com # hosts anti-adware / pups
127.0.0.1 www.pornuv.net # hosts anti-adware / pups
127.0.0.1 www.powerpackdl.com # hosts anti-adware / pups
127.0.0.1 www.premiumdownload.org # hosts anti-adware / pups
127.0.0.1 www.proplayersetup.com # hosts anti-adware / pups
127.0.0.1 www.putlocker-downloader.com # hosts anti-adware / pups
127.0.0.1 www.puto.com # hosts anti-adware / pups
127.0.0.1 www.qwtbx.com # hosts anti-adware / pups
127.0.0.1 www.reallycoolapp.com # hosts anti-adware / pups
127.0.0.1 www.realtinypussy.org # hosts anti-adware / pups
127.0.0.1 www.rediremylink.com # hosts anti-adware / pups
127.0.0.1 www.regarder-tv.com # hosts anti-adware / pups
127.0.0.1 www.removeonline.com # hosts anti-adware / pups
127.0.0.1 www.removepcthreat.com # hosts anti-adware / pups
127.0.0.1 www.rescuemybrowser.com # hosts anti-adware / pups
127.0.0.1 www.retrogamer.com # hosts anti-adware / pups
127.0.0.1 www.safebro.com # hosts anti-adware / pups
127.0.0.1 www.sckarteast.us # hosts anti-adware / pups
127.0.0.1 www.securitystronghold.com # hosts anti-adware / pups
127.0.0.1 www.sendfilesapp.com # hosts anti-adware / pups
127.0.0.1 www.silentpornotube.com # hosts anti-adware / pups
127.0.0.1 www.simplyinstaller.com # hosts anti-adware / pups
127.0.0.1 www.skypegratuit.com # hosts anti-adware / pups
127.0.0.1 www.smarterpcsolutions.net # hosts anti-adware / pups
127.0.0.1 www.smuss.net # hosts anti-adware / pups
127.0.0.1 www.softigloo.com # hosts anti-adware / pups
127.0.0.1 www.softologic.com # hosts anti-adware / pups
127.0.0.1 www.softologicsa.com # hosts anti-adware / pups
127.0.0.1 www.softologicsb.com # hosts anti-adware / pups
127.0.0.1 www.softologicsc.com # hosts anti-adware / pups
127.0.0.1 www.softosystem.com # hosts anti-adware / pups
127.0.0.1 www.softpedia.com # hosts anti-adware / pups
127.0.0.1 www.software-files.net # hosts anti-adware / pups
127.0.0.1 www.softwaresbay.com # hosts anti-adware / pups
127.0.0.1 www.speedypc.com # hosts anti-adware / pups
127.0.0.1 www.sps-experten.de # hosts anti-adware / pups
127.0.0.1 www.spywarehelpcenter.com # hosts anti-adware / pups
127.0.0.1 www.spywareremove.com # hosts anti-adware / pups
127.0.0.1 www.spyware-techie.com # hosts anti-adware / pups
127.0.0.1 www.streaminghds.com # hosts anti-adware / pups
127.0.0.1 www.superfish.com # hosts anti-adware / pups
127.0.0.1 www.supprimer-spyware.org # hosts anti-adware / pups
127.0.0.1 www.telecharger-facile.com # hosts anti-adware / pups
127.0.0.1 www.telechargers.net # hosts anti-adware / pups
127.0.0.1 www.thelivetech.com # hosts anti-adware / pups
127.0.0.1 www.thetorrn-tv.net # hosts anti-adware / pups
127.0.0.1 www.toplugs.com # hosts anti-adware / pups
127.0.0.1 www.trackingtc123.com # hosts anti-adware / pups
127.0.0.1 www.tsxnrey.com # hosts anti-adware / pups
127.0.0.1 www.tuto4pc.com # hosts anti-adware / pups
127.0.0.1 www.twonext.com # hosts anti-adware / pups
127.0.0.1 www.uniblue.com # hosts anti-adware / pups 
127.0.0.1 www.videoconveertool.net # hosts anti-adware / pups
127.0.0.1 www.videodownloadconverter.com # hosts anti-adware / pups
127.0.0.1 www.videoipa.com # hosts anti-adware / pups
127.0.0.1 www.videoplusmusic.com # hosts anti-adware / pups
127.0.0.1 www.videotender.com # hosts anti-adware / pups
127.0.0.1 www.vioplayer.com # hosts anti-adware / pups
127.0.0.1 www.visualbe.com # hosts anti-adware / pups
127.0.0.1 www.viuagirl.com # hosts anti-adware / pups
127.0.0.1 www.wajam.com # hosts anti-adware / pups
127.0.0.1 www.wiki-security.com # hosts anti-adware / pups
127.0.0.1 www.windownloader24.com # hosts anti-adware / pups
127.0.0.1 www.winload.de # hosts anti-adware / pups
127.0.0.1 www.winpoal.fr # hosts anti-adware / pups
127.0.0.1 www.wisedownloads.com # hosts anti-adware / pups
127.0.0.1 www.wslinx.com # hosts anti-adware / pups
127.0.0.1 www.xlplayer.com # hosts anti-adware / pups
127.0.0.1 www.zilliontoolkitusa.info # hosts anti-adware / pups
127.0.0.1 www.zimbio.com # hosts anti-adware / pups
127.0.0.1 xmlinsp.ddbbvt.eu # hosts anti-adware / pups
127.0.0.1 xmlinstcp.ddbbvt.eu # hosts anti-adware / pups
127.0.0.1 xrstats.com # hosts anti-adware / pups
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#	127.0.0.1       localhost
#	::1             localhost


Not sure what all this means, but figured you might.

thanks for all your help.


----------



## johnb35

First of all, it looks like you ran malwarebytes without having it remove the infections.  Can you rerun it and make sure you click on the remove selected button to physically delete the items.  

At work right now but will check in when I get home.


----------



## bbudesa

actually, I did.  I posted the .txt results just prior.

talk more later.  Take care of work.

thanks


----------



## bbudesa

Just so we don't waste time waiting for each other, what time do you reckon you'll be back home and helping nongs like me?

I'll be back at that time.

thanks,

Bob


----------



## johnb35

I'm home now.  I see a few issues still.  I would like for you to do the following.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.






TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.






To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.






Please reboot the system if asked to do so. 

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example,  C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt  

Please open the log and copy and paste it back here.

2.

Please download and run Superantispyware free edition and post the log.

http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

Make sure its fully updated before you run a full scan.

3

Rerun hijackthis but this time press and hold the shift key while right clicking on the hijackthis icon and then click on run as admin.  You were getting that error because you weren't running it as admin.


----------



## bbudesa

OK, back behind the mouse.

I'll give this a try.

thanks

Ran TDSSKiller, but couldn't find the log file.  I usually just save them to desktop for easy retrieval.  would the log file have been saved elsewhere?

Superantispyware is running, and finding threats.  will report soon.


----------



## johnb35

bbudesa said:


> Ran TDSSKiller, but couldn't find the log file.  I usually just save them to desktop for easy retrieval.  would the log file have been saved elsewhere?
> 
> Superantispyware is running, and finding threats.  will report soon.



The tdsskiller log will be located at the root of the C drive.   Example.

c:\TDSSKiller.2.8.16.0_20.09.2013_19.46.16_log


----------



## bbudesa

have to send log of SUPERAntiSpyware in two messages, cuz it's too long.

part 1

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/05/2013 at 12:19 PM

Application Version : 5.6.1040

Core Rules Database Version : 10812
Trace Rules Database Version: 8624

Scan type       : Quick Scan
Total Scan Time : 00:03:58

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 578
Memory threats detected   : 0
Registry items scanned    : 60349
Registry threats detected : 0
File items scanned        : 10891
File threats detected     : 558

Adware.Tracking Cookie
	.atdmt.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.adinterax.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.dmtracker.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.technoratimedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.technoratimedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.dealtime.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.bookfinder.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	accounts.key.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.adxpose.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	demandmedia.trc.taboola.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.saymedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.saymedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	media2.legacy.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	media2.legacy.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.yieldmanager.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.thefind.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.atwola.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.burstnet.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.adtechus.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.adtechus.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.pro-market.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.legolas-media.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.mediaforge.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.ad.mlnadvertising.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.steelhousemedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.specificmedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.picadmedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.realmedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.247realmedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.amazon-adsystem.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.thefind.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.thefind.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.thefind.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.atwola.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]


----------



## bbudesa

part 2

.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.saymedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.saymedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.fisherinvestments.112.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.findthecompany.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.yadro.ru [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.yadro.ru [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.findthecompany.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.findthecompany.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.companies.findthecompany.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.s.clickability.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.vancepublishing.112.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.chitika.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.saxowesterncommunications.122.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.bookfinder.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.pointroll.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.highbeam.122.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.solvemedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.solvemedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.eyeviewads.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.compasshealthcare.122.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.keybank.112.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.intouchsolutions.112.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wjnywlc5wbp.stats.esomniture.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.networkten.122.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.nbcuniversal.122.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	uk.sitestat.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	uk.sitestat.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	engine.valueviewmedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	engine.valueviewmedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	engine.valueviewmedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	ads.cpallmedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	media.lsbet.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.scrippsfoodnet.112.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.web-stat.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.web-stat.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.web-stat.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.getclicky.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.tourdefrance.thetourtracker.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.tourdefrance.thetourtracker.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.warnerbros.112.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.s0.2mdn.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.s0.2mdn.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.stats.gearjunkie.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.bookfinder.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	rotator.adjuggler.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	rotator.adjuggler.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.microsoftwlcashback.112.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.adultadworld.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.adultadworld.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.adxpansion.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.cbsdigitalmedia.112.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.gntbcstglobal.112.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	cn.clickable.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wnmiwiczwep.stats.esomniture.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.paypal.112.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.yieldmanager.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.intermundomedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.intermundomedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.adinterax.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.timeinc.122.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.burstbeacon.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.media.adfrontiers.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.media.adfrontiers.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.clickbooth.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	tracking.callmeasurement.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	tracking.callmeasurement.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	traffic.prod.cobaltgroup.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	delivery.adseekmedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	delivery.adseekmedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	delivery.adseekmedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	delivery.adseekmedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	delivery.adseekmedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6afk4kgd5eaq.stats.esomniture.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	openx.sexsearch.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.socialsex.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.socialsex.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.socialsex.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	wt.socialsex.biz [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.youporn.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wcmiqidpeco.stats.esomniture.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.overtons.112.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.mmstat.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.s.clickability.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.vml.112.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.ewscripps.112.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.solvemedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.solvemedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.gmchevrolet.112.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	track.adform.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.adform.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	mediaservices-d.openxenterprise.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.saymedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.mpstat.us [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	343track.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.mmotraffic.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.media2.legacy.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	lfscpttracking.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.steelhousemedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.atwola.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.tripod.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.histats.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	cipc.memberclicks.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.mmotraffic.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.bizrate.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.bizrate.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	stat.dealtime.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.bookfinder.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.bookfinder.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.bookfinder.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.bookfinder.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.bookfinder.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.bookfinder.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	343track.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	tracktrk.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	tracktrk.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.lucidmedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.bravenet.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.yieldmanager.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.yieldmanager.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	cts.lipixeltrack.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.clickbank.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.www.media970.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.server.cpmstar.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.accounts.google.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	accountaccess.edwardjones.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	accountaccess.edwardjones.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	accountaccess.edwardjones.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.accountaccess.edwardjones.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.accountaccess.edwardjones.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.accountaccess.edwardjones.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	cts.lipixeltrack.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	cts.lipixeltrack.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	tracktrack.info [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.crackle.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.crackle.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.www.crackle.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.www.crackle.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.www.crackle.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.crackle.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.crackle.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.crackle.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.crackle.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.omn.crackle.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.stats.paypal.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.www.media970.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.www.media970.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.www.media970.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.pointroll.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.imitrack.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.imitrack.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.c.atdmt.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	cts.lipixeltrack.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	advpixeltrack.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	advpixeltrack.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.mmotraffic.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.mmotraffic.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	cts.lipixeltrack.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	cts.lipixeltrack.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	cts.lipixeltrack.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	cts.lipixeltrack.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	demandmedia.trc.taboola.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	demandmedia.trc.taboola.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	demandmedia.trc.taboola.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	demandmedia.trc.taboola.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.gtrkr.sitescoutadserver.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.www.media970.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	affiliate.mlntracker.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.scrilltrk.sitescoutadserver.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.scrilltrk.sitescoutadserver.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	media.charter.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	cts.lipixeltrack.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.clickbank.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.msnbc.112.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.technoratimedia.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.www.media970.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.www.media970.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	3181142.fls.doubleclick.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	lfscpttracking.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.questionmarket.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	cts.lipixeltrack.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.sparknetworks.112.2o7.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\BOB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PHM5365Y.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.questionmarket.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.questionmarket.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tribalfusion.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.fastclick.net [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.fastclick.net [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.traveladvertising.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.traveladvertising.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adviva.net [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.statcounter.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.specificclick.net [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.amazon-adsystem.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.amazon-adsystem.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.lucidmedia.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ru4.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ru4.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.yieldmanager.net [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	fr.sitestat.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	fr.sitestat.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atlanticmedia.122.2o7.net [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.youtube.com [ C:\USERS\BOB\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]


----------



## bbudesa

results of recent HighjackThis scan:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:26:19 PM, on 10/5/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16686)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:49551;https=127.0.0.1:49551
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: (no name) - {0134af61-7a0c-4649-aeca-90d776060cb3} - (no file)
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11160 bytes


----------



## johnb35

I'm still waiting on the log from tdsskiller.  In the meantime, please do the following as Superantispyware didn't catch what I thought it would.  

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats 
Accept any security warnings from your browser. 
Check Scan archives 
Click Start 
ESET will then download updates, install and then start scanning your system. 
When the scan is done, push list of found threats 
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply. 
If no threats are found then it won't produce a log.


I will most likely be gone for the evening and won't be home until later, will check back in then.


----------



## bbudesa

Once again, sending in two messages:



12:43:04.0989 5696  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:43:05.0907 5696  ============================================================
12:43:05.0907 5696  Current date / time: 2013/10/05 12:43:05.0907
12:43:05.0907 5696  SystemInfo:
12:43:05.0907 5696  
12:43:05.0907 5696  OS Version: 6.1.7601 ServicePack: 1.0
12:43:05.0907 5696  Product type: Workstation
12:43:05.0907 5696  ComputerName: BUDESAPC
12:43:05.0907 5696  UserName: Bob
12:43:05.0907 5696  Windows directory: C:\Windows
12:43:05.0907 5696  System windows directory: C:\Windows
12:43:05.0907 5696  Running under WOW64
12:43:05.0907 5696  Processor architecture: Intel x64
12:43:05.0907 5696  Number of processors: 3
12:43:05.0907 5696  Page size: 0x1000
12:43:05.0907 5696  Boot type: Normal boot
12:43:05.0908 5696  ============================================================
12:43:07.0480 5696  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:43:07.0486 5696  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:43:11.0264 5696  ============================================================
12:43:11.0264 5696  \Device\Harddisk0\DR0:
12:43:11.0284 5696  MBR partitions:
12:43:11.0284 5696  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:43:11.0284 5696  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
12:43:11.0284 5696  \Device\Harddisk1\DR1:
12:43:11.0318 5696  MBR partitions:
12:43:11.0318 5696  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C41
12:43:11.0318 5696  ============================================================
12:43:11.0339 5696  C: <-> \Device\Harddisk0\DR0\Partition2
12:43:11.0359 5696  E: <-> \Device\Harddisk1\DR1\Partition1
12:43:11.0359 5696  ============================================================
12:43:11.0359 5696  Initialize success
12:43:11.0359 5696  ============================================================
12:43:13.0258 2560  ============================================================
12:43:13.0258 2560  Scan started
12:43:13.0258 2560  Mode: Manual; 
12:43:13.0258 2560  ============================================================
12:43:13.0942 2560  ================ Scan system memory ========================
12:43:13.0942 2560  System memory - ok
12:43:13.0943 2560  ================ Scan services =============================
12:43:14.0018 2560  [ ABDCD326E1DD1C62509ED94C278A7453 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
12:43:14.0021 2560  !SASCORE - ok
12:43:14.0280 2560  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:43:14.0284 2560  1394ohci - ok
12:43:14.0304 2560  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:43:14.0310 2560  ACPI - ok
12:43:14.0327 2560  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:43:14.0329 2560  AcpiPmi - ok
12:43:14.0456 2560  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:43:14.0459 2560  AdobeARMservice - ok
12:43:14.0550 2560  [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:43:14.0555 2560  AdobeFlashPlayerUpdateSvc - ok
12:43:14.0596 2560  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:43:14.0605 2560  adp94xx - ok
12:43:14.0661 2560  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:43:14.0666 2560  adpahci - ok
12:43:14.0717 2560  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:43:14.0721 2560  adpu320 - ok
12:43:14.0754 2560  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:43:14.0757 2560  AeLookupSvc - ok
12:43:14.0804 2560  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
12:43:14.0812 2560  AFD - ok
12:43:14.0850 2560  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:43:14.0851 2560  agp440 - ok
12:43:14.0868 2560  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:43:14.0870 2560  ALG - ok
12:43:14.0913 2560  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:43:14.0914 2560  aliide - ok
12:43:14.0953 2560  [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:43:14.0957 2560  AMD External Events Utility - ok
12:43:14.0978 2560  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:43:14.0979 2560  amdide - ok
12:43:15.0006 2560  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:43:15.0007 2560  AmdK8 - ok
12:43:15.0020 2560  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:43:15.0021 2560  AmdPPM - ok
12:43:15.0032 2560  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:43:15.0034 2560  amdsata - ok
12:43:15.0052 2560  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:43:15.0054 2560  amdsbs - ok
12:43:15.0065 2560  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:43:15.0066 2560  amdxata - ok
12:43:15.0092 2560  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:43:15.0093 2560  AppID - ok
12:43:15.0114 2560  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:43:15.0115 2560  AppIDSvc - ok
12:43:15.0140 2560  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
12:43:15.0141 2560  Appinfo - ok
12:43:15.0230 2560  [ 30E3850F303EAE5C364782EA78579CC9 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:43:15.0233 2560  Apple Mobile Device - ok
12:43:15.0274 2560  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:43:15.0277 2560  arc - ok
12:43:15.0299 2560  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:43:15.0301 2560  arcsas - ok
12:43:15.0352 2560  [ EDAA17CE771C696655B6585F7CAD2100 ] ASInsHelp       C:\Windows\SysWow64\drivers\AsInsHelp64.sys
12:43:15.0354 2560  ASInsHelp - ok
12:43:15.0370 2560  [ 8065A7659562005127673AC52898675F ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
12:43:15.0372 2560  AsIO - ok
12:43:15.0400 2560  [ A83C9C15680BB9E270ACF7172068E287 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
12:43:15.0402 2560  aswFsBlk - ok
12:43:15.0439 2560  [ C9ABD6DB930C89A3BAD4D2EBD59D5652 ] aswFW           C:\Windows\system32\drivers\aswFW.sys
12:43:15.0441 2560  aswFW - ok
12:43:15.0475 2560  [ D07E6D1765AEDD75E67987921BBA43AD ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
12:43:15.0476 2560  aswKbd - ok
12:43:15.0514 2560  [ 5C40B8D77EBEE1DE0E7A8CDD0CD75773 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
12:43:15.0517 2560  aswMonFlt - ok
12:43:15.0549 2560  [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis         C:\Windows\system32\DRIVERS\aswNdis.sys
12:43:15.0550 2560  aswNdis - ok
12:43:15.0569 2560  [ A433346FFCE6C0F18DFE13946CDBAA29 ] aswNdis2        C:\Windows\system32\drivers\aswNdis2.sys
12:43:15.0574 2560  aswNdis2 - ok
12:43:15.0609 2560  [ 997F6977294B9ACB7F400431DF8E3A4A ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
12:43:15.0611 2560  aswRdr - ok
12:43:15.0661 2560  [ 286193DC28CFB4CEB8D378E20A0850A9 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
12:43:15.0663 2560  aswRvrt - ok
12:43:15.0696 2560  [ 58B93BA20D4693D0800D2B0A62B8059D ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
12:43:15.0704 2560  aswSnx - ok
12:43:15.0754 2560  [ EC7148DB4D126C81426A67602822E62C ] aswSP           C:\Windows\system32\drivers\aswSP.sys
12:43:15.0761 2560  aswSP - ok
12:43:15.0779 2560  [ 0E422E9CB7CD9C0AA6D4DFEAFA086EAA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
12:43:15.0781 2560  aswTdi - ok
12:43:15.0794 2560  [ 9FE455C916C656144B004E3EB48507CE ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
12:43:15.0796 2560  aswVmm - ok
12:43:15.0809 2560  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:43:15.0810 2560  AsyncMac - ok
12:43:15.0843 2560  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:43:15.0844 2560  atapi - ok
12:43:15.0990 2560  [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:43:16.0019 2560  atikmdag - ok
12:43:16.0029 2560  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
12:43:16.0030 2560  AtiPcie - ok
12:43:16.0069 2560  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:43:16.0080 2560  AudioEndpointBuilder - ok
12:43:16.0094 2560  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:43:16.0099 2560  AudioSrv - ok
12:43:16.0166 2560  [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
12:43:16.0168 2560  avast! Antivirus - ok
12:43:16.0209 2560  [ 68E3356BC848124F56BDAC3C70C2E54B ] avast! Firewall C:\Program Files\Alwil Software\Avast5\afwServ.exe
12:43:16.0212 2560  avast! Firewall - ok
12:43:16.0247 2560  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:43:16.0250 2560  AxInstSV - ok
12:43:16.0278 2560  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:43:16.0285 2560  b06bdrv - ok
12:43:16.0306 2560  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:43:16.0309 2560  b57nd60a - ok
12:43:16.0352 2560  [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
12:43:16.0354 2560  BBSvc - ok
12:43:16.0379 2560  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:43:16.0383 2560  BDESVC - ok
12:43:16.0391 2560  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:43:16.0393 2560  Beep - ok
12:43:16.0525 2560  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:43:16.0536 2560  BFE - ok
12:43:16.0595 2560  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
12:43:16.0614 2560  BITS - ok
12:43:16.0632 2560  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:43:16.0633 2560  blbdrive - ok
12:43:16.0678 2560  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:43:16.0681 2560  Bonjour Service - ok
12:43:16.0713 2560  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:43:16.0713 2560  bowser - ok
12:43:16.0740 2560  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:43:16.0741 2560  BrFiltLo - ok
12:43:16.0750 2560  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:43:16.0752 2560  BrFiltUp - ok
12:43:16.0783 2560  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:43:16.0785 2560  BridgeMP - ok
12:43:16.0823 2560  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:43:16.0825 2560  Browser - ok
12:43:16.0833 2560  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:43:16.0836 2560  Brserid - ok
12:43:16.0841 2560  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:43:16.0842 2560  BrSerWdm - ok
12:43:16.0847 2560  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:43:16.0848 2560  BrUsbMdm - ok
12:43:16.0853 2560  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:43:16.0854 2560  BrUsbSer - ok
12:43:16.0865 2560  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:43:16.0865 2560  BTHMODEM - ok
12:43:16.0891 2560  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:43:16.0892 2560  bthserv - ok
12:43:16.0903 2560  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:43:16.0904 2560  cdfs - ok
12:43:16.0937 2560  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:43:16.0939 2560  cdrom - ok
12:43:16.0988 2560  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:43:16.0991 2560  CertPropSvc - ok
12:43:17.0025 2560  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:43:17.0028 2560  circlass - ok
12:43:17.0050 2560  cleanhlp - ok
12:43:17.0202 2560  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:43:17.0210 2560  CLFS - ok
12:43:17.0267 2560  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:43:17.0269 2560  clr_optimization_v2.0.50727_32 - ok
12:43:17.0300 2560  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:43:17.0301 2560  clr_optimization_v2.0.50727_64 - ok
12:43:17.0387 2560  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:43:17.0389 2560  clr_optimization_v4.0.30319_32 - ok
12:43:17.0434 2560  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:43:17.0435 2560  clr_optimization_v4.0.30319_64 - ok
12:43:17.0451 2560  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:43:17.0451 2560  CmBatt - ok
12:43:17.0488 2560  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:43:17.0488 2560  cmdide - ok
12:43:17.0526 2560  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
12:43:17.0534 2560  CNG - ok
12:43:17.0555 2560  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:43:17.0556 2560  Compbatt - ok
12:43:17.0581 2560  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:43:17.0582 2560  CompositeBus - ok
12:43:17.0586 2560  COMSysApp - ok
12:43:17.0626 2560  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:43:17.0628 2560  crcdisk - ok
12:43:17.0669 2560  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:43:17.0671 2560  CryptSvc - ok
12:43:17.0750 2560  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:43:17.0757 2560  DcomLaunch - ok
12:43:17.0786 2560  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:43:17.0788 2560  defragsvc - ok
12:43:17.0825 2560  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:43:17.0826 2560  DfsC - ok
12:43:17.0836 2560  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:43:17.0838 2560  Dhcp - ok
12:43:17.0847 2560  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:43:17.0848 2560  discache - ok
12:43:17.0875 2560  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:43:17.0876 2560  Disk - ok
12:43:17.0905 2560  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:43:17.0906 2560  Dnscache - ok
12:43:17.0940 2560  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:43:17.0942 2560  dot3svc - ok
12:43:17.0977 2560  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
12:43:17.0980 2560  Dot4 - ok
12:43:18.0015 2560  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
12:43:18.0017 2560  Dot4Print - ok
12:43:18.0026 2560  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
12:43:18.0028 2560  dot4usb - ok
12:43:18.0049 2560  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:43:18.0055 2560  DPS - ok
12:43:18.0082 2560  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:43:18.0084 2560  drmkaud - ok
12:43:18.0135 2560  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:43:18.0150 2560  DXGKrnl - ok
12:43:18.0172 2560  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:43:18.0174 2560  EapHost - ok
12:43:18.0251 2560  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:43:18.0270 2560  ebdrv - ok
12:43:18.0302 2560  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
12:43:18.0304 2560  EFS - ok
12:43:18.0353 2560  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:43:18.0357 2560  ehRecvr - ok
12:43:18.0377 2560  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:43:18.0378 2560  ehSched - ok
12:43:18.0401 2560  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:43:18.0410 2560  elxstor - ok
12:43:18.0443 2560  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:43:18.0443 2560  ErrDev - ok
12:43:18.0492 2560  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:43:18.0502 2560  EventSystem - ok
12:43:18.0525 2560  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:43:18.0529 2560  exfat - ok
12:43:18.0546 2560  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:43:18.0550 2560  fastfat - ok
12:43:18.0620 2560  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:43:18.0625 2560  Fax - ok
12:43:18.0630 2560  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:43:18.0630 2560  fdc - ok
12:43:18.0643 2560  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:43:18.0645 2560  fdPHost - ok
12:43:18.0662 2560  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:43:18.0663 2560  FDResPub - ok
12:43:18.0671 2560  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:43:18.0672 2560  FileInfo - ok
12:43:18.0676 2560  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:43:18.0676 2560  Filetrace - ok
12:43:18.0680 2560  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:43:18.0681 2560  flpydisk - ok
12:43:18.0691 2560  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:43:18.0693 2560  FltMgr - ok
12:43:18.0744 2560  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
12:43:18.0760 2560  FontCache - ok
12:43:18.0806 2560  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:43:18.0808 2560  FontCache3.0.0.0 - ok
12:43:18.0825 2560  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:43:18.0826 2560  FsDepends - ok
12:43:18.0859 2560  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:43:18.0860 2560  Fs_Rec - ok
12:43:18.0898 2560  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:43:18.0900 2560  fvevol - ok
12:43:18.0914 2560  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:43:18.0915 2560  gagp30kx - ok
12:43:18.0943 2560  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:43:18.0944 2560  GEARAspiWDM - ok
12:43:18.0987 2560  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:43:18.0995 2560  gpsvc - ok
12:43:19.0071 2560  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:43:19.0074 2560  gupdate - ok
12:43:19.0083 2560  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:43:19.0086 2560  gupdatem - ok
12:43:19.0129 2560  [ C1B577B2169900F4CF7190C39F085794 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:43:19.0132 2560  gusvc - ok
12:43:19.0150 2560  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:43:19.0152 2560  hcw85cir - ok
12:43:19.0195 2560  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:43:19.0201 2560  HdAudAddService - ok
12:43:19.0313 2560  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:43:19.0316 2560  HDAudBus - ok
12:43:19.0333 2560  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:43:19.0335 2560  HidBatt - ok
12:43:19.0341 2560  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:43:19.0342 2560  HidBth - ok
12:43:19.0348 2560  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:43:19.0349 2560  HidIr - ok
12:43:19.0363 2560  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
12:43:19.0365 2560  hidserv - ok
12:43:19.0371 2560  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:43:19.0371 2560  HidUsb - ok
12:43:19.0404 2560  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:43:19.0405 2560  hkmsvc - ok
12:43:19.0442 2560  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:43:19.0450 2560  HomeGroupListener - ok
12:43:19.0472 2560  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:43:19.0482 2560  HomeGroupProvider - ok
12:43:19.0597 2560  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
12:43:19.0602 2560  hpqcxs08 - ok
12:43:19.0646 2560  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
12:43:19.0649 2560  hpqddsvc - ok
12:43:19.0683 2560  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:43:19.0686 2560  HpSAMD - ok
12:43:19.0744 2560  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
12:43:19.0762 2560  HPSLPSVC - ok
12:43:19.0813 2560  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:43:19.0825 2560  HTTP - ok
12:43:19.0855 2560  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:43:19.0856 2560  hwpolicy - ok
12:43:19.0893 2560  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:43:19.0896 2560  i8042prt - ok
12:43:19.0922 2560  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:43:19.0929 2560  iaStorV - ok
12:43:19.0975 2560  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:43:19.0978 2560  IDriverT - ok


----------



## bbudesa

part 2:

12:43:20.0027 2560  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:43:20.0041 2560  idsvc - ok
12:43:20.0069 2560  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:43:20.0070 2560  iirsp - ok
12:43:20.0117 2560  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
12:43:20.0133 2560  IKEEXT - ok
12:43:20.0170 2560  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:43:20.0170 2560  intelide - ok
12:43:20.0187 2560  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:43:20.0187 2560  intelppm - ok
12:43:20.0252 2560  [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
12:43:20.0254 2560  IntuitUpdateService - ok
12:43:20.0272 2560  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:43:20.0278 2560  IPBusEnum - ok
12:43:20.0317 2560  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:43:20.0320 2560  IpFilterDriver - ok
12:43:20.0363 2560  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:43:20.0375 2560  iphlpsvc - ok
12:43:20.0413 2560  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:43:20.0415 2560  IPMIDRV - ok
12:43:20.0440 2560  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:43:20.0443 2560  IPNAT - ok
12:43:20.0512 2560  [ 71F993192EB04B2C4C80F2DEE9119229 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
12:43:20.0523 2560  iPod Service - ok
12:43:20.0565 2560  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:43:20.0566 2560  IRENUM - ok
12:43:20.0580 2560  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:43:20.0581 2560  isapnp - ok
12:43:20.0601 2560  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:43:20.0603 2560  iScsiPrt - ok
12:43:20.0621 2560  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:43:20.0622 2560  kbdclass - ok
12:43:20.0633 2560  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:43:20.0634 2560  kbdhid - ok
12:43:20.0641 2560  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
12:43:20.0644 2560  KeyIso - ok
12:43:20.0681 2560  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:43:20.0682 2560  KSecDD - ok
12:43:20.0715 2560  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:43:20.0717 2560  KSecPkg - ok
12:43:20.0734 2560  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:43:20.0735 2560  ksthunk - ok
12:43:20.0763 2560  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:43:20.0768 2560  KtmRm - ok
12:43:20.0806 2560  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:43:20.0812 2560  LanmanServer - ok
12:43:20.0846 2560  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:43:20.0852 2560  LanmanWorkstation - ok
12:43:20.0902 2560  [ FCBDCC6F1801E32244235608E1277752 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:43:20.0903 2560  LightScribeService - ok
12:43:20.0916 2560  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:43:20.0917 2560  lltdio - ok
12:43:20.0930 2560  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:43:20.0935 2560  lltdsvc - ok
12:43:20.0948 2560  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:43:20.0951 2560  lmhosts - ok
12:43:20.0964 2560  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:43:20.0966 2560  LSI_FC - ok
12:43:20.0972 2560  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:43:20.0973 2560  LSI_SAS - ok
12:43:20.0984 2560  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:43:20.0985 2560  LSI_SAS2 - ok
12:43:21.0002 2560  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:43:21.0003 2560  LSI_SCSI - ok
12:43:21.0024 2560  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:43:21.0025 2560  luafv - ok
12:43:21.0055 2560  [ C586CC39820B6E7FE3657FED8329D300 ] lvpopf64        C:\Windows\system32\DRIVERS\lvpopf64.sys
12:43:21.0058 2560  lvpopf64 - ok
12:43:21.0095 2560  [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2M64        C:\Windows\system32\DRIVERS\LVPr2M64.sys
12:43:21.0097 2560  LVPr2M64 - ok
12:43:21.0104 2560  [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2M64.sys
12:43:21.0106 2560  LVPr2Mon - ok
12:43:21.0182 2560  [ 9CD0DC863BE5D40A762F7D84F11A8471 ] LVPrcS64        C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
12:43:21.0186 2560  LVPrcS64 - ok
12:43:21.0227 2560  [ 224AB3850F573A419F921C41A15D7F5B ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
12:43:21.0233 2560  LVRS64 - ok
12:43:21.0383 2560  [ BFBA84B8A9C233AE42B11CF7BDFC6C01 ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
12:43:21.0415 2560  LVUVC64 - ok
12:43:21.0509 2560  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:43:21.0511 2560  MBAMProtector - ok
12:43:21.0588 2560  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:43:21.0595 2560  MBAMScheduler - ok
12:43:21.0645 2560  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:43:21.0657 2560  MBAMService - ok
12:43:21.0702 2560  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:43:21.0709 2560  Mcx2Svc - ok
12:43:21.0732 2560  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:43:21.0734 2560  megasas - ok
12:43:21.0752 2560  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:43:21.0757 2560  MegaSR - ok
12:43:21.0783 2560  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:43:21.0789 2560  MMCSS - ok
12:43:21.0805 2560  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:43:21.0808 2560  Modem - ok
12:43:21.0848 2560  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:43:21.0850 2560  monitor - ok
12:43:21.0868 2560  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:43:21.0870 2560  mouclass - ok
12:43:21.0880 2560  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:43:21.0881 2560  mouhid - ok
12:43:21.0913 2560  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:43:21.0914 2560  mountmgr - ok
12:43:21.0951 2560  [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:43:21.0954 2560  MozillaMaintenance - ok
12:43:21.0974 2560  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:43:21.0977 2560  mpio - ok
12:43:21.0995 2560  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:43:21.0998 2560  mpsdrv - ok
12:43:22.0061 2560  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:43:22.0078 2560  MpsSvc - ok
12:43:22.0118 2560  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:43:22.0122 2560  MRxDAV - ok
12:43:22.0160 2560  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:43:22.0164 2560  mrxsmb - ok
12:43:22.0208 2560  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:43:22.0214 2560  mrxsmb10 - ok
12:43:22.0234 2560  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:43:22.0237 2560  mrxsmb20 - ok
12:43:22.0268 2560  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:43:22.0270 2560  msahci - ok
12:43:22.0311 2560  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:43:22.0314 2560  msdsm - ok
12:43:22.0335 2560  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:43:22.0343 2560  MSDTC - ok
12:43:22.0372 2560  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:43:22.0373 2560  Msfs - ok
12:43:22.0382 2560  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:43:22.0383 2560  mshidkmdf - ok
12:43:22.0396 2560  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:43:22.0397 2560  msisadrv - ok
12:43:22.0420 2560  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:43:22.0423 2560  MSiSCSI - ok
12:43:22.0428 2560  msiserver - ok
12:43:22.0441 2560  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:43:22.0442 2560  MSKSSRV - ok
12:43:22.0455 2560  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:43:22.0456 2560  MSPCLOCK - ok
12:43:22.0490 2560  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:43:22.0491 2560  MSPQM - ok
12:43:22.0530 2560  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:43:22.0536 2560  MsRPC - ok
12:43:22.0575 2560  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:43:22.0577 2560  mssmbios - ok
12:43:22.0653 2560  MSSQL$XMAP7 - ok
12:43:22.0725 2560  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
12:43:22.0727 2560  MSSQLServerADHelper100 - ok
12:43:22.0746 2560  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:43:22.0748 2560  MSTEE - ok
12:43:22.0756 2560  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:43:22.0758 2560  MTConfig - ok
12:43:22.0796 2560  [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
12:43:22.0797 2560  MTsensor - ok
12:43:22.0806 2560  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:43:22.0808 2560  Mup - ok
12:43:22.0847 2560  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:43:22.0854 2560  napagent - ok
12:43:22.0872 2560  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:43:22.0875 2560  NativeWifiP - ok
12:43:22.0918 2560  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:43:22.0926 2560  NDIS - ok
12:43:22.0936 2560  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:43:22.0937 2560  NdisCap - ok
12:43:22.0948 2560  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:43:22.0949 2560  NdisTapi - ok
12:43:22.0981 2560  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:43:22.0982 2560  Ndisuio - ok
12:43:23.0020 2560  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:43:23.0023 2560  NdisWan - ok
12:43:23.0040 2560  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:43:23.0042 2560  NDProxy - ok
12:43:23.0102 2560  [ 0FF3C6AA3E0FE0EB316DF5449B569463 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
12:43:23.0110 2560  Nero BackItUp Scheduler 4.0 - ok
12:43:23.0147 2560  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:43:23.0150 2560  Net Driver HPZ12 - ok
12:43:23.0166 2560  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:43:23.0168 2560  NetBIOS - ok
12:43:23.0200 2560  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:43:23.0203 2560  NetBT - ok
12:43:23.0214 2560  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
12:43:23.0217 2560  Netlogon - ok
12:43:23.0233 2560  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:43:23.0239 2560  Netman - ok
12:43:23.0260 2560  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:43:23.0266 2560  netprofm - ok
12:43:23.0290 2560  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:43:23.0292 2560  NetTcpPortSharing - ok
12:43:23.0320 2560  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:43:23.0321 2560  nfrd960 - ok
12:43:23.0357 2560  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:43:23.0363 2560  NlaSvc - ok
12:43:23.0371 2560  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:43:23.0372 2560  Npfs - ok
12:43:23.0389 2560  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:43:23.0392 2560  nsi - ok
12:43:23.0402 2560  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:43:23.0404 2560  nsiproxy - ok
12:43:23.0455 2560  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:43:23.0467 2560  Ntfs - ok
12:43:23.0503 2560  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:43:23.0505 2560  Null - ok
12:43:23.0541 2560  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:43:23.0544 2560  nvraid - ok
12:43:23.0566 2560  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:43:23.0570 2560  nvstor - ok
12:43:23.0589 2560  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:43:23.0592 2560  nv_agp - ok
12:43:23.0679 2560  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:43:23.0686 2560  odserv - ok
12:43:23.0725 2560  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:43:23.0728 2560  ohci1394 - ok
12:43:23.0759 2560  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:43:23.0762 2560  ose - ok
12:43:23.0799 2560  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:43:23.0811 2560  p2pimsvc - ok
12:43:23.0844 2560  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:43:23.0850 2560  p2psvc - ok
12:43:23.0876 2560  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:43:23.0878 2560  Parport - ok
12:43:23.0913 2560  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:43:23.0914 2560  partmgr - ok
12:43:23.0936 2560  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:43:23.0945 2560  PcaSvc - ok
12:43:23.0989 2560  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:43:23.0994 2560  pci - ok
12:43:24.0036 2560  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:43:24.0038 2560  pciide - ok
12:43:24.0065 2560  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:43:24.0070 2560  pcmcia - ok
12:43:24.0086 2560  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:43:24.0089 2560  pcw - ok
12:43:24.0117 2560  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:43:24.0127 2560  PEAUTH - ok
12:43:24.0172 2560  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:43:24.0175 2560  PerfHost - ok
12:43:24.0238 2560  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:43:24.0255 2560  pla - ok
12:43:24.0298 2560  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:43:24.0305 2560  PlugPlay - ok
12:43:24.0396 2560  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:43:24.0401 2560  Pml Driver HPZ12 - ok
12:43:24.0446 2560  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:43:24.0453 2560  PNRPAutoReg - ok
12:43:24.0491 2560  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:43:24.0502 2560  PNRPsvc - ok
12:43:24.0582 2560  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:43:24.0593 2560  PolicyAgent - ok
12:43:24.0628 2560  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:43:24.0633 2560  Power - ok
12:43:24.0672 2560  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:43:24.0674 2560  PptpMiniport - ok
12:43:24.0765 2560  [ 9D59831262CAD44E709D695FC9D5E7AB ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
12:43:24.0786 2560  PrintNotify - ok
12:43:24.0802 2560  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:43:24.0803 2560  Processor - ok
12:43:24.0831 2560  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:43:24.0834 2560  ProfSvc - ok
12:43:24.0845 2560  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:43:24.0848 2560  ProtectedStorage - ok
12:43:24.0887 2560  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:43:24.0888 2560  Psched - ok
12:43:24.0932 2560  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:43:24.0945 2560  ql2300 - ok
12:43:24.0974 2560  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:43:24.0976 2560  ql40xx - ok
12:43:24.0996 2560  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:43:25.0001 2560  QWAVE - ok
12:43:25.0013 2560  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:43:25.0014 2560  QWAVEdrv - ok
12:43:25.0027 2560  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:43:25.0028 2560  RasAcd - ok
12:43:25.0031 2560  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:43:25.0032 2560  RasAgileVpn - ok
12:43:25.0046 2560  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:43:25.0048 2560  RasAuto - ok
12:43:25.0075 2560  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:43:25.0076 2560  Rasl2tp - ok
12:43:25.0114 2560  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:43:25.0127 2560  RasMan - ok
12:43:25.0165 2560  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:43:25.0167 2560  RasPppoe - ok
12:43:25.0183 2560  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:43:25.0186 2560  RasSstp - ok
12:43:25.0229 2560  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:43:25.0235 2560  rdbss - ok
12:43:25.0254 2560  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:43:25.0256 2560  rdpbus - ok
12:43:25.0273 2560  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:43:25.0274 2560  RDPCDD - ok
12:43:25.0283 2560  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:43:25.0284 2560  RDPENCDD - ok
12:43:25.0290 2560  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:43:25.0291 2560  RDPREFMP - ok
12:43:25.0333 2560  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:43:25.0338 2560  RDPWD - ok
12:43:25.0376 2560  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:43:25.0380 2560  rdyboost - ok
12:43:25.0419 2560  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:43:25.0425 2560  RemoteAccess - ok
12:43:25.0456 2560  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:43:25.0466 2560  RemoteRegistry - ok
12:43:25.0483 2560  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:43:25.0491 2560  RpcEptMapper - ok
12:43:25.0506 2560  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:43:25.0508 2560  RpcLocator - ok
12:43:25.0550 2560  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\System32\rpcss.dll
12:43:25.0557 2560  RpcSs - ok
12:43:25.0579 2560  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:43:25.0581 2560  rspndr - ok
12:43:25.0615 2560  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
12:43:25.0620 2560  RTL8167 - ok
12:43:25.0628 2560  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
12:43:25.0631 2560  SamSs - ok
12:43:25.0699 2560  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
12:43:25.0701 2560  SASDIFSV - ok
12:43:25.0712 2560  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
12:43:25.0714 2560  SASKUTIL - ok
12:43:25.0753 2560  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:43:25.0756 2560  sbp2port - ok
12:43:25.0781 2560  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:43:25.0791 2560  SCardSvr - ok
12:43:25.0822 2560  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:43:25.0824 2560  scfilter - ok
12:43:25.0878 2560  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:43:25.0898 2560  Schedule - ok
12:43:25.0927 2560  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:43:25.0929 2560  SCPolicySvc - ok
12:43:25.0971 2560  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:43:25.0981 2560  SDRSVC - ok
12:43:26.0045 2560  [ 78779EE07231C658B483B1F38B5088DF ] SeaPort         C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
12:43:26.0050 2560  SeaPort - ok
12:43:26.0074 2560  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:43:26.0076 2560  secdrv - ok
12:43:26.0085 2560  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:43:26.0094 2560  seclogon - ok
12:43:26.0123 2560  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
12:43:26.0128 2560  SENS - ok
12:43:26.0138 2560  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:43:26.0142 2560  SensrSvc - ok
12:43:26.0155 2560  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:43:26.0156 2560  Serenum - ok
12:43:26.0167 2560  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:43:26.0168 2560  Serial - ok
12:43:26.0207 2560  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:43:26.0208 2560  sermouse - ok
12:43:26.0244 2560  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:43:26.0249 2560  SessionEnv - ok
12:43:26.0258 2560  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:43:26.0259 2560  sffdisk - ok
12:43:26.0266 2560  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:43:26.0267 2560  sffp_mmc - ok
12:43:26.0278 2560  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:43:26.0279 2560  sffp_sd - ok
12:43:26.0292 2560  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:43:26.0293 2560  sfloppy - ok
12:43:26.0319 2560  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:43:26.0324 2560  SharedAccess - ok
12:43:26.0342 2560  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:43:26.0348 2560  ShellHWDetection - ok
12:43:26.0364 2560  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:43:26.0366 2560  SiSRaid2 - ok
12:43:26.0376 2560  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:43:26.0377 2560  SiSRaid4 - ok
12:43:26.0410 2560  [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:43:26.0412 2560  SkypeUpdate - ok
12:43:26.0430 2560  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:43:26.0431 2560  Smb - ok
12:43:26.0453 2560  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:43:26.0457 2560  SNMPTRAP - ok
12:43:26.0468 2560  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:43:26.0468 2560  spldr - ok
12:43:26.0506 2560  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
12:43:26.0522 2560  Spooler - ok
12:43:26.0621 2560  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:43:26.0644 2560  sppsvc - ok
12:43:26.0713 2560  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:43:26.0722 2560  sppuinotify - ok
12:43:26.0754 2560  [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$XMAP7  c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.XMAP7\MSSQL\Binn\SQLAGENT.EXE
12:43:26.0761 2560  SQLAgent$XMAP7 - ok
12:43:26.0833 2560  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
12:43:26.0838 2560  SQLBrowser - ok
12:43:26.0861 2560  [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:43:26.0863 2560  SQLWriter - ok
12:43:26.0902 2560  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:43:26.0906 2560  srv - ok
12:43:26.0927 2560  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:43:26.0930 2560  srv2 - ok
12:43:26.0943 2560  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:43:26.0945 2560  srvnet - ok
12:43:26.0980 2560  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:43:26.0986 2560  SSDPSRV - ok
12:43:27.0001 2560  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:43:27.0006 2560  SstpSvc - ok
12:43:27.0029 2560  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:43:27.0030 2560  stexstor - ok
12:43:27.0076 2560  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:43:27.0094 2560  stisvc - ok
12:43:27.0157 2560  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:43:27.0159 2560  swenum - ok
12:43:27.0184 2560  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:43:27.0200 2560  swprv - ok
12:43:27.0276 2560  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:43:27.0293 2560  SysMain - ok
12:43:27.0321 2560  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:43:27.0324 2560  TabletInputService - ok
12:43:27.0361 2560  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:43:27.0365 2560  TapiSrv - ok
12:43:27.0384 2560  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:43:27.0387 2560  TBS - ok
12:43:27.0449 2560  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:43:27.0466 2560  Tcpip - ok
12:43:27.0504 2560  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:43:27.0517 2560  TCPIP6 - ok
12:43:27.0549 2560  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:43:27.0549 2560  tcpipreg - ok
12:43:27.0573 2560  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:43:27.0573 2560  TDPIPE - ok
12:43:27.0611 2560  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:43:27.0613 2560  TDTCP - ok
12:43:27.0651 2560  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:43:27.0655 2560  tdx - ok
12:43:27.0679 2560  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:43:27.0682 2560  TermDD - ok
12:43:27.0713 2560  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:43:27.0731 2560  TermService - ok
12:43:27.0758 2560  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:43:27.0768 2560  Themes - ok
12:43:27.0792 2560  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:43:27.0796 2560  THREADORDER - ok
12:43:27.0806 2560  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:43:27.0812 2560  TrkWks - ok
12:43:27.0858 2560  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:43:27.0862 2560  TrustedInstaller - ok
12:43:27.0907 2560  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:43:27.0910 2560  tssecsrv - ok
12:43:27.0945 2560  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:43:27.0947 2560  TsUsbFlt - ok
12:43:28.0000 2560  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:43:28.0003 2560  tunnel - ok
12:43:28.0038 2560  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:43:28.0040 2560  uagp35 - ok
12:43:28.0078 2560  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:43:28.0081 2560  udfs - ok
12:43:28.0110 2560  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:43:28.0115 2560  UI0Detect - ok
12:43:28.0154 2560  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:43:28.0156 2560  uliagpkx - ok
12:43:28.0193 2560  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
12:43:28.0196 2560  umbus - ok
12:43:28.0219 2560  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:43:28.0221 2560  UmPass - ok
12:43:28.0244 2560  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:43:28.0258 2560  upnphost - ok
12:43:28.0294 2560  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
12:43:28.0297 2560  USBAAPL64 - ok
12:43:28.0316 2560  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:43:28.0319 2560  usbaudio - ok
12:43:28.0339 2560  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:43:28.0342 2560  usbccgp - ok
12:43:28.0375 2560  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:43:28.0378 2560  usbcir - ok
12:43:28.0398 2560  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:43:28.0401 2560  usbehci - ok
12:43:28.0419 2560  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:43:28.0425 2560  usbhub - ok
12:43:28.0444 2560  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:43:28.0446 2560  usbohci - ok
12:43:28.0471 2560  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:43:28.0473 2560  usbprint - ok
12:43:28.0508 2560  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:43:28.0510 2560  usbscan - ok
12:43:28.0527 2560  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:43:28.0530 2560  USBSTOR - ok
12:43:28.0552 2560  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:43:28.0555 2560  usbuhci - ok
12:43:28.0621 2560  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:43:28.0631 2560  UxSms - ok
12:43:28.0658 2560  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
12:43:28.0665 2560  VaultSvc - ok
12:43:28.0698 2560  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:43:28.0701 2560  vdrvroot - ok
12:43:28.0749 2560  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:43:28.0766 2560  vds - ok
12:43:28.0786 2560  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:43:28.0787 2560  vga - ok
12:43:28.0795 2560  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:43:28.0796 2560  VgaSave - ok
12:43:28.0813 2560  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:43:28.0815 2560  vhdmp - ok
12:43:28.0864 2560  [ EB8E24360CAF3492E129B9E485CDCA9C ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
12:43:28.0871 2560  VIAHdAudAddService - ok
12:43:28.0902 2560  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:43:28.0903 2560  viaide - ok
12:43:28.0919 2560  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:43:28.0920 2560  volmgr - ok
12:43:28.0960 2560  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:43:28.0967 2560  volmgrx - ok
12:43:29.0002 2560  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:43:29.0008 2560  volsnap - ok
12:43:29.0039 2560  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:43:29.0043 2560  vsmraid - ok
12:43:29.0112 2560  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:43:29.0138 2560  VSS - ok
12:43:29.0147 2560  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
12:43:29.0148 2560  vwifibus - ok
12:43:29.0172 2560  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:43:29.0177 2560  W32Time - ok
12:43:29.0198 2560  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:43:29.0199 2560  WacomPen - ok
12:43:29.0223 2560  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:43:29.0224 2560  WANARP - ok
12:43:29.0228 2560  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:43:29.0229 2560  Wanarpv6 - ok
12:43:29.0300 2560  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:43:29.0317 2560  WatAdminSvc - ok
12:43:29.0360 2560  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:43:29.0372 2560  wbengine - ok
12:43:29.0398 2560  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:43:29.0402 2560  WbioSrvc - ok
12:43:29.0429 2560  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:43:29.0433 2560  wcncsvc - ok
12:43:29.0438 2560  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:43:29.0441 2560  WcsPlugInService - ok
12:43:29.0456 2560  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:43:29.0457 2560  Wd - ok
12:43:29.0496 2560  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:43:29.0508 2560  Wdf01000 - ok
12:43:29.0528 2560  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:43:29.0533 2560  WdiServiceHost - ok
12:43:29.0537 2560  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:43:29.0543 2560  WdiSystemHost - ok
12:43:29.0695 2560  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
12:43:29.0708 2560  WebClient - ok
12:43:29.0738 2560  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:43:29.0751 2560  Wecsvc - ok
12:43:29.0769 2560  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:43:29.0773 2560  wercplsupport - ok
12:43:29.0781 2560  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:43:29.0785 2560  WerSvc - ok
12:43:29.0798 2560  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:43:29.0799 2560  WfpLwf - ok
12:43:29.0812 2560  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:43:29.0813 2560  WIMMount - ok
12:43:29.0831 2560  WinDefend - ok
12:43:29.0841 2560  WinHttpAutoProxySvc - ok
12:43:29.0869 2560  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:43:29.0871 2560  Winmgmt - ok
12:43:29.0939 2560  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:43:29.0958 2560  WinRM - ok
12:43:30.0022 2560  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:43:30.0025 2560  WinUsb - ok
12:43:30.0065 2560  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:43:30.0087 2560  Wlansvc - ok
12:43:30.0184 2560  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:43:30.0198 2560  wlidsvc - ok
12:43:30.0211 2560  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:43:30.0212 2560  WmiAcpi - ok
12:43:30.0242 2560  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:43:30.0243 2560  wmiApSrv - ok
12:43:30.0257 2560  WMPNetworkSvc - ok
12:43:30.0277 2560  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:43:30.0287 2560  WPCSvc - ok
12:43:30.0320 2560  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:43:30.0331 2560  WPDBusEnum - ok
12:43:30.0351 2560  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:43:30.0353 2560  ws2ifsl - ok
12:43:30.0370 2560  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
12:43:30.0376 2560  wscsvc - ok
12:43:30.0380 2560  WSearch - ok
12:43:30.0469 2560  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:43:30.0496 2560  wuauserv - ok
12:43:30.0562 2560  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:43:30.0565 2560  WudfPf - ok
12:43:30.0582 2560  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:43:30.0585 2560  WUDFRd - ok
12:43:30.0601 2560  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:43:30.0607 2560  wudfsvc - ok
12:43:30.0643 2560  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:43:30.0650 2560  WwanSvc - ok
12:43:30.0658 2560  ================ Scan global ===============================
12:43:30.0694 2560  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:43:30.0729 2560  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
12:43:30.0750 2560  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
12:43:30.0774 2560  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:43:30.0792 2560  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:43:30.0797 2560  [Global] - ok
12:43:30.0798 2560  ================ Scan MBR ==================================
12:43:30.0805 2560  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:43:30.0998 2560  \Device\Harddisk0\DR0 - ok
12:43:31.0002 2560  [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR1
12:43:31.0219 2560  \Device\Harddisk1\DR1 - ok
12:43:31.0219 2560  ================ Scan VBR ==================================
12:43:31.0221 2560  [ 6DC1B7CC6B15A1BA57938527F31318A9 ] \Device\Harddisk0\DR0\Partition1
12:43:31.0223 2560  \Device\Harddisk0\DR0\Partition1 - ok
12:43:31.0231 2560  [ DC814D3644824EFC894DD74BEB9CA6BA ] \Device\Harddisk0\DR0\Partition2
12:43:31.0232 2560  \Device\Harddisk0\DR0\Partition2 - ok
12:43:31.0236 2560  [ 8F65FA7E286D8B9F1E7C6BF92F3629E7 ] \Device\Harddisk1\DR1\Partition1
12:43:31.0238 2560  \Device\Harddisk1\DR1\Partition1 - ok
12:43:31.0239 2560  ============================================================
12:43:31.0239 2560  Scan finished
12:43:31.0239 2560  ============================================================
12:43:31.0246 4832  Detected object count: 0
12:43:31.0246 4832  Actual detected object count: 0


----------



## johnb35

Ok, tdsskiller log is good.  Continue with the eset scan.


----------



## bbudesa

I missed a keystroke in ESET, tried to run again, and it wouldn't let me.  Tried to uninstall, re-install, and the process is cumbersome.

Hope to have .txt soon.

ugh!

finally got ESET running again, but in my haste, I forgot to have it scan the Archives only.  So, it's running the whole system.

I fear it will take a while, although it's about 1/3 done with nothing found.



ESET scan complete.

No threats, no objects cleaned.


----------



## johnb35

Ok, then.  Please do the following.

Upload this file to www.virustotal.com

c:\windows\system32\dmwu.exe

Once you get the results, copy and paste the url address into your reply.  

Also go here and let me know if there are any files inside this folder.

c:\windows\system32\ljkb


----------



## bbudesa

John - I have neither \dmwu.exe nor \ljkb in C:\Windows\System32


----------



## bbudesa

ran Rkill (some of this stuff certainly looks suspicious, but I'm not sure what to do with it):

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/06/2013 10:37:27 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * HOSTS file entries found: 

  127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
  127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
  127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
  127.0.0.1 2010-fr.com # hosts anti-adware / pups
  127.0.0.1 2012-new.biz # hosts anti-adware / pups
  127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
  127.0.0.1 24h00business.com # hosts anti-adware / pups
  127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
  127.0.0.1 ad.adn360.com # hosts anti-adware / pups
  127.0.0.1 adeartss.eu # hosts anti-adware / pups
  127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
  127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
  127.0.0.1 adm.soft365.com # hosts anti-adware / pups
  127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
  127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
  127.0.0.1 ads.aff.co # hosts anti-adware / pups
  127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
  127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
  127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
  127.0.0.1 ads.hooqy.com # hosts anti-adware / pups

  20 out of 623 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 10/06/2013 10:37:37 AM


----------



## johnb35

Get back with you when I get home from work in a couple hours.


----------



## johnb35

Ok.  I just realized you ran combofix before running malwarebytes and malwarebytes actually deleted the file and folder so you are good to go.  

I would assume you are not having any issues as this time?


----------



## bbudesa

dang, I wish it were that simple.

Actually, I did go into Firefox/tools/options/content, and found and deleted an exception to the 'block popup windows' rule, but I'm still receiving these silly popup windows.  Fewer than before, but they're still coming in.

Do the PUPs files that Rkill found get killed when I run MalwareBytes, or one of the other programs?

If I do run these various "anti" programs you had me download (thank you by the way), in what sequence should they be run?  Always as administrator?

Any other tips?  I'll run some of these by myself for a while, and see what happens.  All of the popups occur when I'm in Firefox, which is my chosen browser.  Hell, one just popped up while I was typing this!

Thanks John.

PS - when I closed this message, I noticed some of the words were in RED.  What's that all about?


----------



## johnb35

Not sure what you mean by words in red.  What you are seeing with this is..



		Code:
	

127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups


Just means you are running a custom hosts file that will block you from visiting those bad websites, which is a good thing.

You may want to try running an adblocker such as adblock plus.

https://adblockplus.org

sequence of running programs.

1.  adwcleaner
2.  Malwarebytes
3.  Hijackhthis

And then we go from there.


----------



## bbudesa

thanks a million John.

I'll take it from here, and let you know how it goes.

I really appreciate your expertise and time.

Bob


----------



## johnb35

Not a problem.  Just let me know if you continue to have issues after installing the adblocker.


----------



## johnb35

Running this program may help us determine the cause of your popups.  It's a little different type of scan just follow the directions.

It's a direct link so once it loads a download box should appear. 

Download *OTL* to your Desktop

•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

•Click on Minimal Output at the top

•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.  Just post the OTL.txt file.


----------



## bbudesa

Thanks John.  Take a look:

OTL logfile created on: 10/7/2013 9:05:21 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bob\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 79.86% Memory free
15.50 Gb Paging File | 12.72 Gb Available in Paging File | 82.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 315.77 Gb Free Space | 67.81% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 170.84 Gb Free Space | 36.68% Space Free | Partition Type: NTFS

Computer Name: BUDESAPC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Bob\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()


========== Services (SafeList) ==========

SRV:*64bit:* - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:*64bit:* - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:*64bit:* - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:*64bit:* - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:*64bit:* - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:*64bit:* - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:*64bit:* - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:*64bit:* - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:*64bit:* - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:*64bit:* - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:*64bit:* - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:*64bit:* - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:*64bit:* - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:*64bit:* - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:*64bit:* - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:*64bit:* - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:*64bit:* - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:*64bit:* - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:*64bit:* - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:*64bit:* - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:*64bit:* - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:*64bit:* - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:*64bit:* - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:*64bit:* - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:*64bit:* - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:*64bit:* - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:*64bit:* - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:*64bit:* - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:*64bit:* - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASInsHelp) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 24 A3 19 FA 79 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49551;https=127.0.0.1:49551

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.msn.com/?ppud=4"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: twitter%40disconnect.me:2.1.2
FF - prefs.js..extensions.enabledAddons: extension%40FastFreeConverter.com:3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/05 14:44:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/09/18 05:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/18 15:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/16 06:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/05 14:44:14 | 000,000,000 | ---D | M]

[2013/10/01 15:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Extensions
[2013/10/06 20:22:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions
[2012/11/29 10:42:54 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/08/28 21:06:47 | 000,000,000 | ---D | M] (Charter Toolbar) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\{2104C0F5-952D-443c-AFCD-8F892F991F55}
[2010/08/28 21:06:47 | 000,000,000 | ---D | M] (Charter Update) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\{fa8cb1bd-1442-439c-8225-b8b16983d9b7}
[2013/07/01 12:24:00 | 000,035,303 | ---- | M] () (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\phm5365y.default\extensions\twitter@disconnect.me.xpi
[2013/10/06 20:22:57 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\phm5365y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/13 11:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/21 12:01:12 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/09/30 19:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/03 21:12:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/30 19:46:04 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\extension@FastFreeConverter.com
[2013/04/15 22:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\extension@FastFreeConverter.com\content
[2013/04/15 22:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\extension@FastFreeConverter.com\defaults

========== Chrome  ==========

CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\
CHR - Extension: No name found = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/05 08:14:59 | 000,037,341 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adm.soft365.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.aff.co # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.icksor.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.tersecta.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.dungtank.com # hosts anti-adware / pups
O1 - Hosts: 619 more lines...
O2:*64bit:* - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {0134af61-7a0c-4649-aeca-90d776060cb3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2010/08/13 12:46:38 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC2C1E85-256B-4516-8B9E-255E48D3022D}: DhcpNameServer = 192.168.2.1
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype4com - No CLSID value found
O18:*64bit:* - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/06 15:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2013/10/06 13:27:34 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\ATI
[2013/10/06 12:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/10/06 11:27:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/06 11:25:29 | 000,000,000 | ---D | C] -- C:\Combofix
[2013/10/06 10:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/10/06 10:32:26 | 001,898,112 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Bob\Desktop\rkill.com
[2013/10/06 09:25:06 | 001,032,220 | ---- | C] (Thisisu) -- C:\Users\Bob\Desktop\JRT_NEW.exe
[2013/10/05 13:30:08 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\ESET
[2013/10/05 12:14:47 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\SUPERAntiSpyware.com
[2013/10/05 12:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/10/05 12:14:09 | 027,878,304 | ---- | C] (SUPERAntiSpyware) -- C:\Users\Bob\Desktop\SUPERAntiSpyware.exe
[2013/10/05 12:05:55 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bob\Desktop\tdsskiller.exe
[2013/10/05 09:07:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2013/10/05 08:29:16 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/10/05 08:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/10/05 08:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
[2013/10/05 07:36:40 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\HPAppData
[2013/10/04 22:40:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/04 22:40:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/04 22:40:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/04 22:31:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/04 22:31:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/04 22:22:04 | 005,130,782 | R--- | C] (Swearware) -- C:\Users\Bob\Desktop\Combofix.exe
[2013/10/04 20:54:02 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/03 20:51:06 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Diagnostics
[2013/10/03 18:44:41 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Anti-Malware
[2013/10/03 16:50:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/03 15:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/10/03 15:21:19 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Programs
[2013/10/02 06:45:00 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\SightSpeed Recordings
[2013/10/02 06:43:35 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\DiskDefrag
[2013/10/01 15:27:27 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Macromedia
[2013/10/01 09:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\GlarySoft
[2013/10/01 06:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2013/10/01 06:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat
[2013/09/30 19:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard
[2013/09/30 15:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/30 15:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/30 15:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/30 15:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/09/30 15:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/24 19:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2013/03/30 22:01:42 | 002,000,040 | ---- | C] (Driver Restore) -- C:\Program Files (x86)\DriverRestore.exe
[2011/05/17 02:53:09 | 000,411,136 | ---- | C] (Google) -- C:\Program Files (x86)\googleearth.exe
[2011/05/17 02:18:36 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr80.dll
[2011/05/17 02:18:36 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp80.dll
[2011/05/17 02:14:05 | 005,816,320 | ---- | C] (OSGeo) -- C:\Program Files (x86)\gdal17.dll

========== Files - Modified Within 30 Days ==========

[2013/10/07 20:56:32 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 530ac1be-cbc4-48c0-9d79-5e3315f7dd3e.job
[2013/10/07 20:56:30 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/07 20:56:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/07 20:56:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/07 16:45:55 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 16:45:55 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 16:14:58 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/07 16:12:48 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/06 12:35:13 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/06 10:32:22 | 001,898,112 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Bob\Desktop\rkill.com
[2013/10/06 08:53:22 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/10/06 08:53:22 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/10/06 00:25:07 | 001,032,220 | ---- | M] (Thisisu) -- C:\Users\Bob\Desktop\JRT_NEW.exe
[2013/10/05 13:12:30 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5760a512-5f91-47b7-9ef3-9b7d6712adca.job
[2013/10/05 12:14:14 | 027,878,304 | ---- | M] (SUPERAntiSpyware) -- C:\Users\Bob\Desktop\SUPERAntiSpyware.exe
[2013/10/05 12:05:59 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bob\Desktop\tdsskiller.exe
[2013/10/05 09:07:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2013/10/05 08:29:16 | 000,002,965 | ---- | M] () -- C:\Users\Bob\Desktop\HiJackThis.lnk
[2013/10/05 08:14:59 | 000,037,341 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/04 22:32:44 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/10/04 22:30:53 | 005,130,782 | R--- | M] (Swearware) -- C:\Users\Bob\Desktop\Combofix.exe
[2013/10/04 20:06:00 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/04 11:46:17 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/03 16:50:02 | 001,045,226 | ---- | M] () -- C:\Users\Bob\Desktop\adwcleaner.exe
[2013/10/02 22:46:31 | 000,000,258 | RHS- | M] () -- C:\Users\Bob\ntuser.pol
[2013/10/01 21:35:14 | 000,835,790 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/01 21:35:14 | 000,692,828 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/01 21:35:14 | 000,131,834 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/01 06:08:24 | 000,001,031 | ---- | M] () -- C:\Users\Bob\Desktop\WinDirStat.lnk
[2013/09/30 17:17:45 | 000,818,696 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/30 15:51:31 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/18 05:58:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/09/13 03:01:46 | 000,002,637 | ---- | M] () -- C:\Users\Bob\Desktop\Microsoft Office Excel 2007.lnk
[2013/09/12 15:46:00 | 001,931,335 | ---- | M] () -- C:\Users\Bob\Desktop\vrp-20130821-144401.mp4
[2013/09/12 03:30:16 | 000,334,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/10/06 12:35:13 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/06 08:49:18 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013/10/06 08:49:18 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2013/10/05 12:15:01 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 530ac1be-cbc4-48c0-9d79-5e3315f7dd3e.job
[2013/10/05 12:15:00 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5760a512-5f91-47b7-9ef3-9b7d6712adca.job
[2013/10/05 08:29:16 | 000,002,965 | ---- | C] () -- C:\Users\Bob\Desktop\HiJackThis.lnk
[2013/10/04 22:40:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/04 22:40:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/04 22:40:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/04 22:40:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/04 22:40:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/03 16:49:49 | 001,045,226 | ---- | C] () -- C:\Users\Bob\Desktop\adwcleaner.exe
[2013/10/01 06:08:24 | 000,001,031 | ---- | C] () -- C:\Users\Bob\Desktop\WinDirStat.lnk
[2013/09/30 19:46:19 | 000,000,258 | RHS- | C] () -- C:\Users\Bob\ntuser.pol
[2013/09/30 15:51:31 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/12 15:46:00 | 001,931,335 | ---- | C] () -- C:\Users\Bob\Desktop\vrp-20130821-144401.mp4
[2013/04/01 07:32:13 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\Inst2891.dll
[2011/12/31 20:10:07 | 000,004,608 | ---- | C] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/29 11:32:19 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/10/29 11:32:19 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/29 11:24:35 | 000,835,790 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/17 02:41:13 | 000,291,840 | ---- | C] () -- C:\Program Files (x86)\gpsbabel.exe
[2011/05/17 02:40:52 | 000,056,320 | ---- | C] () -- C:\Program Files (x86)\earthflashsol.exe
[2011/05/17 02:17:54 | 000,053,248 | ---- | C] () -- C:\Program Files (x86)\wavdest.ax
[2011/05/17 02:13:54 | 000,352,333 | ---- | C] () -- C:\Program Files (x86)\pcs.csv
[2011/05/17 02:13:54 | 000,233,102 | ---- | C] () -- C:\Program Files (x86)\ecw_cs.dat
[2011/05/17 02:13:54 | 000,145,621 | ---- | C] () -- C:\Program Files (x86)\projop_wparm.csv
[2011/05/17 02:13:54 | 000,107,562 | ---- | C] () -- C:\Program Files (x86)\gdal_datum.csv
[2011/05/17 02:13:54 | 000,031,394 | ---- | C] () -- C:\Program Files (x86)\s57objectclasses.csv
[2011/05/17 02:13:54 | 000,028,075 | ---- | C] () -- C:\Program Files (x86)\gcs.csv
[2011/05/17 02:13:54 | 000,021,893 | ---- | C] () -- C:\Program Files (x86)\s57expectedinput.csv
[2011/05/17 02:13:54 | 000,018,006 | ---- | C] () -- C:\Program Files (x86)\unit_of_measure.csv
[2011/05/17 02:13:54 | 000,011,875 | ---- | C] () -- C:\Program Files (x86)\ellipsoid.csv
[2011/05/17 02:13:54 | 000,010,573 | ---- | C] () -- C:\Program Files (x86)\stateplane.csv
[2011/05/17 02:13:54 | 000,009,236 | ---- | C] () -- C:\Program Files (x86)\seed_2d.dgn
[2011/05/17 02:13:54 | 000,007,452 | ---- | C] () -- C:\Program Files (x86)\s57attributes.csv
[2011/05/17 02:13:54 | 000,002,048 | ---- | C] () -- C:\Program Files (x86)\seed_3d.dgn
[2011/05/17 02:13:54 | 000,001,613 | ---- | C] () -- C:\Program Files (x86)\prime_meridian.csv
[2011/05/17 02:13:54 | 000,000,444 | ---- | C] () -- C:\Program Files (x86)\gdalicon.png
[2011/05/17 02:13:51 | 000,003,812 | ---- | C] () -- C:\Program Files (x86)\WMV9_Highest_Quality_Video_(16mbps).prx
[2011/05/17 02:13:51 | 000,003,794 | ---- | C] () -- C:\Program Files (x86)\WMV9_DVD_Quality_(6mbps).prx
[2011/05/17 02:13:39 | 000,005,219 | ---- | C] () -- C:\Program Files (x86)\ImporterUISettings.ini
[2011/05/17 02:13:39 | 000,001,013 | ---- | C] () -- C:\Program Files (x86)\ImporterGlobalSettings.ini
[2011/05/17 02:13:39 | 000,000,704 | ---- | C] () -- C:\Program Files (x86)\PCOptimizations.ini
[2011/05/17 02:13:31 | 000,075,289 | ---- | C] () -- C:\Program Files (x86)\drivers.ini
[2011/05/17 02:13:31 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\kh56
[2011/05/17 02:13:31 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\googleearth.exe.local
[2010/09/21 12:05:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/17 13:45:21 | 000,000,377 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/05/03 12:36:37 | 000,000,213 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\default.rss
[2010/05/03 12:32:50 | 000,000,000 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\downloads.m3u
[2009/12/30 16:45:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tribal Masks
[2009/12/30 16:45:45 | 000,000,268 | RH-- | C] () -- C:\Users\Bob\AppData\Roaming\Trance Pad
[2009/12/30 16:45:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/12/14 14:34:48 | 000,024,601 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Comma Separated Values (Windows).ADR

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/10/29 14:04:14 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DeLorme
[2013/02/16 10:39:22 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DirectoryListPrintPro
[2013/10/02 06:43:35 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DiskDefrag
[2013/10/04 21:38:29 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Dropbox
[2013/10/01 15:18:08 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Garmin
[2013/10/02 12:51:22 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\GlarySoft
[2010/09/21 11:43:18 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Leadertech
[2013/10/01 15:18:11 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\NCH Swift Sound
[2009/12/30 16:50:40 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Nikon
[2009/12/11 17:42:13 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OpenOffice.org
[2010/02/16 13:56:04 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OverDrive
[2010/06/12 15:05:39 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Uniblue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >


----------



## johnb35

Ok, please do the following.

Open OTL again and copy and paste the following lines inside the custom scans box at the bottom.



		Code:
	

:otl
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_80 0_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O3 - HKLM\..\Toolbar: (no name) - {0134af61-7a0c-4649-aeca-90d776060cb3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:373E1720
:commands
[emptytemp]


Then click on the run fix button at the top.  Post the log that it comes back with after running the fix.


Then I need to see a log that combofix produces but doesn't show you.  Please navigate to C:\Qoobox and in that folder is a file named add-remove programs.txt  Open that file and copy and paste the contents back here.


----------



## bbudesa

Here's the file John.  Thanks


 Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
Adobe Shockwave Player 11.6
Advertising Center
Apple Application Support
Apple Software Update
ArcSoft Panorama Maker 4
Audacity 1.2.6
avast! Internet Security
Bagpipe Music Writer Gold
Bing Bar
BufferChm
C309g-m
CameraHelperMsi
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
D3DX10
DeLorme Topo North America 9.0
Destinations
DeviceDiscovery
DiMAGE Scan Dual4 ver.1.0
DolbyFiles
EPU-4 Engine
EQ5
EQ6
EQ6 Update
EQ7 Upgrade
erLT
Express Burn
Express Rip
File Uploader
Google Chrome
Google Earth
Google Earth Pro
GPBaseService2
HiJackThis
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
ImagXpress
iSEEK AnswerWorks English Runtime
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 29
LAME v3.99.3 (for Windows)
LightScribe System Software
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Menu Templates - Starter Kit
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files 
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Templates - Starter Kit
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero 9 Trial
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
Nero Vision
Nero Vision Help
NeroExpress
neroxml
Nikon Message Center
Nikon Transfer
OpenOffice.org 3.1
OrchidWiz Encyclopedia 9.0
OverDrive Media Console
Picasa 3
Platform
PS_AIO_06_C309g-m_SW_Min
QuickTime
Quilting Designs Volume 6
Realtek 8136 8168 8169 Ethernet Driver
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition 
Service Pack 1 for SQL Server 2008 (KB968369)
Skype Toolbars
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Sql Server Customer Experience Improvement Program
Status
Supertintin 1.2.0.5
Switch Sound File Converter
swMSM
SysTools DBX Converter
Toolbox
TrayApp
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wohiper
TurboTax 2009 woriper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wohiper
TurboTax 2010 woriper
TurboTax 2010 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VIA Platform Device Manager
WavePad Sound Editor
WebReg
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
ZOOM H Series Audio Driver


----------



## johnb35

Uninstall the following programs.

Advertising Center
Java 7 Update 25
Java(TM) 6 Update 29
MarketResearch

Then go here to download the lastest version of Java.

http://www.java.com/en/download/windows_xpi.jsp?locale=en

Then post the log from the custom scan for OTL when you get a chance.


----------



## bbudesa

trouble finding Market Research and Advertising Center.


----------



## johnb35

Ok.  It's possible they have been deleted with one of the programs we have used already.  I have looked over the logs though and can't find where they were deleted.  

Have you ran the otl fix yet?  Would like for you to check to see if you are still getting ads after running the fix.


----------



## bbudesa

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0134af61-7a0c-4649-aeca-90d776060cb3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0134af61-7a0c-4649-aeca-90d776060cb3}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ not found.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ not found.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Unable to delete ADS C:\ProgramData\TEMP:373E1720 .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bob
->Temp folder emptied: 11000 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4017022 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 818 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Terri
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 51104969 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 53.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10082013_125507

Files\Folders moved on Reboot...
C:\Users\Bob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


*John - things seem to be working much better.  No popup ads thus far.

Thanks Amigo!  I sure appreciate your help.*


----------



## johnb35

Good to hear.  Let me know if they come back.


----------



## bbudesa

Much of what was accomplished in our work (your work, John) has been good.

What's happening now may not be pop-ups per se, but they're entire, full screen ads appearing as soon as I click on a button (sports on MSNBC, for instance).

Some screens (ads for detergent, or similar) I can just x-click my way out, others I have to shut the entire website down, and re-enter.  Some screens are a gray opaque-looking screen that I can see through, but cannot move or function around.

I don't know what they're called except frustrating!

I've run adwCleaner, Malwarebytes, HiJackThis to no avail.  they're still there.

any ideas?

sorry to be a pita!


----------



## johnb35

Are you running an adblocker such as adblock plus?

www.adblockplus.org

If not, I highly recommend it.


----------



## bbudesa

Yes, I loaded it about a week ago.

thanks


----------



## johnb35

Ok, do me a favor.

Try loading that page using a different browser and see if it still happens.  If not, then you still have a browser addon causing this.  

Also at this time, rerun the otl scan.

Download *OTL* to your Desktop

•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

•Click on Minimal Output at the top

•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.  Just post the OTL.txt file.


----------



## bbudesa

Haven't run the other browser test yet.  Here's OTL log:

OTL logfile created on: 10/13/2013 7:20:59 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bob\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.51 Gb Available Physical Memory | 83.95% Memory free
15.50 Gb Paging File | 13.49 Gb Available in Paging File | 87.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 311.43 Gb Free Space | 66.88% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 166.68 Gb Free Space | 35.79% Space Free | Partition Type: NTFS

Computer Name: BUDESAPC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Bob\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()


========== Services (SafeList) ==========

SRV:*64bit:* - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:*64bit:* - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:*64bit:* - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:*64bit:* - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:*64bit:* - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:*64bit:* - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:*64bit:* - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:*64bit:* - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:*64bit:* - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:*64bit:* - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:*64bit:* - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:*64bit:* - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:*64bit:* - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:*64bit:* - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:*64bit:* - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:*64bit:* - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:*64bit:* - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:*64bit:* - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:*64bit:* - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:*64bit:* - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:*64bit:* - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:*64bit:* - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:*64bit:* - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:*64bit:* - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:*64bit:* - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:*64bit:* - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:*64bit:* - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:*64bit:* - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:*64bit:* - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:*64bit:* - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:*64bit:* - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:*64bit:* - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:*64bit:* - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASInsHelp) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 24 A3 19 FA 79 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.msn.com/?ppud=4"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: twitter%40disconnect.me:2.1.2
FF - prefs.js..extensions.enabledAddons: extension%40FastFreeConverter.com:3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/05 14:44:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/09/18 05:58:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/18 15:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/11 19:50:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/05 14:44:14 | 000,000,000 | ---D | M]

[2013/10/01 15:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Extensions
[2013/10/09 14:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions
[2012/11/29 10:42:54 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/08/28 21:06:47 | 000,000,000 | ---D | M] (Charter Toolbar) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\{2104C0F5-952D-443c-AFCD-8F892F991F55}
[2010/08/28 21:06:47 | 000,000,000 | ---D | M] (Charter Update) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\{fa8cb1bd-1442-439c-8225-b8b16983d9b7}
[2013/07/01 12:24:00 | 000,035,303 | ---- | M] () (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\phm5365y.default\extensions\twitter@disconnect.me.xpi
[2013/10/09 14:26:42 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\phm5365y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/13 11:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/21 12:01:12 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/09/30 19:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/03 21:12:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/30 19:46:04 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\extension@FastFreeConverter.com
[2013/04/15 22:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\extension@FastFreeConverter.com\content
[2013/04/15 22:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\extension@FastFreeConverter.com\defaults

========== Chrome  ==========

CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com
CHR - Extension: Chrome In-App Payments service = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\

O1 HOSTS File: ([2013/10/05 08:14:59 | 000,037,341 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adm.soft365.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.aff.co # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.icksor.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.tersecta.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.dungtank.com # hosts anti-adware / pups
O1 - Hosts: 619 more lines...
O4:*64bit:* - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC2C1E85-256B-4516-8B9E-255E48D3022D}: DhcpNameServer = 192.168.2.1
O18:*64bit:* - Protocol\Filter\AutorunsDisabled - No CLSID value found
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/13 15:56:27 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\Autoruns
[2013/10/08 13:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/08 13:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/08 13:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/08 07:20:10 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/10/08 06:35:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/06 15:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2013/10/06 13:27:34 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\ATI
[2013/10/06 12:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/10/06 11:27:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/06 11:25:29 | 000,000,000 | ---D | C] -- C:\Combofix
[2013/10/06 10:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/10/06 10:32:26 | 001,898,112 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Bob\Desktop\rkill.com
[2013/10/06 09:25:06 | 001,032,220 | ---- | C] (Thisisu) -- C:\Users\Bob\Desktop\JRT_NEW.exe
[2013/10/05 13:30:08 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\ESET
[2013/10/05 12:14:47 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\SUPERAntiSpyware.com
[2013/10/05 12:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/10/05 12:05:55 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bob\Desktop\tdsskiller.exe
[2013/10/05 09:07:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2013/10/05 08:29:16 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/10/05 08:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/10/05 08:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
[2013/10/05 07:36:40 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\HPAppData
[2013/10/04 22:40:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/10/04 22:40:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/10/04 22:40:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/10/04 22:31:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/04 22:31:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/10/04 22:22:04 | 005,130,782 | R--- | C] (Swearware) -- C:\Users\Bob\Desktop\Combofix.exe
[2013/10/04 20:54:02 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/03 20:51:06 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Diagnostics
[2013/10/03 18:44:41 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Anti-Malware
[2013/10/03 16:50:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/03 15:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/10/03 15:21:19 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Programs
[2013/10/02 06:45:00 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\SightSpeed Recordings
[2013/10/02 06:43:35 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\DiskDefrag
[2013/10/01 15:27:27 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Macromedia
[2013/10/01 06:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2013/10/01 06:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat
[2013/09/30 19:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard
[2013/09/30 15:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/09/30 15:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/09/30 15:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/09/30 15:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/09/30 15:50:59 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/09/24 19:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2013/03/30 22:01:42 | 002,000,040 | ---- | C] (Driver Restore) -- C:\Program Files (x86)\DriverRestore.exe
[2011/05/17 02:53:09 | 000,411,136 | ---- | C] (Google) -- C:\Program Files (x86)\googleearth.exe
[2011/05/17 02:18:36 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr80.dll
[2011/05/17 02:18:36 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp80.dll
[2011/05/17 02:14:05 | 005,816,320 | ---- | C] (OSGeo) -- C:\Program Files (x86)\gdal17.dll

========== Files - Modified Within 30 Days ==========

[2013/10/13 18:54:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/13 15:34:10 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5760a512-5f91-47b7-9ef3-9b7d6712adca.job
[2013/10/13 15:34:09 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 530ac1be-cbc4-48c0-9d79-5e3315f7dd3e.job
[2013/10/13 15:33:54 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/13 15:33:42 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/13 15:33:41 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/13 15:30:34 | 000,550,371 | ---- | M] () -- C:\Users\Bob\Desktop\Autoruns.zip
[2013/10/12 13:44:28 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/12 13:44:28 | 000,013,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/12 13:36:07 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/09 13:03:07 | 001,048,960 | ---- | M] () -- C:\Users\Bob\Desktop\AdwCleaner.exe
[2013/10/09 06:55:29 | 001,401,588 | ---- | M] () -- C:\Users\Bob\Desktop\Label-276901437-420054133.pdf
[2013/10/08 20:21:54 | 000,859,232 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/08 20:21:54 | 000,721,144 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/08 20:21:54 | 000,139,454 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/08 16:49:13 | 000,334,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/08 14:41:42 | 000,000,143 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\default.rss
[2013/10/06 12:35:13 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/06 10:32:22 | 001,898,112 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Bob\Desktop\rkill.com
[2013/10/06 08:53:22 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2013/10/06 08:53:22 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2013/10/06 00:25:07 | 001,032,220 | ---- | M] (Thisisu) -- C:\Users\Bob\Desktop\JRT_NEW.exe
[2013/10/05 12:05:59 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bob\Desktop\tdsskiller.exe
[2013/10/05 09:07:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2013/10/05 08:29:16 | 000,002,965 | ---- | M] () -- C:\Users\Bob\Desktop\HiJackThis.lnk
[2013/10/05 08:14:59 | 000,037,341 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/04 22:32:44 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/10/04 22:30:53 | 005,130,782 | R--- | M] (Swearware) -- C:\Users\Bob\Desktop\Combofix.exe
[2013/10/04 20:06:00 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/04 11:46:17 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/02 22:46:31 | 000,000,258 | RHS- | M] () -- C:\Users\Bob\ntuser.pol
[2013/10/01 21:35:14 | 000,835,790 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/01 06:08:24 | 000,001,031 | ---- | M] () -- C:\Users\Bob\Desktop\WinDirStat.lnk
[2013/09/30 15:51:31 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/09/18 05:58:38 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

========== Files Created - No Company Name ==========

[2013/10/13 15:30:47 | 000,550,371 | ---- | C] () -- C:\Users\Bob\Desktop\Autoruns.zip
[2013/10/09 13:03:18 | 001,048,960 | ---- | C] () -- C:\Users\Bob\Desktop\AdwCleaner.exe
[2013/10/09 06:55:39 | 001,401,588 | ---- | C] () -- C:\Users\Bob\Desktop\Label-276901437-420054133.pdf
[2013/10/06 12:35:13 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/10/06 08:49:18 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2013/10/06 08:49:18 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2013/10/05 12:15:01 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 530ac1be-cbc4-48c0-9d79-5e3315f7dd3e.job
[2013/10/05 12:15:00 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 5760a512-5f91-47b7-9ef3-9b7d6712adca.job
[2013/10/05 08:29:16 | 000,002,965 | ---- | C] () -- C:\Users\Bob\Desktop\HiJackThis.lnk
[2013/10/04 22:40:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/04 22:40:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/04 22:40:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/04 22:40:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/04 22:40:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/10/01 06:08:24 | 000,001,031 | ---- | C] () -- C:\Users\Bob\Desktop\WinDirStat.lnk
[2013/09/30 19:46:19 | 000,000,258 | RHS- | C] () -- C:\Users\Bob\ntuser.pol
[2013/09/30 15:51:31 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/04/01 07:32:13 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\Inst2891.dll
[2011/12/31 20:10:07 | 000,004,608 | ---- | C] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/29 11:32:19 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/10/29 11:32:19 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/29 11:24:35 | 000,835,790 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/17 02:41:13 | 000,291,840 | ---- | C] () -- C:\Program Files (x86)\gpsbabel.exe
[2011/05/17 02:40:52 | 000,056,320 | ---- | C] () -- C:\Program Files (x86)\earthflashsol.exe
[2011/05/17 02:17:54 | 000,053,248 | ---- | C] () -- C:\Program Files (x86)\wavdest.ax
[2011/05/17 02:13:54 | 000,352,333 | ---- | C] () -- C:\Program Files (x86)\pcs.csv
[2011/05/17 02:13:54 | 000,233,102 | ---- | C] () -- C:\Program Files (x86)\ecw_cs.dat
[2011/05/17 02:13:54 | 000,145,621 | ---- | C] () -- C:\Program Files (x86)\projop_wparm.csv
[2011/05/17 02:13:54 | 000,107,562 | ---- | C] () -- C:\Program Files (x86)\gdal_datum.csv
[2011/05/17 02:13:54 | 000,031,394 | ---- | C] () -- C:\Program Files (x86)\s57objectclasses.csv
[2011/05/17 02:13:54 | 000,028,075 | ---- | C] () -- C:\Program Files (x86)\gcs.csv
[2011/05/17 02:13:54 | 000,021,893 | ---- | C] () -- C:\Program Files (x86)\s57expectedinput.csv
[2011/05/17 02:13:54 | 000,018,006 | ---- | C] () -- C:\Program Files (x86)\unit_of_measure.csv
[2011/05/17 02:13:54 | 000,011,875 | ---- | C] () -- C:\Program Files (x86)\ellipsoid.csv
[2011/05/17 02:13:54 | 000,010,573 | ---- | C] () -- C:\Program Files (x86)\stateplane.csv
[2011/05/17 02:13:54 | 000,009,236 | ---- | C] () -- C:\Program Files (x86)\seed_2d.dgn
[2011/05/17 02:13:54 | 000,007,452 | ---- | C] () -- C:\Program Files (x86)\s57attributes.csv
[2011/05/17 02:13:54 | 000,002,048 | ---- | C] () -- C:\Program Files (x86)\seed_3d.dgn
[2011/05/17 02:13:54 | 000,001,613 | ---- | C] () -- C:\Program Files (x86)\prime_meridian.csv
[2011/05/17 02:13:54 | 000,000,444 | ---- | C] () -- C:\Program Files (x86)\gdalicon.png
[2011/05/17 02:13:51 | 000,003,812 | ---- | C] () -- C:\Program Files (x86)\WMV9_Highest_Quality_Video_(16mbps).prx
[2011/05/17 02:13:51 | 000,003,794 | ---- | C] () -- C:\Program Files (x86)\WMV9_DVD_Quality_(6mbps).prx
[2011/05/17 02:13:39 | 000,005,219 | ---- | C] () -- C:\Program Files (x86)\ImporterUISettings.ini
[2011/05/17 02:13:39 | 000,001,013 | ---- | C] () -- C:\Program Files (x86)\ImporterGlobalSettings.ini
[2011/05/17 02:13:39 | 000,000,704 | ---- | C] () -- C:\Program Files (x86)\PCOptimizations.ini
[2011/05/17 02:13:31 | 000,075,289 | ---- | C] () -- C:\Program Files (x86)\drivers.ini
[2011/05/17 02:13:31 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\kh56
[2011/05/17 02:13:31 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\googleearth.exe.local
[2010/09/21 12:05:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/17 13:45:21 | 000,000,377 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/05/03 12:36:37 | 000,000,143 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\default.rss
[2010/05/03 12:32:50 | 000,000,000 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\downloads.m3u
[2009/12/30 16:45:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tribal Masks
[2009/12/30 16:45:45 | 000,000,268 | RH-- | C] () -- C:\Users\Bob\AppData\Roaming\Trance Pad
[2009/12/30 16:45:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/12/14 14:34:48 | 000,024,601 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Comma Separated Values (Windows).ADR

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/10/29 14:04:14 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DeLorme
[2013/02/16 10:39:22 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DirectoryListPrintPro
[2013/10/02 06:43:35 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DiskDefrag
[2013/10/04 21:38:29 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Dropbox
[2013/10/01 15:18:08 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Garmin
[2010/09/21 11:43:18 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Leadertech
[2013/10/01 15:18:11 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\NCH Swift Sound
[2009/12/30 16:50:40 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Nikon
[2009/12/11 17:42:13 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OpenOffice.org
[2010/02/16 13:56:04 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OverDrive
[2010/06/12 15:05:39 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Uniblue

========== Purity Check ==========



< End of report >


----------



## bbudesa

opaque screen did not appear when running in another browser.


----------



## johnb35

Ok. Need to run another OTL fix.

Open OTL and paste the following in the custom scan/fixes box at the bottom.



		Code:
	

:OTL
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_90 0_117.dll File not found
FF - user.js - File not found

:Commands
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]


Then click on the run fix button at the top. Post the log that it comes back with after running the fix.

If you still get this screen after running this fix then I would recommend either 1 of 2 things.

1.  If you insist on using firefox then uninstall it and then reinstall it.
2.  Use a different browser such as pale moon.  Pale moon is a product of Mozilla but its a much better and faster browser.  You can get it here.

http://www.palemoon.org/download-ng.shtml


----------



## bbudesa

I've no loyalty to any one server, so I may switch anyway.

Here's the log from latest OTL run:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bob
->Temp folder emptied: 4845412 bytes
->Temporary Internet Files folder emptied: 174973 bytes
->Java cache emptied: 45899 bytes
->FireFox cache emptied: 6521593 bytes
->Google Chrome cache emptied: 10576455 bytes
->Flash cache emptied: 1204 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Terri
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116454571 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 27878304 bytes

Total Files Cleaned = 159.00 mb


[EMPTYJAVA]

User: All Users

User: Bob
->Java cache emptied: 0 bytes

User: Default

User: Mike

User: Public

User: Terri
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Bob
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Mike

User: Public

User: Terri
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10142013_062821

Files\Folders moved on Reboot...
C:\Users\Bob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

thanks again John.


----------



## johnb35

OK, let me know if you continue to get that screen.


----------



## bbudesa

I suppose I should have done one or the other fix, but not both, in order to see which one worked, but alas, such is not the case.

I ran the changes in OTL, as well as changing servers, and all seems to be running smoothly!

thanks again.

Bob


----------

