Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MBAM crashing my computer [Closed]

Started by mhc91 , Feb 09 2013 05:13 PM

  • This topic is locked This topic is locked

#1
mhc91
Posted 09 February 2013 - 05:13 PM

mhc91

    New Member

  • Member
  • Pip
  • 8 posts
OTL logfile created on: 2/9/2013 11:40:55 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 44.03% Memory free
7.61 Gb Paging File | 5.42 Gb Available in Paging File | 71.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 391.75 Gb Free Space | 86.86% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/09 23:11:52 | 001,808,240 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
PRC - [2013/02/09 20:56:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Downloads\OTL.exe
PRC - [2013/02/06 00:07:55 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/30 22:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/18 15:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 15:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 17:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/12 23:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 23:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/07/02 11:10:28 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/07/02 11:10:24 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/09 23:11:51 | 014,586,736 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2013/02/06 00:07:54 | 003,023,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/11 15:31:11 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013/01/11 15:31:11 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013/01/09 02:00:01 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 01:58:52 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/09 01:58:18 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 01:57:23 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/09 01:57:12 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 01:57:05 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 01:57:03 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 01:56:55 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/08/18 15:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/10/30 22:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2011/03/17 11:14:56 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/09/22 23:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 10:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/02/09 23:11:52 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/06 00:07:54 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 15:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/01/12 23:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/25 10:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 10:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/02 11:10:28 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/07/02 11:10:24 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 18:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/30 22:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 22:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 22:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 22:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2012/10/30 22:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 22:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/10/30 22:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2012/10/30 22:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 16:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/21 09:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/04/01 03:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/03/26 02:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/17 11:14:56 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 01:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/24 19:41:24 | 002,700,288 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/01/20 16:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/12 22:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/30 00:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/15 09:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/19 08:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 00:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/18 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 17:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...E&cr=2073046337
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...E&cr=2073046337
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...E&cr=2073046337
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...E&cr=2073046337
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{7F142040-CC1B-3F54-E747-6686BAFE9209}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...E&cr=2073046337
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000ccaf78622b10
IE - HKCU\..\SearchScopes\{4A45F200-43B2-4A79-8DE2-B9290B297A7B}: "URL" = http://search.condui...&ctid=CT2504091
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/07/05 23:36:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/07/05 23:36:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/07/05 23:36:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/26 11:55:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 00:07:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 00:07:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/01/13 22:52:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2013/02/06 00:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/06 00:07:55 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/05 03:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/05 03:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll File not found
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDD59CA2-6764-49EE-ABEC-E071913431D6}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/09 14:20:00 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes
[2013/02/09 14:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/09 14:19:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/09 14:19:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/02/09 14:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/09 14:19:38 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Programs
[2013/02/06 00:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/23 12:33:30 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\TomTom
[2013/01/23 12:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2013/01/23 12:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2013/01/23 12:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyTomTom 3
[2013/01/19 07:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/01/13 22:49:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Mozilla
[2013/01/13 22:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/11/15 14:49:18 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/09 23:11:54 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/02/09 23:06:02 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/09 20:44:27 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/09 20:44:27 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/09 20:36:18 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/09 20:35:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/02/09 20:35:53 | 3062,910,976 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/09 14:19:51 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/08 17:37:44 | 000,779,724 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/02/08 17:37:44 | 000,665,232 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/02/08 17:37:44 | 000,125,678 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/19 07:43:41 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/01/14 16:38:43 | 000,002,257 | ---- | M] () -- C:\Users\Matt\Desktop\Google Chrome.lnk
[2013/01/13 22:49:01 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/09 14:19:51 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/19 07:43:41 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/01/13 22:49:01 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/13 22:49:01 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/29 10:57:07 | 000,290,500 | ---- | C] () -- C:\Users\Matt\AppData\Local\funmoods-speeddial_sf.crx
[2012/11/29 10:57:06 | 000,031,465 | ---- | C] () -- C:\Users\Matt\AppData\Local\funmoods.crx
[2011/07/06 01:19:51 | 000,867,020 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2011/07/06 01:19:50 | 000,128,204 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2011/07/06 01:19:50 | 000,105,428 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2011/07/06 01:19:06 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/07/06 01:18:45 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/07/06 01:18:45 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/07/06 01:18:45 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/07/06 01:18:45 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011/07/06 01:18:45 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/07/06 01:18:45 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/07/06 01:18:45 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/07/05 23:04:51 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011/07/05 23:01:20 | 000,765,636 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/05 12:19:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Azureus
[2012/11/29 10:52:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Babylon
[2012/11/29 11:05:59 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Bloson
[2012/08/01 11:36:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Fingertapps
[2013/01/07 14:29:27 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\IDT
[2012/08/01 11:31:29 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech
[2013/01/28 01:47:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\SoftGrid Client
[2012/08/19 15:20:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TP
[2012/08/21 16:38:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Unity

========== Purity Check ==========



< End of report >

Edited by mhc91, 09 February 2013 - 05:46 PM.

  • 0

Advertisements

#2
emeraldnzl
Posted 21 February 2013 - 02:01 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello mhc91,

Welcome to Geekstogo.

Tell me how Malwarebytes is crashing your computer. Is it when you run it and if so does it partially run and crash or does it just freeze?

Tell me when you come back.

Meantime do this

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...E&cr=2073046337
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...E&cr=2073046337
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmood...E&cr=2073046337
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...E&cr=2073046337
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmood...E&cr=2073046337
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000ccaf78622b10
IE - HKCU\..\SearchScopes\{4A45F200-43B2-4A79-8DE2-B9290B297A7B}: "URL" = http://search.condui...&ctid=CT2504091

:Files
ipconfig /flushdns /c

:Commands
[resethosts]
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
After that

Download and run Junkware removal Tool by thisisu

When the scan completes a log will be produced please post it back here.

So when you return please post
  • OTL fix .txt
  • Junkware removal log
  • 0

#3
mhc91
Posted 24 February 2013 - 05:22 PM

mhc91

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I run MBAM, MBAM works for about 5 minutes it finds five viruses and then crashes along with my computer.

OTL Fix Log

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4A45F200-43B2-4A79-8DE2-B9290B297A7B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A45F200-43B2-4A79-8DE2-B9290B297A7B}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Matt\Downloads\cmd.bat deleted successfully.
C:\Users\Matt\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matt
->Temp folder emptied: 733905 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2925593 bytes
->Google Chrome cache emptied: 6973380 bytes
->Flash cache emptied: 21387 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27114065 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 1807782863 bytes

Total Files Cleaned = 1,760.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02242013_232300

Files\Folders moved on Reboot...
C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Junkware removal log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Home Premium x64
Ran by Matt on 24/02/2013 at 23:07:05.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\esrv.funmoodsesrvc
Successfully deleted: [Registry Key] hkey_classes_root\esrv.funmoodsesrvc.1
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2504091
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{75a4d144-506d-4be5-81db-ec7da1e7f840}



~~~ Files

Successfully deleted: [File] "C:\Users\Matt\appdata\local\funmoods.crx"
Successfully deleted: [File] "C:\Users\Matt\appdata\local\funmoods-speeddial_sf.crx"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Matt\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Matt\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Matt\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\Matt\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Matt\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ FireFox

Successfully deleted the following from C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\yp8aqkc3.default\prefs.js

user_pref("browser.newtabpage.blocked", "{\"CnQZxY6LCPfkDQrUYtKGZQ==\":1,\"hHFz01NDqWrT+VvMT/9tqg==\":1,\"ccUl4fskqsJMjat13+56Tw==\":1,\"zhBZJACC1HfPzcAeZnKR1w==\":1,\"hsDvTX/
Emptied folder: C:\Users\Matt\AppData\Roaming\mozilla\firefox\profiles\yp8aqkc3.default\minidumps [31 files]



~~~ Chrome

Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\bbjciahceamgodcoidkjpchnokgfpphh
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\bbjciahceamgodcoidkjpchnokgfpphh
Successfully deleted: [Registry Key] hkey_current_user\software\google\chrome\extensions\cjpglkicenollcignonpgiafdgfeehoj
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\cjpglkicenollcignonpgiafdgfeehoj



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/02/2013 at 23:20:52.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by mhc91, 24 February 2013 - 05:28 PM.

  • 0

#4
emeraldnzl
Posted 24 February 2013 - 06:21 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I run MBAM, MBAM works for about 5 minutes it finds five viruses and then crashes along with my computer.


I wonder if Avast is getting in the way. Try disabling it and then run Malwarebytes. If that doesn't work try running it in Safe Mode.

Boot into Safe Mode:

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, tap F8 continually.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
  • 0

#5
mhc91
Posted 25 February 2013 - 09:57 AM

mhc91

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I did both of them things MBAM still crashes my computer
  • 0

#6
emeraldnzl
Posted 25 February 2013 - 12:50 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hmm...let's do this.

Please download ComboFix from one of this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
mhc91
Posted 25 February 2013 - 04:48 PM

mhc91

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Log

ComboFix 13-02-24.01 - Matt 25/02/2013 22:37:36.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3895.2560 [GMT 0:00]
Running from: c:\users\Matt\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
((((((((((((((((((((((((( Files Created from 2013-01-25 to 2013-02-25 )))))))))))))))))))))))))))))))
.
.
2013-02-25 22:43 . 2013-02-25 22:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-25 13:36 . 2013-02-25 13:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-25 13:36 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-25 13:34 . 2013-02-25 13:34 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-24 23:07 . 2013-02-24 23:07 -------- d-----w- c:\windows\ERUNT
2013-02-24 23:06 . 2013-02-24 23:06 -------- d-----w- C:\JRT
2013-02-24 23:02 . 2013-02-24 23:02 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FF7EDED-7CDC-463C-944F-050F3179D6D5}\offreg.dll
2013-02-24 23:01 . 2013-02-24 23:01 -------- d-----w- C:\_OTL
2013-02-22 21:20 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FF7EDED-7CDC-463C-944F-050F3179D6D5}\mpengine.dll
2013-02-18 20:36 . 2013-02-18 20:36 -------- d-----w- c:\program files\iPod
2013-02-18 20:36 . 2013-02-18 20:36 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-18 20:36 . 2013-02-18 20:36 -------- d-----w- c:\program files\iTunes
2013-02-18 20:36 . 2013-02-18 20:36 -------- d-----w- c:\program files (x86)\iTunes
2013-02-16 20:23 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-16 20:23 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-16 20:21 . 2013-01-09 01:05 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-02-16 20:21 . 2013-01-09 01:13 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-02-16 20:21 . 2013-01-08 22:05 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-02-16 20:21 . 2013-01-08 22:04 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2013-02-16 20:21 . 2013-01-09 01:14 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-02-16 20:21 . 2013-01-09 01:48 17812992 ----a-w- c:\windows\system32\mshtml.dll
2013-02-16 20:21 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-15 14:27 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-15 14:27 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-15 14:27 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-15 14:27 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-15 14:27 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-15 14:27 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-15 14:27 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-15 14:27 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-15 14:27 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-15 14:27 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-15 14:27 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-15 14:27 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-09 14:20 . 2013-02-09 14:20 -------- d-----w- c:\users\Matt\AppData\Roaming\Malwarebytes
2013-02-09 14:19 . 2013-02-09 14:19 -------- d-----w- c:\programdata\Malwarebytes
2013-02-09 14:19 . 2013-02-09 14:19 -------- d-----w- c:\users\Matt\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-25 13:34 . 2012-08-01 12:06 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-25 13:34 . 2012-08-01 12:06 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-16 20:27 . 2012-08-07 14:39 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-09 23:11 . 2012-08-02 15:27 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-09 23:11 . 2012-08-02 15:27 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-17 01:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-02-15 14:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 12:50 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 12:50 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:50 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:50 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-08 23:11 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-08 23:11 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-08 23:11 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-08 23:11 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-08 23:11 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-08 23:11 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-08 23:11 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-08 23:11 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-08 23:11 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-08 23:11 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-08 23:11 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-08 23:11 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-08 23:11 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-08 23:11 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-08 23:11 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-08 23:11 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-08 23:11 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-08 23:11 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-08 23:11 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-08 23:11 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-08 23:11 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-08 23:11 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-08 23:11 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-08 23:11 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-08 23:11 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-08 23:11 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-08 23:11 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-08 23:11 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-08 23:11 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-08 23:11 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-08 23:11 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-12-07 10:46 . 2013-01-08 23:11 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-11-30 05:45 . 2013-01-08 23:10 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-08 23:10 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-08 23:10 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-08 23:10 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-08 23:10 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-08 23:10 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-08 23:10 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-08 23:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-08 23:10 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-09-21 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-10-30 133912]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-02 2533400]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 18:01 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 23:11]
.
2013-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-18 23:55]
.
2013-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-18 23:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\yp8aqkc3.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\08\03\01\0b&)R"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-25 22:46:34
ComboFix-quarantined-files.txt 2013-02-25 22:46
.
Pre-Run: 423,049,469,952 bytes free
Post-Run: 422,660,931,584 bytes free
.
- - End Of File - - 74208F223A84F62AEA575C7140E22CC3
  • 0

#8
emeraldnzl
Posted 25 February 2013 - 05:30 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello mhc91,

Try running Malwarebytes now and post the log it produces back here.

Tell me if you still run into difficulties with it. :)
  • 0

#9
mhc91
Posted 27 February 2013 - 08:13 AM

mhc91

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
just ran MBAM, the program ran for 6 minutes found one threat and then it crashed my computer
  • 0

#10
emeraldnzl
Posted 27 February 2013 - 12:44 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hmm...

Let's have a deeper look.

Download aswMBR.exe ( 4.5mb ) to your desktop.

Double click the aswMBR.exe to run it.

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#11
mhc91
Posted 01 March 2013 - 01:39 PM

mhc91

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-01 19:30:38
-----------------------------
19:30:38.301 OS Version: Windows x64 6.1.7601 Service Pack 1
19:30:38.301 Number of processors: 2 586 0x2505
19:30:38.301 ComputerName: MATT-PC UserName: Matt
19:30:40.095 Initialize success
19:30:40.314 AVAST engine defs: 13030100
19:30:52.263 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:30:52.279 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
19:30:52.310 Disk 0 MBR read successfully
19:30:52.310 Disk 0 MBR scan
19:30:52.326 Disk 0 Windows 7 default MBR code
19:30:52.341 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
19:30:52.357 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
19:30:52.373 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
19:30:52.404 Disk 0 scanning C:\windows\system32\drivers
19:31:00.999 Service scanning
19:31:20.127 Modules scanning
19:31:20.143 Disk 0 trace - called modules:
19:31:20.158 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:31:20.674 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ae9060]
19:31:20.674 3 CLASSPNP.SYS[fffff88001bbf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800496e050]
19:31:21.860 AVAST engine scan C:\windows
19:31:24.777 AVAST engine scan C:\windows\system32
19:33:40.576 AVAST engine scan C:\windows\system32\drivers
19:33:51.475 AVAST engine scan C:\Users\Matt
19:39:07.888 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
19:39:07.888 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"
  • 0

#12
emeraldnzl
Posted 01 March 2013 - 01:49 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello mhc91,

Note this tool will install foistware (i.e. it doesn't give you a choice) Chrome browser. This is fine if you use Chrome but if you don't you will have to uninstall it after you have installed SAS. Using custom install and unchecking the Chrome install option does not work... at least on my machine.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation. SuperAntiSpyware will install Google Chrome Browser at installation. It will do this even if you use Custom Install so the best option is to allow it and uninstall Chrome afterwards (unless of course you already have it).
  • If a pop up window appears offering a choice to trial SuperAntiSpyware Professional click the Decline button.
  • Once installed SAS will update its definitions automatically. It will also create a SuperAntiSpyWare icon on your desktop.
  • When the update is complete you will have the option to Scan your computer... press the button to run the scan
  • When the scan is completed a pop window will appear Threats Detected: and recommending quarantining of the items found - click the Continue button.
  • Another window will appear - click the radio button on the right hand side - View scan log
  • A notepad log will appear paste this back here (Edit paste).
  • After you have pasted (you can save a copy if you wish) the log back here click the radio button at the bottom Remove Threats
  • Click the red X top right to exit the program.
  • Don't forget to uninstall Google Chrome and reset your usual browser as default.

  • 0

#13
mhc91
Posted 04 March 2013 - 04:38 PM

mhc91

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/04/2013 at 10:36 PM

Application Version : 5.6.1014

Core Rules Database Version : 10083
Trace Rules Database Version: 7895

Scan type : Quick Scan
Total Scan Time : 00:04:12

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 551
Memory threats detected : 0
Registry items scanned : 60866
Registry threats detected : 0
File items scanned : 10586
File threats detected : 274

Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
C:\USERS\MATT\AppData\Roaming\Microsoft\Windows\Cookies\Low\8OVKRCZ6.txt [ Cookie:[email protected]/ ]
C:\USERS\MATT\AppData\Roaming\Microsoft\Windows\Cookies\Low\IPA7T9U1.txt [ Cookie:[email protected]/ ]
C:\USERS\MATT\AppData\Roaming\Microsoft\Windows\Cookies\Low\OXLWTR19.txt [ Cookie:[email protected]/ ]
.atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
C:\USERS\MATT\AppData\Roaming\Microsoft\Windows\Cookies\Low\PPVCVTWV.txt [ Cookie:[email protected]/pagead/conversion/1021592141/ ]
C:\USERS\MATT\AppData\Roaming\Microsoft\Windows\Cookies\Low\CD2P0E89.txt [ Cookie:[email protected]/ ]
tracking100.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
C:\USERS\MATT\AppData\Roaming\Microsoft\Windows\Cookies\Low\EWE4PAA3.txt [ Cookie:[email protected]/ ]
C:\USERS\MATT\AppData\Roaming\Microsoft\Windows\Cookies\Low\KHWF3NRG.txt [ Cookie:[email protected]/ ]
.apmebf.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
C:\USERS\MATT\AppData\Roaming\Microsoft\Windows\Cookies\Low\18C25R3V.txt [ Cookie:[email protected]/hc/35785419 ]
C:\USERS\MATT\AppData\Roaming\Microsoft\Windows\Cookies\Low\X4IX3W2Y.txt [ Cookie:[email protected]/pagead/conversion/1053387484/ ]
.ru4.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.flagcounter.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.saymedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.saymedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
7.rotator.trafficbee.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
7.rotator.trafficbee.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
7.rotator.trafficbee.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.192com.112.2o7.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
track.hubrus.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
www.grapeshot-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.unrulymedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
www.healthservicediscounts.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
www.healthservicediscounts.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.healthservicediscounts.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.healthservicediscounts.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.healthservicediscounts.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.myroitracking.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.eaeacom.112.2o7.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
ionosadserver-2004234981.eu-west-1.elb.amazonaws.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
ads.audience2media.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.h.atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.eyeviewads.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
stats.matraxis.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
accounts.majorleaguegaming.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
accounts.majorleaguegaming.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
elite.callofduty.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
elite.callofduty.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
elite.callofduty.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
elite.callofduty.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
elite.callofduty.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
api.elite.callofduty.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
elite.callofduty.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
elite.callofduty.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.elite.callofduty.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.elite.callofduty.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.elite.callofduty.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.smartadserver.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
banners.thomsonlocal.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
ads.audience2media.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.gmeurope.112.2o7.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
oasc12.247realmedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.newlook.112.2o7.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.riverisland.122.2o7.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
accounts.majorleaguegaming.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
accounts.majorleaguegaming.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.c1.atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.c1.atdmt.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adtechus.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.saymedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.saymedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.premiumtv.122.2o7.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
www2.addfreestats.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.picadmedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
7.rotator.wigetmedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
testdata.coremetrics.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
ads.audience2media.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.audience2media.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
ads.audience2media.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.weborama.fr [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.weboramadata.solution.weborama.fr [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.weboramadata.solution.weborama.fr [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.virginmedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
insight.torbit.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
ww251.smartadserver.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
www4.smartadserver.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
www4.smartadserver.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YP8AQKC3.DEFAULT\COOKIES.SQLITE ]
  • 0

#14
emeraldnzl
Posted 04 March 2013 - 05:09 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello mhc91,

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#15
emeraldnzl
Posted 15 April 2013 - 09:10 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP