Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection


  • Please log in to reply
17 replies to this topic

#1 plebs

plebs

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:21 AM

Posted 20 August 2013 - 08:04 PM

Hey bleepingcomputer

 

As you can see this is my first post, and I've run into a bit of a problem. I think I have a virus, or multiple viruses, and I honestly don't know what to do. The thing that clued me in were these three symptoms. This morning, I tried opening Mcafee to disable the antivirus, but it wouldn't open and all it did was leave a blank white space where it was supposed to open. I just want to open Mcafee. Additionally, I've had a problem for several months where I am typing, and suddenly, the window loses focus. This happens on multiple programs, and occurs VERY often (it just occurred three times while I was typing this). It's probably a program opening and closing, but I can't find the culprit. Last, my screen occasionally goes black from time to time, as if the screensaver were to come on, but while I am still using it. This doesn't occur that often, but it still annoys and worries me. I've read that this can be a graphics card problem. My computer is only 3 years old though, so it isn't that old.

 

Please help, I'm coming to the point of buying a new computer, but I don't want to shell out the extra cash to do so.

 

Thanks in advance.


Edited by plebs, 20 August 2013 - 08:12 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:21 AM

Posted 21 August 2013 - 12:43 AM

Hello plebs and Welcome -

If we can gather a bit more information, and run a few basic scans to start with.

There are a few programs listed, so only post as many responses at one time as you are comfortable with.

Read the directions, and ask any questions where you are not quite sure .......

 

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

Please download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 Click Go and copy / paste the result (Result.txt).

 

 

Please post a snapshot with Speccy for more system details -
How to Publish a snapshot with Speccy <<-- Directions Here (only post the Link)

 

 

If you have any of the 2 programs listed below, please make sure you Update the programs first -

 

Download Malwarebytes Anti-Malware Free (aka MBAM) to desktop and install it
Always check for updates if not done during the install
Run a Quick Scan only and remove all items found
Copy / Paste the report it generates back here

Reboot after you post the log -

 

Download SUPERAntiSpyware Free (aka SAS) and install it to desktop
Always check for updates if not done during the install
Select Quick Scan only and remove all items found
Copy / Paste the report it generates back here

Reboot after you post the log -

 

 

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs for the next 3 programs.

Disable your antivirus program as linked above ..............

How to Scan your machine with ESET OnlineScan
1. Hold down Control and click HERE to open ESET OnlineScan in a new window.
2. Click the ESET Online Scanner button.

3. NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

- 1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2. Double click on the ESET Online Scanner icon on your desktop.

 4. Check "YES, I accept the Terms of Use."
 5. Click the Start button.
 6. Accept any security warnings from your browser.
 7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following: [

color="#0000FF"]Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
[/color]
 9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (3 hours is not unusual)
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button

 

 

Please download AdwCleaner by Xplode onto your desktop.

*Close all open programs and internet browsers.
*Double click on adwcleaner.exe to run the tool.
*Click on Delete.
*Confirm each time with Ok.
* NOTE :Your computer will be rebooted automatically. A text file will open after the restart.

*Please post the contents of that logfile with your next reply.
*You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Please download Junkware Removal Tool by thisisu to your desktop
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Be sure to enable your Antivirus when these are completed -

 

Thank You -



#3 plebs

plebs
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:21 AM

Posted 21 August 2013 - 11:54 AM

Thannks for the quick response, I couldn't do the last three due to Mcafee failing to even start, thus making it impossible to turn off my antivirus. As for MBAM, that one didn't work, and when I tried to start it it gave me:

Run Time Error 53:

File not found: advpack

 

For the security check:

Results of screen317's Security Check version 0.99.72  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Smart PC Cleaner v3.0  
 JavaFX 2.1.1    
 Java™ 6 Update 32  
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

 

For MiniToolBox:

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Francisco (administrator) on 21-08-2013 at 09:18:23
Running from "C:\Users\Francisco\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

DW1520 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Intel® 82577LC Gigabit Network Connection = Local Area Connection (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Francisco-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 70-F1-A1-B7-EC-B8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® 82577LC Gigabit Network Connection
   Physical Address. . . . . . . . . : 84-2B-2B-7F-F2-E7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : DW1520 Wireless-N WLAN Half-Mini Card
   Physical Address. . . . . . . . . : 5C-AC-4C-AA-DE-03
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::310e:c:bf56:ead2%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, August 20, 2013 6:47:40 PM
   Lease Expires . . . . . . . . . . : Saturday, September 27, 2149 3:46:48 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 190622796
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-04-51-8E-84-2B-2B-7F-F2-E7
   DNS Servers . . . . . . . . . . . : 192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{EB2AD236-D46E-40AF-9841-48E2EA7CA360}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Belkin:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Belkin
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BB1989AC-7D73-4CFA-8701-3AC49592A63E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2ca5:1f0c:bb92:b531(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2ca5:1f0c:bb92:b531%17(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  router.belkin
Address:  192.168.2.1

Name:    google.com
Addresses:  2607:f8b0:4000:803::1009
      74.125.227.206
      74.125.227.192
      74.125.227.193
      74.125.227.194
      74.125.227.195
      74.125.227.196
      74.125.227.197
      74.125.227.198
      74.125.227.199
      74.125.227.200
      74.125.227.201


Pinging google.com [74.125.227.206] with 32 bytes of data:
Reply from 74.125.227.206: bytes=32 time=253ms TTL=52
Reply from 74.125.227.206: bytes=32 time=78ms TTL=52

Ping statistics for 74.125.227.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 78ms, Maximum = 253ms, Average = 165ms
Server:  router.belkin
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=78ms TTL=51
Reply from 206.190.36.45: bytes=32 time=62ms TTL=51

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 62ms, Maximum = 78ms, Average = 70ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...70 f1 a1 b7 ec b8 ......Bluetooth Device (Personal Area Network)
 11...84 2b 2b 7f f2 e7 ......Intel® 82577LC Gigabit Network Connection
 10...5c ac 4c aa de 03 ......DW1520 Wireless-N WLAN Half-Mini Card
  1...........................Software Loopback Interface 1
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.5     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link       192.168.2.5    281
      192.168.2.5  255.255.255.255         On-link       192.168.2.5    281
    192.168.2.255  255.255.255.255         On-link       192.168.2.5    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.2.5    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.2.5    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 17     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 17     58 2001::/32                On-link
 17    306 2001:0:4137:9e76:2ca5:1f0c:bb92:b531/128
                                    On-link
 10    281 fe80::/64                On-link
 17    306 fe80::/64                On-link
 17    306 fe80::2ca5:1f0c:bb92:b531/128
                                    On-link
 10    281 fe80::310e:c:bf56:ead2/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    306 ff00::/8                 On-link
 10    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
 If Metric Network Destination      Gateway
  0 4294967295 2620:9b::/96             On-link
  0   9000 ::/0                     2620:9b::1900:1
===========================================================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/21/2013 09:02:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 11.6.602.180, time stamp: 0x5152b03d
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db9710
Exception code: 0xc0000005
Fault offset: 0x0002e243
Faulting process id: 0x18fc
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report Id: FlashPlayerUpdateService.exe3

Error: (08/21/2013 08:56:34 AM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 11.6.602.180, time stamp: 0x5152b03d
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db9710
Exception code: 0xc0000005
Fault offset: 0x0002e243
Faulting process id: 0x14e4
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report Id: FlashPlayerUpdateService.exe3

Error: (08/21/2013 04:41:02 AM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 11.6.602.180, time stamp: 0x5152b03d
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db9710
Exception code: 0xc0000005
Fault offset: 0x0002e243
Faulting process id: 0x18d4
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report Id: FlashPlayerUpdateService.exe3

Error: (08/20/2013 10:02:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 11.6.602.180, time stamp: 0x5152b03d
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db9710
Exception code: 0xc0000005
Fault offset: 0x0002e243
Faulting process id: 0xe5c
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report Id: FlashPlayerUpdateService.exe3

Error: (08/20/2013 09:39:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 11.6.602.180, time stamp: 0x5152b03d
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db9710
Exception code: 0xc0000005
Fault offset: 0x0002e243
Faulting process id: 0x5a8
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report Id: FlashPlayerUpdateService.exe3

Error: (08/20/2013 07:02:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 11.6.602.180, time stamp: 0x5152b03d
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db9710
Exception code: 0xc0000005
Fault offset: 0x0002e243
Faulting process id: 0x15e4
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report Id: FlashPlayerUpdateService.exe3

Error: (08/20/2013 06:56:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: mcagent.exe, version: 11.6.505.0, time stamp: 0x5140fea2
Faulting module name: mcagent.exe, version: 11.6.505.0, time stamp: 0x5140fea2
Exception code: 0xc0000005
Fault offset: 0x000000000002c8cc
Faulting process id: 0x15f4
Faulting application start time: 0xmcagent.exe0
Faulting application path: mcagent.exe1
Faulting module path: mcagent.exe2
Report Id: mcagent.exe3

Error: (08/20/2013 06:20:15 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3b707fc5-262e-4019-a85a-a266cca8467f}

Error: (08/20/2013 06:02:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 11.6.602.180, time stamp: 0x5152b03d
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db9710
Exception code: 0xc0000005
Fault offset: 0x0002e243
Faulting process id: 0x1a34
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report Id: FlashPlayerUpdateService.exe3

Error: (08/20/2013 05:02:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 11.6.602.180, time stamp: 0x5152b03d
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db9710
Exception code: 0xc0000005
Fault offset: 0x0002e243
Faulting process id: 0x1908
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report Id: FlashPlayerUpdateService.exe3


System errors:
=============
Error: (08/21/2013 08:56:19 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (08/21/2013 04:40:53 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (08/20/2013 09:39:40 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (08/20/2013 06:48:03 PM) (Source: Service Control Manager) (User: )
Description: The Trusted Installer service failed to start due to the following error:
%%2

Error: (08/20/2013 05:35:40 PM) (Source: DCOM) (User: )
Description: {209500FC-6B45-4693-8871-6296C4843751}

Error: (08/20/2013 04:58:57 PM) (Source: DCOM) (User: )
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (08/20/2013 10:50:52 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (08/20/2013 00:51:24 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (08/19/2013 03:44:58 PM) (Source: DCOM) (User: )
Description: {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766}

Error: (08/19/2013 03:39:15 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.


Microsoft Office Sessions:
=========================
Error: (06/02/2011 07:03:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1750 seconds with 1620 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-03-16 13:06:42.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-16 13:06:42.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-16 13:06:42.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-16 13:06:41.949
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-08 17:34:42.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-08 17:34:42.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-08 17:34:41.994
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-08 17:34:41.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-08 17:34:41.983
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\SET2605.tmp because the set of per-page image hashes could not be found on the system.

  Date: 2013-03-08 17:34:41.976
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\SET2605.tmp because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

 Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Advertising Center (Version: 0.0.0.2)
AlienRespawn - Support Software
AlienRespawn (Version: 9.4.48)
Anti-phishing Domain Advisor (Version: 1.0.0.0)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Control Center (Version: 2.010.0210.2205)
AVS Update Manager 1.0
Banctec Service Agreement (Version: 2.0.0)
Bandisoft MPEG-1 Decoder
Bing Bar (Version: 7.0.609.0)
blekko search bar (Version: 1.5.18.12)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Full New (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Light (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2206.39615)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0210.2206.39615)
Catalyst Control Center InstallProxy (Version: 2010.0210.2206.39615)
Catalyst Control Center Localization All (Version: 2010.0210.2206.39615)
CCC Help Chinese Standard (Version: 2010.0210.2205.39615)
CCC Help Chinese Traditional (Version: 2010.0210.2205.39615)
CCC Help Danish (Version: 2010.0210.2205.39615)
CCC Help Dutch (Version: 2010.0210.2205.39615)
CCC Help English (Version: 2010.0210.2205.39615)
CCC Help Finnish (Version: 2010.0210.2205.39615)
CCC Help French (Version: 2010.0210.2205.39615)
CCC Help German (Version: 2010.0210.2205.39615)
CCC Help Italian (Version: 2010.0210.2205.39615)
CCC Help Japanese (Version: 2010.0210.2205.39615)
CCC Help Korean (Version: 2010.0210.2205.39615)
CCC Help Norwegian (Version: 2010.0210.2205.39615)
CCC Help Portuguese (Version: 2010.0210.2205.39615)
CCC Help Russian (Version: 2010.0210.2205.39615)
CCC Help Spanish (Version: 2010.0210.2205.39615)
CCC Help Swedish (Version: 2010.0210.2205.39615)
ccc-core-static (Version: 2010.0210.2206.39615)
ccc-utility64 (Version: 2010.0210.2206.39615)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Command Center (Version: 2.5.54.0)
CyberLink YouCam (Version: 2.0.3131)
D3DX10 (Version: 15.4.2368.0902)
Disney Toontown Online (Version: )
DW WLAN Card Utility (Version: 5.60.48.18)
Dxtory version 2.0.111 (Version: 2.0.111)
erLT (Version: 1.20.0137)
Ezvid (Version: 0.8.5.4)
Fantapper Player (Version: 2.0.3)
Fantapper Updater (Version: 2.0.2)
Fraps
Google Talk Plugin (Version: 3.1.4.8140)
Google Talk Plugin (Version: 4.4.2.14502)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4209.2358)
Google Update Helper (Version: 1.3.21.153)
Guild Wars 2
ImagXpress (Version: 7.0.74.0)
Intel® Network Connections 14.8.43.0 (Version: 14.8.43.0)
Intel® Matrix Storage Manager
Itibiti RTC (Version: 0.0.1)
Japanese Fonts Support For Adobe Reader 9 (Version: 9.0.0)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 32 (Version: 6.0.320)
Java™ 7 Update 5 (64-bit) (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
JetMP3 (Version: 1.0517.1205)
Junk Mail filter update (Version: 15.4.3502.0922)
Knctr
Lagarith lossless video codec (Remove Only)
Logitech SetPoint 5.20 (Version: 5.20)
LookInMyPC
McAfee Security Scan Plus (Version: 2.1.121.2)
McAfee SecurityCenter (Version: 11.6.511)
Memeo Instant Backup (Version: 4.60.0.7916)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.0 (Version: 8.0.225.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft UI Engine (Version: 4.0.0318.1)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
Mplayer 0.6.9 (Version: 0.6.9)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NCH EN Toolbar (Version: 6.8.5.1)
Nero 9 Essentials
Nero BurnRights (Version: 3.4.13.100)
Nero BurnRights Help (Version: 3.4.4.100)
Nero ControlCenter (Version: 9.0.0.1)
Nero CoverDesigner (Version: 4.4.12.100)
Nero CoverDesigner Help (Version: 4.4.9.100)
Nero Disc Copy Gadget (Version: 2.4.34.0)
Nero Disc Copy Gadget Help (Version: 2.4.34.0)
Nero DiscSpeed (Version: 5.4.13.100)
Nero DiscSpeed Help (Version: 5.4.4.100)
Nero DriveSpeed (Version: 4.4.12.100)
Nero DriveSpeed Help (Version: 4.4.4.100)
Nero Express Help (Version: 9.4.26.100)
Nero InfoTool (Version: 6.4.12.100)
Nero InfoTool Help (Version: 6.4.4.100)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero Rescue Agent (Version: 2.4.14.100)
Nero RescueAgent Help (Version: 2.4.4.100)
Nero StartSmart (Version: 9.4.19.100)
Nero StartSmart Help (Version: 9.4.19.100)
NeroExpress (Version: 9.4.26.100)
neroxml (Version: 1.0.0)
Origin (Version: 8.1.2.444)
OSD Setup (Version: 1.1.0)
Pando Media Booster (Version: 2.3.5.4)
PC Optimizer Pro (Version: 6.2.6.6)
Portal
PricePeep for Google Chrome (Version: 2.1.180.0)
Qwiklinx (Version: 1.2.0.1073)
Revo Uninstaller Pro 3.0.7 (Version: 3.0.7)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.57.01 (Version: 3.57.01)
SavingsApp (Version: 1.18.149.149)
Seagate Dashboard (Version: 1.1.0.1548)
Shared C Run-time for x64 (Version: 10.0.0)
Skins (Version: 2010.0210.2206.39615)
Skype Click to Call (Version: 5.11.9874)
Skype™ 6.5 (Version: 6.5.158)
Smart PC Cleaner v3.0 (Version: 3.0)
SnagIt 5 (Version: 5.0)
SPORE™ (Version: 1.05.0001)
Stardock MyColors (Version: 2.7.500)
Steam (Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 14.0.12.0)
Team Fortress 2
TeamSpeak 3 Client (Version: 3.0.10)
Terraria
The Battle for Middle-earth ™ II
The Weather Channel Desktop 6
UBCD4Win 3.60
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guides (Version: 1.20.0000)
VideoPad Video Editor
Wajam (Version: 1.42)
WavePad Sound Editor
WeatherBug (Version: 7.0.0.7)
WhiteSmoke Updater Service (Version: 14,1,1,3)
WhiteSmoke US Toolbar (Version: 6.8.10.0)
WhiteSmokeTranslator (Version: 1.00.6033.12731)
WIDCOMM Bluetooth Software (Version: 6.2.0.9603)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
WinZip 15.0 (Version: 15.0.9334)

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 4020.49 MB
Available physical RAM: 2700.16 MB
Total Pagefile: 8039.17 MB
Available Pagefile: 5869.62 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.56 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:146.93 GB) NTFS
2 Drive d: (LOTRBFME2-1) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\FRANCISCO-PC

Administrator            ASPNET                   Francisco                
Guest                    Mama                     Papa                     
Santi Buitron            

========================= Minidump Files ==================================


**** End of log ****

 

For SAS:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/21/2013 at 09:41 AM

Application Version : 5.6.1032

Core Rules Database Version : 10705
Trace Rules Database Version: 8517

Scan type       : Quick Scan
Total Scan Time : 00:10:40

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 851
Memory threats detected   : 0
Registry items scanned    : 61004
Registry threats detected : 7
File items scanned        : 13735
File threats detected     : 330

Adware.ArcadeWeb
    (x86) HKCR\CLSID\{9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2}
    (x86) HKCR\CLSID\{9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2}\InprocServer32
    (x86) HKCR\CLSID\{9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2}\InprocServer32#ThreadingModel
    (x86) HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2}
    (x86) HKCR\CLSID\{9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2}
    (x86) HKU\S-1-5-21-3660232985-48832184-3761622382-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9F531FB1-7C1F-4E1A-8C0C-E8D6177130E2}

Browser Hijacker.Internet Explorer Settings Hijack
    (x86) HKU\S-1-5-21-3660232985-48832184-3761622382-1001_Classes\Software\Microsoft\Internet Explorer\SearchScopes#URL [ http://findgala.com/?&uid=2236&q={searchTerms} ]

Adware.Tracking Cookie
    .serving-sys.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .lfstmedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .wjadserver.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .wjadserver.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .specificmedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .mlbam.112.2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .associatedcontent.112.2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .cbsdigitalmedia.112.2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    in.getclicky.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .kontera.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    www.hovclick.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .dmtracker.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .s.clickability.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .s.clickability.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .adinterax.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .adinterax.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\francisco@atdmt[2].txt [ /atdmt ]
    .highbeam.122.2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .adxpose.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .server.cpmstar.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .overture.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .sportingnews.122.2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .yieldmanager.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .game-advertising-online.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .andomedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .saymedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .adfarm1.adition.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    webtracker.educationconnection.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .mediafire.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    www.mediafire.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .specificclick.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .overture.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .adlegend.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .mtvn.112.2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .ad.yieldmanager.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@atdmt[1].txt [ Cookie:papa@atdmt.com/ ]
    C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@doubleclick[1].txt [ Cookie:papa@doubleclick.net/ ]
    okcl-tracking.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    mediaservices-d.openxenterprise.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .technoratimedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .technoratimedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .technoratimedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .histats.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .histats.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    statse.webtrendslive.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\PAPA\AppData\Roaming\Microsoft\Windows\Cookies\Low\papa@apmebf[1].txt [ Cookie:papa@apmebf.com/ ]
    C:\USERS\SANTI BUITRON\AppData\Roaming\Microsoft\Windows\Cookies\9GV8H20K.txt [ Cookie:santi buitron@atdmt.com/ ]
    C:\USERS\SANTI BUITRON\AppData\Roaming\Microsoft\Windows\Cookies\Low\JIT1EEWH.txt [ Cookie:santi buitron@2o7.net/ ]
    .estat.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .xiti.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    C:\USERS\SANTI BUITRON\Cookies\9GV8H20K.txt [ Cookie:santi buitron@atdmt.com/ ]
    .ndr-track.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .track.exclusivecpa.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\S03YQNO2.txt [ /www.googleadservices.com ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\MMZ4MUH6.txt [ /www.googleadservices.com ]
    .premiumtv.122.2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\CB1H3SM5.txt [ /tacoda.at.atwola.com ]
    .doubleclick.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\3J0PSJVN.txt [ /invitemedia.com ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\WTUSL9HH.txt [ /ads.pointroll.com ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\9D5GPFFB.txt [ /247realmedia.com ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\T8S5P0FY.txt [ /revsci.net ]
    .insurancediscounts.us.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\3M1VCJFJ.txt [ /imrworldwide.com ]
    .insurancediscounts.us.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\PAFS5RCS.txt [ /ads.undertone.com ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\XQRRC7P2.txt [ /collective-media.net ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\00K62HN7.txt [ /mediafire.com ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\9BUML9GP.txt [ /realmedia.com ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\QTX9M83V.txt [ /ar.atwola.com ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\L4W2SB4E.txt [ /media6degrees.com ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\ESYM3NSF.txt [ /adbrite.com ]
    .eaeacom.112.2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\XWPN29M0.txt [ /ad.yieldmanager.com ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\4WZAJ1BA.txt [ /tribalfusion.com ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\N66D0PUA.txt [ /linksynergy.com ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\NDREZJXQ.txt [ /zedo.com ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\UCRW9Q4R.txt [ /ads.avusa.co.za ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\QI0EDSK6.txt [ /highbeam.122.2o7.net ]
    .oracle.112.2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\P7S5S6BH.txt [ /ads.us.e-planning.net ]
    .stats.paypal.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\GGAFYLIW.txt [ /insightexpressai.com ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\R809FXCL.txt [ /adxpose.com ]
    stat.onestat.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Francisco\AppData\Roaming\Microsoft\Windows\Cookies\Low\EPKNFJVL.txt [ /googleads.g.doubleclick.net ]
    stat.onestat.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    media-mgmt.armorgames.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .deepadnetwork.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .cf.deepadnetwork.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .cf.deepadnetwork.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .adtechus.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tribalfusion.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    t.afftrackr.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    t.afftrackr.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .clickgetclick.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .clickgetclick.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .clickgetclick.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    insight.torbit.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .microsoftsto.112.2o7.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .mmotraffic.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .mmotraffic.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .mmotraffic.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .themis-media.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .mediafire.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .mediafire.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .mediafire.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .getclicky.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    d.tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    i.tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .tracksrv.com [ C:\USERS\FRANCISCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KD8S6BES.DEFAULT\COOKIES.SQLITE ]
    .winzip.122.2o7.net [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adlegend.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    citi.bridgetrack.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    citi.bridgetrack.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    citi.bridgetrack.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    citi.bridgetrack.com [ C:\USERS\FRANCISCO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 

Hope this information helps.

Edit: welp, my spoilers didn't work. Sorry for the long document


Edited by plebs, 21 August 2013 - 11:55 AM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:21 AM

Posted 21 August 2013 - 04:06 PM

Hi -

The main infection is listed below, and it is blocking other programs from running -

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

 

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.

 

 

Still try to run ESET Online Scanner / AdwCleaner / and Junkware Removal Tool, since you have no Antivirus to turn off.

Try Malwarebytes Anti-Malware in Safe Mode after you try the above scanners -

 

NEXT - Please read How to uninstall or reinstall supported McAfee products using the Consumer Products Removal tool (MCPR) as your McAfee Antivirus is no longer active and causing many problems.

 

NEXT - When completed please Install M.S.E. Microsoft Security Essentials as a temporary solution. You can reinstall your McAfee later if it is a paid version. If it is not a paid version then use any other Free Antivirus program.

 

 

NOTE: WhiteSmoke - This is your main infection and it has killed McAfee already, so that program is useless
First tasks
• Go to Start > Control Panel > Add or Remove programs (Just named "Programs and Features" or "Programs" in Vista or 7).
• Remove the following (if present):
- WhiteSmoke Translator
- WhiteSmokeToolbar
- *WhiteSmoke* (anything else named "WhiteSmoke")

NOTE - You may encounter errors while uninstalling any one of these products.

If you do, I will post instructions for Revo Uninstaller - Please take care with this program.

 

Thanks -


Edited by noknojon, 21 August 2013 - 04:11 PM.


#5 plebs

plebs
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:21 AM

Posted 21 August 2013 - 07:49 PM

Ok, I had to resort to revo uninstaller pro to get rid of mcafee, it just would not go away, it also wouldn't even open making default installation impossible. However, I did manage to get rid of it.

Got rid of all the WhiteSmoke bleep, have no idea from where I got it (apparently I've had it for a little more than a year).

 

Rkill report:

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/21/2013 05:02:23 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (PID: 2000) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\Francisco\Desktop\rkill\rkill-08-21-2013-05-02-33.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 

Should I still post the TDSSkiller report? It found zero threats, probably because I had already deleted all the dangerous items.

 

 Thanks for all your help mate.



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:21 AM

Posted 21 August 2013 - 09:22 PM

Should I still post the TDSSkiller report? < < Not required (I believe you :thumbup2: )
Find the old versions of Java (Programs and Features) and remove them -

Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 32 (Version: 6.0.320)
Java™ 7 Update 5 (64-bit) (Version: 7.0.50)

 

Version7 Update25 is current. You can verify your version of Java installed, here > > http://www.java.com/en/download/installed.jsp?detect=jre
 

 

Also see if this is still listed > Smart PC Cleaner v3.0 . It needs removal.
This could be one of the places that holds / downloads WhiteSmoke
This Page gives a good description of the program, but do not use their linked "Uninstaller" program.

Smart PC Cleaner presents itself as a system optimizer and malware remover. Both of those claims are fake since Smart PC Cleaner is a fraud. It is not able to fix a computer and it is not able to deal with malware. Smart PC Cleaner only imitates system scanner in order to push people into giving their money away. Smart PC Cleaner is distributed with help of trojans and deceptive websites.

1. On the Start menu (for Windows 8, right-click the screen's bottom-left corner), click Control Panel, and then, under Programs, do the following: Windows Vista/7/8: Click Uninstall a Program.
2. When you find the program Smart PC Cleaner v3.0, click it, and then do the following:
Windows Vista/7/8: Click Uninstall.
3. Follow the prompts. A progress bar shows you how long it will take to remove Smart PC Cleaner.

 

Have you tried MBAM or any of the other programs yet ?

 

Have you installed another Antivirus yet ?

 

ESETScanner will take quite some time due to the fact that you were infected -

 

Thanks -

Sorry that I am posting this in bits, but I wanted the main problems out first.



#7 plebs

plebs
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:21 AM

Posted 22 August 2013 - 12:46 AM

Deleted and uninstalled everything that you said to delete. MBAM still does not work, but I did try the other ones. I also installed Microsoft security essentials, will re-download Mcafee sometime in the future.

 

JRT results:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.3 (08.21.2013:1)
OS: Windows 7 Home Premium x64
Ran by Francisco on Wed 08/21/2013 at 22:27:44.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2801948
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3198785
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011461139}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011461139}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461139}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011461139}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{134DA043-566E-4572-82E6-8978D0ED03D8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Francisco\appdata\local\blekkotb_031"
Successfully deleted: [Folder] "C:\Program Files (x86)\blekkotb_031"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Francisco\AppData\Roaming\mozilla\firefox\profiles\kd8s6bes.default\extensions\crossriderapp4639@crossrider.com
Successfully deleted the following from C:\Users\Francisco\AppData\Roaming\mozilla\firefox\profiles\kd8s6bes.default\prefs.js

user_pref("extensions.crossrider.bic", "140a47d556d0e7647dd7b6336bef49bf");
user_pref("extensions.crossriderapp4639.4639.InstallationThankYouPage", false);
user_pref("extensions.crossriderapp4639.4639.InstallationTime", 1377149212);
user_pref("extensions.crossriderapp4639.4639.active", true);
user_pref("extensions.crossriderapp4639.4639.addressbar", "");
user_pref("extensions.crossriderapp4639.4639.addressbarenhanced", "");
user_pref("extensions.crossriderapp4639.4639.asyncdb_dbWasSet", true);
user_pref("extensions.crossriderapp4639.4639.asyncinternaldb_dbWasSet", true);
user_pref("extensions.crossriderapp4639.4639.backgroundjs", "\n\n//\n");
user_pref("extensions.crossriderapp4639.4639.backgroundver", 43);
user_pref("extensions.crossriderapp4639.4639.can_run_bg_code", true);
user_pref("extensions.crossriderapp4639.4639.certdomaininstaller", "");
user_pref("extensions.crossriderapp4639.4639.changeprevious", false);
user_pref("extensions.crossriderapp4639.4639.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.cookie.InstallationTime.value", "1377149212");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_aoi.value", "1377149212");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_arbitrary_code.expiration", "Wed Aug 21 2013 22:31:58 GMT-0700 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_arbitrary_code.value", "%22%28function%28%29%7BappAPI.db.get%28%5C%22_GPL_ib_disclosure%5C%22%29%26%26%28appAPI.db.set
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_blocklist.expiration", "Wed Aug 21 2013 22:31:58 GMT-0700 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_country_code.expiration", "Wed Aug 28 2013 22:26:57 GMT-0700 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_country_code.value", "%22US%22");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_crr.value", "1377149218");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_currenttime.value", "%221372100343%22");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_hotfix20111102645.value", "%221%22");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%220%22%2C%22sub_id%22%3A%220%22%2C%22uzid%22%3A%220%22%7D");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_installtime.value", "%221372100343%22");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_parent_zoneid.value", "%2214019%22");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_product_id.value", "%221181%22");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.cookie._GPL_zoneid.value", "%22342958%22");
user_pref("extensions.crossriderapp4639.4639.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.cookie.dbtest.value", "1377149217487");
user_pref("extensions.crossriderapp4639.4639.description", "SavingsApp");
user_pref("extensions.crossriderapp4639.4639.domain", "");
user_pref("extensions.crossriderapp4639.4639.enablesearch", false);
user_pref("extensions.crossriderapp4639.4639.homepage", "");
user_pref("extensions.crossriderapp4639.4639.iframe", false);
user_pref("extensions.crossriderapp4639.4639.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%3Anull%7D");
user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_appVer.value", "98");
user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_lastVersion.value", "0");
user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_nextCheck.expiration", "Thu Aug 22 2013 04:26:55 GMT-0700 (Pacific Standard Time)");
user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.crossriderapp4639.4639.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0800 (Pacific Daylight Time)");
user_pref("extensions.crossriderapp4639.4639.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3Anull%2C%22installer_verifier%22%3Anull%7D%2
user_pref("extensions.crossriderapp4639.4639.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1181,baseCDN:\"
user_pref("extensions.crossriderapp4639.4639.manifesturl", "");
user_pref("extensions.crossriderapp4639.4639.name", "SavingsApp");
user_pref("extensions.crossriderapp4639.4639.newtab", "");
user_pref("extensions.crossriderapp4639.4639.opensearch", "");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appA
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1.name", "base");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1.ver", 6);
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function( B){if(void 0===this||null===this)throw n
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000014.ver", 16);
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function( B)
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000015.name", "GPL Background (BG)");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_1000015.ver", 39);
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelectio
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_13.ver", 3);
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_14.ver", 8);
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_16.name", "FFAppAPIWrapper");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_16.ver", 9);
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_17.name", "jQuery");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_17.ver", 4);
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.deb
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_21.name", "debug");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_21.ver", 4);
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function( B){this.queue.push( B);}};appAPI.ready=funct
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_22.name", "resources");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_22.ver", 4);
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_28.name", "initializer");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_28.ver", 3);
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefi
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_4.name", "jquery_1_7_1");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_4.ver", 4);
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_47.name", "resources_background");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_47.ver", 3);
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_64.code", "(function(){var j=\"__CR_EMPTY_CHANNEL__\";var d=function(e){return(typeof e===\"object\"&&e!==null);};v
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_64.name", "appApiMessage");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_64.ver", 2);
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var d={WRONG_STRICT_VALUE:\"Parameter %PARA
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_72.name", "appApiValidation");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_72.ver", 3);
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_78.ver", 3);
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===tru
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_98.name", "omniCommands");
user_pref("extensions.crossriderapp4639.4639.plugins.plugin_98.ver", 2);
user_pref("extensions.crossriderapp4639.4639.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
user_pref("extensions.crossriderapp4639.4639.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
user_pref("extensions.crossriderapp4639.4639.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
user_pref("extensions.crossriderapp4639.4639.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/4639/plugins/091/ff/plugins.json");
user_pref("extensions.crossriderapp4639.4639.pluginsversion", 71);
user_pref("extensions.crossriderapp4639.4639.publisher", "Innovative Apps");
user_pref("extensions.crossriderapp4639.4639.searchstatus", 0);
user_pref("extensions.crossriderapp4639.4639.setnewtab", false);
user_pref("extensions.crossriderapp4639.4639.thankyou", "");
user_pref("extensions.crossriderapp4639.4639.updateinterval", 360);
user_pref("extensions.crossriderapp4639.4639.ver", 98);
user_pref("extensions.crossriderapp4639.apps", "4639");
user_pref("extensions.crossriderapp4639.bic", "140a47d556d0e7647dd7b6336bef49bf");
user_pref("extensions.crossriderapp4639.cid", 4639);
user_pref("extensions.crossriderapp4639.firstrun", false);
user_pref("extensions.crossriderapp4639.hadappinstalled", true);
user_pref("extensions.crossriderapp4639.installationdate", 1377149212);
user_pref("extensions.crossriderapp4639.lastcheck", 22952487);
user_pref("extensions.crossriderapp4639.lastcheckitem", 22952487);
user_pref("extensions.crossriderapp4639.modetype", "production");
user_pref("extensions.crossriderapp4639.reportInstall", true);
user_pref("extensions.crossriderapp4639.statsDailyCounter", 1);
Emptied folder: C:\Users\Francisco\AppData\Roaming\mozilla\firefox\profiles\kd8s6bes.default\minidumps [25 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/21/2013 at 22:38:34.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

ESET Scan Results:

C:\$Recycle.Bin\S-1-5-21-3660232985-48832184-3761622382-1004\$R3VZI8P.exe    multiple threats    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3660232985-48832184-3761622382-1004\$R8KURIG.exe    a variant of Win32/Adware.HotBar.K application    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3660232985-48832184-3761622382-1004\$RE2YODQ.exe    multiple threats    cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-3660232985-48832184-3761622382-1004\$RX3B4PD.exe    multiple threats    cleaned by deleting - quarantined
C:\Program Files (x86)\AlienRespawn\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe    Win32/Wajam.A application    cleaned by deleting (after the next restart) - quarantined
C:\UBCD4Win\plugin\Cleanup Tools\SDFix\SDFix.exe    Win32/PrcView application    deleted - quarantined
C:\Users\Francisco\Downloads\fileviewer_d5023377.exe    a variant of Win32/InstallIQ.A application    cleaned by deleting - quarantined
C:\Users\Francisco\Downloads\UBCD4WinV360.exe    Win32/PrcView application    cleaned by deleting - quarantined
C:\Users\Santi Buitron\Downloads\ezvid0854.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Santi Buitron\Downloads\mplayer_Setup.exe    a variant of Win32/Adware.iBryte.C application    cleaned by deleting - quarantined

 

Whew! Lot of downloads, lots of work, but at least I'm (close) to virus free.

Thanks again for all of your help, man.

 

EDIT: Couldn't post the AdwCleaner results, for some reason, emoticons were preventing me from replying to the topic (too many of them). I also noticed some emoticons on the JRT report, even though I didn't add them. Huh.
 


Edited by plebs, 22 August 2013 - 12:50 AM.


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:21 AM

Posted 22 August 2013 - 02:25 AM

Couldn't post the AdwCleaner results, for some reason, emoticons were preventing me from replying to the topic (too many of them). I also noticed some emoticons on the JRT report, even though I didn't add them. Huh.

That is very odd, as I have not seen it "badly" corrupted - But at least you ran AdwCleaner program -

Just make sure that you have not clicked on any Emoticons while you are replying (even the basic ones).

To be safe, when you reply, look at the Right side of the Reply Box and Untick Enable emoticons.

 

 

Do you get the MBAM errors while you try to Download, or while you try to Run the program ?

If you can give me a few more details, then I will ask at their forum for some help with this.

It may be important -

 

 

Now I can go back and do a better check on some errors while you run sfc /scannow and chkdsk /r .........

 

Click on the Start Orb and type CMD in the box > Right click on this, and select Run as Administrator > Agree to any UAC prompt > Just type sfc /scannow in the Black Box and press Enter > Note the space between c and / as it must be there - This will take about 15 minutes (on average) to complete, then say "...did not find any integrity violations" once completed.

 

Now repeat the same basics as above, but  type chkdsk /r and press Enter > Note the space between k and / as it must be there - This will take from 1 to 2 hours (on average) to complete all 5 stages, and should not be stopped while it is running -

Your screen will look like Safe Mode, but it will reboot to normal when completed -

 

If this is a laptop make sure it is plugged into a power source, as these can take a bit longer, at times.

 

Thanks -


Edited by noknojon, 22 August 2013 - 02:40 AM.


#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:21 AM

Posted 22 August 2013 - 06:08 AM

Hi - Some more ongoing solutions -

 

The local Bluetooth adapter has failed The driver has been unloaded.
There is a Download from this link that M/soft claims will fix your main System Error.

 

Office Errors: are outdated {Error: 06/02/2011} so they do not matter now.

 

CodeIntegrity Errors: are all related to your McAfee Antivirus program, so removal {and maybe a later re-install} of the program should clean this up.

 

We can remove the Flash Player service, so let's do it using the uninstaller.
Go into your Control Panel > Programs and Features, and locate the Adobe Flash player software and uninstall it.

 

 

I need to know if all Malwarebytes programs are causing problems for you -
Please try to download Malwarebytes Anti-Rootkit from HERE
• Unzip the contents to a folder in a convenient location. ( Desktop )
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

Log 2 should be clear, but I do need to see Log 1, if you can produce it -

 

Thank You -



#10 plebs

plebs
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:21 AM

Posted 22 August 2013 - 01:19 PM

MBAM gets me the error:

Run time error 53

File not found: advpack

 

However, I did manage to use Malwarebytes Anti-Rootkit without any problems, this also said that my computer is clean, and it found no threats, not going to post the log since it's irrelevant.

 

/scannow found 1 problem (I forgot what it was) but it said it would fix it when the computer rebooted, after the reboot, no problems found. However, chkdsk /r would not let me continue with the scan, giving me this message:

The type of the file system is NTFS.

Cannot lock current drive.

 

Chkdsk cannot run because the volume is in use by another

process. Would you like to schedule this volume to be

checked the next time the system restarts? (Y/N)

 

I typed in y, but after the reboot it would give me the same message, don't know if this is a problem or not.

 

I am also not quite sure why you want me to delete adobe, but I did delete the various versions I had.

 

I also don't know what you mean by my local bluetooth adaptor, I went to the website and the symptoms listed there were not similar to the ones that I had.

 

Any ideas why the reports found emoticons?

 

Thanks for the help.



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:21 AM

Posted 22 August 2013 - 05:26 PM

Hi -

All of the responses are in relation to the eror list above. If you are not sure why I am posting these, please read each error and then see if you can find an error similar to the "solution" I am posting.

 

From your System errors: above in MiniToolBox

Error: (08/20/2013 10:50:52 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

I needed to find the solution since it was not a common error message to me - M/soft has listed this error as a common problem, so they released a solution for it, I linked the page to you -

 

"I am also not quite sure why you want me to delete adobe ............ "
Only Flash Player (as in your Errors) so that we can later reinstall
This is constant and current in your errors - Solution is to remove and install later.
Error: (08/21/2013 09:02:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 11.6.602.180, time stamp: 0x5152b03d
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db9710

 

/scannow may often be required to run 2 or even 3 times if errors are found.

 

Chkdsk reply -
This part is normal - Chkdsk cannot run because the volume is in use by another process.
Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)

You normally agree and Reboot the computer .........

 

Alternate method thay "should" stop the problem > >
Run a Disk Check on your C: drive in Windows Vista or Windws 7:
• Click the Start Orb and select Computer
• Right-click on C:(or your Main HDD letter) and select Properties
• Click on the Tools tab
• Under Error-checking click the Check Now... button and click Continue at the User Account Control prompt
• Mark the 2 boxes next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors
• Click on the Start button
• When the message box pops up, click the Schedule disk check button and Restart your computer
• Once your computer restarts it will check the drive, don't press any keys so that it is allowed to do so
Other directions as already left ...........

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.
Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

 

Any ideas why the reports found emoticons?

?? None?? and the fact that your last reply was totally clean may mean something.

 

Reporting below to MBAM as I can not find the answer. I spent about 6 years on their forum, and averaged 1,000 posts per year -

MBAM gets me the error:

Run time error 53

File not found: advpack

 

Thanks -



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:21 AM

Posted 22 August 2013 - 05:48 PM

Error Message while trying to download =

Run time error 53

File not found: advpack

 

MBAM will then not download -

 

This has been posted to MBAM and I am waiting for a reply -



#13 plebs

plebs
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:21 AM

Posted 22 August 2013 - 06:06 PM

Here are the FSS results:

Farbar Service Scanner Version: 18-08-2013
Ran by Francisco (administrator) on 22-08-2013 at 16:03:22
Running from "C:\Users\Francisco\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

Thanks for helping me with the MBAM problem, already installed the hotfix to my computer.

 

Thanks again for your help.



#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:21 AM

Posted 22 August 2013 - 06:46 PM

MBAM Clean Removal Process   < Only if you have ever installed the program !
 

Question from MBAM Forum -

Have you ever had the program installed as it may be "residual" ?

 

I will link the question so that you can follow -

EDIT - http://forums.malwarebytes.org/index.php?showtopic=131659#entry719159


Edited by noknojon, 22 August 2013 - 07:29 PM.


#15 plebs

plebs
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:21 AM

Posted 22 August 2013 - 07:54 PM

No I have never installed the program before.

 

Anyways, I did your "fix" (the disk check) and it took about an hour, but everything ran smoothly, thanks.

 

Thanks for your help.

 

EDIT: Many thanks for creating the topic in MBAM, I would surely be lost without you.


Edited by plebs, 22 August 2013 - 07:57 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users