Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help - Annoying Adware/Popups Driving Me Crazy!


  • Please log in to reply
15 replies to this topic

#1 klpoff

klpoff

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 24 October 2013 - 07:36 PM

Hello - Thank you for considering my request.  My computer is infected with Adware that I have not been able to remove.  The suspicious behavior occurs within the Firefox browser.  When I try to open webpages, I am redirected to ad sites.  I also have suspicious "surveys" that include a voice asking me to complete them (usually related to a site I am on, but the surveys look very similar and the voice is the same).  One of the ads that often appears is a download for FLV player.  Other ads are sometimes related to what I am doing or a search I have entered.  I captured this url from one of the ad pages I was redirected to:

 

http://rvzr-a.akamaihd.net/sd/wrap-0.01.html?u=http%3A%2F%2Frvzr-a.akamaihd.net%2Fsd%2Fapps%2Ffusionx%2F0.0.4.html%3Faff%3D3200-1002

 

I have tried the following:Comodo Cleaning Essentials, TDSS Rootkit Removing Tool, Super Anti-spyware, MalewareBytes and Hitman Pro.  All of the programs found some things and removed/cleaned them.  But I still have the adware.  I am running Windows 7 on a 64-bit HP laptop.  My normal anti-virus protection is Symantec Endpoint Protection.  I also have Secunia Personal Software Inspector running and thus all of my software is up-to-date.

 

Any thoughts on what I should try next?



BC AdBot (Login to Remove)

 


#2 Brandon Young

Brandon Young

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hagerstown
  • Local time:03:18 PM

Posted 24 October 2013 - 07:41 PM

Ok first what have you downloaded recently?



#3 klpoff

klpoff
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 24 October 2013 - 07:48 PM

Nothing that I can think of.  I believe it came through a browser attack of some kind.  My daughter uses this computer to watch movies sometimes on xfinity.  But she does not intentionally download things and other than that, I work pretty hard myself to keep the computer safe.  I feel sure I haven't downloaded unsafe files (unless she clicked on something in the browser and did it unintentionally).



#4 klpoff

klpoff
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 24 October 2013 - 08:06 PM

I'm going to sleep now.  If anyone else has questions, I will answer them in the morning.  I do appreciate the help and support; I am just very tired.  Thanks for understanding.



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:18 AM

Posted 24 October 2013 - 08:14 PM

Hello -

We do understand time factors -

 

For the next few scans How To Temporarily Disable Your Anti-virus

:step1: Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them.

You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

 

:step2: Please download Junkware Removal Tool by thisisu to your desktop
Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

 

  :step3:  Make sure your Antivirus is enabled again -

 

  :step4:   Please download AdwCleaner by Xplode to your desktop.
* Close all open programs and internet browsers.
* Double click on adwcleaner.exe to run the tool.
* Click on Scan. (Only Once)
* Check the listed items and untick any you do not want removed.
* Click on Clean (Only Once) and confirm with OK if asked
* NOTE : Your computer will be rebooted automatically. A text file will open after the restart.
* Please post the contents of that logfile with your next reply.
* You can find the logfile at C:\AdwCleaner[S0].txt as well.

 

 

 

  :step5:  Download Security Check by Screen317 from HERE

* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

:step6:  Download MiniToolBox, Save it to your desktop and run it.

Close any Firefox browsers you may have open
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List IP configuration
•List last 10 Event Viewer log
•List Installed Programs
•List Users, Partitions and Memory size.
•List Minidump Files
 
Click Go and copy / paste the result (Result.txt).

 

- Last of the bunch -

Please download Temp File Cleaner by Old Timer
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK to reboot your computer and finish the cleanup.

 

Text was edited as my links needed updating -

Thank You -

 

Will see you later ......


Edited by noknojon, 24 October 2013 - 08:24 PM.


#6 Brandon Young

Brandon Young

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hagerstown
  • Local time:03:18 PM

Posted 24 October 2013 - 08:31 PM

Ok All you have to do is follow his instructions above. Ik a quicker way without virus removal programs but i would have to teach you for further problems if you want it. Its not that complicated to fix it after you learn how to manually do it. And if you decide to not fix those pop ups. It may slow your computer down and lock it up.



#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:18 AM

Posted 24 October 2013 - 09:45 PM

Please note that we are limited to the tools and methods that can be used in the Am I Infected area of the forum, so these are what we use for a starter -

It may slow your computer down and lock it up.

We also do a quick check of the computer while it is here.

Many other methods can only be used in Malware Removal Logs area.

 

Thank You -


Edited by noknojon, 25 October 2013 - 05:12 PM.


#8 klpoff

klpoff
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 25 October 2013 - 11:51 AM

Aussie Addict - Thank you for the instructions.  I am at work and this looks like it is going to take a long time.  So, I will work on it tonight (Friday night in the US) and Saturday until I get through all the steps.  Then, I will post back with my results.  I appreciate everyone's help!



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:18 AM

Posted 25 October 2013 - 05:09 PM

Thank you for the update.

There is only 20 to 30 minutes (on average) to do all of this, as sone will take 1 minute and others about 5 minutes -

 

Sorry for answering across "Brandon Young" but if the Quick Tools are what I thought, they would be removed, and we do not want to work outside of the regular guide-lines.

If Brandon Young finds his solution among our usual "Am I Infected" area solutions, I am  more than happy for it to be posted, but if it is not within the guidelines that are Pinned above this area, and his rating is not Malware Removal Helper, or above, there are rules -

 

Again - Sorry for being on the end of this and thanks for not complaining -



#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:18 PM

Posted 25 October 2013 - 05:19 PM

And to add, can you post all logs of security programs that you have ran such as TDSS Killer, Malwarebytes, and Super Anti-Spyware so we can see if you did the right scans?

#11 klpoff

klpoff
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 25 October 2013 - 09:32 PM

Bleepin Madman - The instructions for posting to this topic specifically say not to post any logs, but to just post a description.  That is why I didn't post any of the logs from previous scans in my original post.  But thanks for asking.

 

Aussie Addict - The following are the results from all the scans you asked me to conduct.  I think a lot of adware was cleaned; however I still got a pop-up when I opened my browser to write this post, so I don't think it is completely clean.  I will check this thread again tomorrow to see if you have further instructions for me.  Thank you so much for your help!:

 

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/25/2013 09:04:16 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\Karen\Desktop\rkill\rkill-10-25-2013-09-04-21.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Karen on Fri 10/25/2013 at 21:07:14.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\startnowtoolbarhelper
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\toolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\toolbarbroker.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startnow toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\startnow toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.bandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.bandobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.toolbarhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar.toolbarhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zgclnt.mngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\zgclnt.mngr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F756994E-FC37-29D0-B6B3-004938757426}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}



~~~ Files

Successfully deleted: [File] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ebay.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Karen\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Karen\AppData\Roaming\startnow toolbar"
Successfully deleted: [Folder] "C:\Users\Karen\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\Karen\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"
Successfully deleted: [Empty Folder] C:\Users\Karen\appdata\local\{ADE14D99-7A68-41C1-9985-194608CF2ACF}
Successfully deleted: [Empty Folder] C:\Users\Karen\appdata\local\{BC5E3AF4-304A-416F-8FAC-1E4C6D3CD3C4}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] C:\Users\Karen\AppData\Roaming\mozilla\firefox\profiles\gpen16g8.default\user.js
Successfully deleted: [Folder] C:\Users\Karen\AppData\Roaming\mozilla\firefox\profiles\gpen16g8.default\extensions\{5911488e-9d1e-40ec-8cbb-06b231cc153f}
Successfully deleted the following from C:\Users\Karen\AppData\Roaming\mozilla\firefox\profiles\gpen16g8.default\prefs.js

user_pref("browser.search.defaultenginename", "Ixquick");
user_pref("browser.search.selectedEngine", "Ixquick");
user_pref("extensions.AMAZON_NS_PH.active-buttons.amazontweet.rss.hash", "M1OV9pftQc6dtl8srq7kdg==");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "tt=090212_noffx");
user_pref("extensions.BabylonToolbar_i.hardId", "5a6b9994000000000000001e65f55f5f");
user_pref("extensions.BabylonToolbar_i.id", "5a6b9994000000000000001e65f55f5f");
user_pref("extensions.BabylonToolbar_i.instlDay", "15388");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:21:25");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.install_folder", "C:\\Program Files (x86)\\StartNow Toolbar");
user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.lastSearchProtectAction", "hxxp://www.msn.com/?pc=Z160&install_date=20111027|hxxp://www.edline.net/pages/CentralHighSchool/|B
user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");
user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "adkn.startnow.com");
user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.update_url", "hxxp://tbupdate.zugo.com/ztb/update?partner_id={partner_id}&product_id={product_id}&affiliate_id={affiliate_id}
Emptied folder: C:\Users\Karen\AppData\Roaming\mozilla\firefox\profiles\gpen16g8.default\minidumps [204 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/25/2013 at 21:22:33.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v3.010 - Report created 25/10/2013 at 21:27:19
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Karen - KAREN-LAPTOP
# Running from : C:\Users\Karen\Desktop\Virus Help\Adw Cleaner\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Karen\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Karen\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\incfcgceegpikennjoplhfghaaikdgei
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\gpen16g8.default\prefs.js ]

Line Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.install_folder", "C:\\Program Files (x86)\\StartNow Toolbar");

-\\ Google Chrome v

[ File : C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3537 octets] - [25/10/2013 21:24:54]
AdwCleaner[S0].txt - [3510 octets] - [25/10/2013 21:27:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3570 octets] ##########
 

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Symantec Endpoint Protection   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.7011)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date!
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (24.0)
 Mozilla Thunderbird (24.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Karen Desktop Virus Help Security Check\SecurityCheck.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Karen (administrator) on 25-10-2013 at 21:53:29
Running from "C:\Users\Karen\Desktop\Virus Help\Mini Tool Box"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Intel® WiFi Link 5100 AGN = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Karen-Laptop
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-1E-65-F5-5F-5F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
   Physical Address. . . . . . . . . : 00-1E-65-F5-5F-5E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1099:f1f5:8d:3369%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, October 25, 2013 9:31:25 PM
   Lease Expires . . . . . . . . . . : Saturday, October 26, 2013 9:31:29 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 318774885
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-25-59-CF-00-26-9E-83-04-B8
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-26-9E-83-04-B8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{36AE32DA-DB42-46EE-9826-1CEF6234BE92}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6D12A810-733C-4DC7-9AD7-6051A4644FD8}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 29:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:34aa:5c4:3f57:fefd(Preferred)
   Link-local IPv6 Address . . . . . : fe80::34aa:5c4:3f57:fefd%40(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4006:803::1007
      173.194.43.34
      173.194.43.35
      173.194.43.36
      173.194.43.37
      173.194.43.38
      173.194.43.39
      173.194.43.40
      173.194.43.41
      173.194.43.46
      173.194.43.32
      173.194.43.33


Pinging google.com [173.194.43.34] with 32 bytes of data:
Reply from 173.194.43.34: bytes=32 time=21ms TTL=50
Reply from 173.194.43.34: bytes=32 time=21ms TTL=50

Ping statistics for 173.194.43.34:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 21ms, Average = 21ms
Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=60ms TTL=44
Reply from 98.138.253.109: bytes=32 time=65ms TTL=43

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 60ms, Maximum = 65ms, Average = 62ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...00 1e 65 f5 5f 5f ......Microsoft Virtual WiFi Miniport Adapter
 11...00 1e 65 f5 5f 5e ......Intel® WiFi Link 5100 AGN
 10...00 26 9e 83 04 b8 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 41...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 40...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.2     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.2    276
      192.168.1.2  255.255.255.255         On-link       192.168.1.2    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.2    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.2    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 40     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 40     58 2001::/32                On-link
 40    306 2001:0:5ef5:79fd:34aa:5c4:3f57:fefd/128
                                    On-link
 11    276 fe80::/64                On-link
 40    306 fe80::/64                On-link
 11    276 fe80::1099:f1f5:8d:3369/128
                                    On-link
 40    306 fe80::34aa:5c4:3f57:fefd/128
                                    On-link
  1    306 ff00::/8                 On-link
 40    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/25/2013 09:38:50 PM) (Source: Symantec AntiVirus) (User: NT AUTHORITY)
Description: Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe by: SONAR scan.  Action: .  Action Description: Access Denied

Error: (10/25/2013 09:36:30 PM) (Source: Application Error) (User: )
Description: Faulting application name: DesktopSearchService.exe, version: 3.7.0.8, time stamp: 0x510697b5
Faulting module name: SearchPlatformPlugins-s.dll, version: 3.1.0.95, time stamp: 0x50f975c1
Exception code: 0xc0000005
Fault offset: 0x00019431
Faulting process id: 0x804
Faulting application start time: 0xDesktopSearchService.exe0
Faulting application path: DesktopSearchService.exe1
Faulting module path: DesktopSearchService.exe2
Report Id: DesktopSearchService.exe3


System errors:
=============
Error: (10/25/2013 09:32:48 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service failed to start due to the following error:
%%1053

Error: (10/25/2013 09:32:48 PM) (Source: DCOM) (User: )
Description: 1053iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (10/25/2013 09:32:35 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.

Error: (10/25/2013 09:32:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/25/2013 09:31:33 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
wjtvys
zlnimc

Error: (10/25/2013 09:24:57 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (10/25/2013 09:38:50 PM) (Source: Symantec AntiVirus)(User: NT AUTHORITY)
Description: Security Risk Found!Hosts File Change in File: c:\windows\system32\svchost.exe by: SONAR scan.  Action: .  Action Description: Access Denied

Error: (10/25/2013 09:36:30 PM) (Source: Application Error)(User: )
Description: DesktopSearchService.exe3.7.0.8510697b5SearchPlatformPlugins-s.dll3.1.0.9550f975c1c00000050001943180401ced1eb223107c4C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exeC:\Program Files (x86)\Copernic Desktop Search - Home\SearchPlatformPlugins-s.dll09968c52-3ddf-11e3-911f-00269e8304b8


CodeIntegrity Errors:
===================================
  Date: 2013-09-21 17:26:19.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-21 16:05:09.911
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-21 13:50:42.291
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-21 13:35:27.451
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-21 12:03:29.564
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-21 11:44:05.346
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-21 11:40:55.193
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-21 11:31:45.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-21 11:16:09.296
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-09-21 10:58:43.814
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 3.8.0.1430)
Adobe Connect 9 Add-in (Version: 11.2.247.0)
Adobe Connect Add-in
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Adobe Shockwave Player 12.0 (Version: 12.0.4.144)
Advantage Cooking! (Version: 1.5.1)
Advantage Cooking! 2.0  (Version: )
Aimersoft DVD Creator(Build 2.6.5)
Amazon Kindle
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
AM-DeadLink 4.1 (Version: 4.1)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.732.0)
AudibleManager (Version: 2011315438.48.56.6884722)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Full Existing (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Full New (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Light (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Previews Common (Version: 2009.0702.1239.20840)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0702.1239.20840)
Catalyst Control Center InstallProxy (Version: 2009.0702.1239.20840)
Catalyst Control Center Localization All (Version: 2009.0702.1239.20840)
CCC Help Chinese Standard (Version: 2009.0702.1238.20840)
CCC Help Chinese Traditional (Version: 2009.0702.1238.20840)
CCC Help Czech (Version: 2009.0702.1238.20840)
CCC Help Danish (Version: 2009.0702.1238.20840)
CCC Help Dutch (Version: 2009.0702.1238.20840)
CCC Help English (Version: 2009.0702.1238.20840)
CCC Help Finnish (Version: 2009.0702.1238.20840)
CCC Help French (Version: 2009.0702.1238.20840)
CCC Help German (Version: 2009.0702.1238.20840)
CCC Help Greek (Version: 2009.0702.1238.20840)
CCC Help Hungarian (Version: 2009.0702.1238.20840)
CCC Help Italian (Version: 2009.0702.1238.20840)
CCC Help Japanese (Version: 2009.0702.1238.20840)
CCC Help Korean (Version: 2009.0702.1238.20840)
CCC Help Norwegian (Version: 2009.0702.1238.20840)
CCC Help Polish (Version: 2009.0702.1238.20840)
CCC Help Portuguese (Version: 2009.0702.1238.20840)
CCC Help Russian (Version: 2009.0702.1238.20840)
CCC Help Spanish (Version: 2009.0702.1238.20840)
CCC Help Swedish (Version: 2009.0702.1238.20840)
CCC Help Thai (Version: 2009.0702.1238.20840)
CCC Help Turkish (Version: 2009.0702.1238.20840)
ccc-core-static (Version: 2009.0702.1239.20840)
ccc-utility64 (Version: 2009.0702.1239.20840)
Chandler 1.0.3 (Version: 1.0.3)
Cisco WebEx Meetings
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
ConvertHelper 2.2
Copernic Desktop Search - Home
Corel Paint Shop Pro Photo X2 (Version: 12.50.0001)
Corel VideoStudio 12 (Version: 12.0.0.0000)
Crown Money Map™ Financial Software 2007
Cuisinart Recipe Widget (Version: 1.1)
CyberLink Power2Go (Version: 6.0.3108a)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Easy Duplicate Finder v. 2.4.1
ENE CIR Receiver Driver (Version: 2.7.4.0)
GoToMeeting 4.5.0.457
HamsterFreeVideoConverter
Homepage Protection (Version: )
HP 3D DriveGuard (Version: 4.0.3.1)
HP Advisor (Version: 3.2.9652.3188)
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP Games (Version: 1.0.0.71)
HP MediaSmart DVD (Version: 3.0.3123)
HP MediaSmart Internet TV (Version: 3.0.1916)
HP MediaSmart Live TV (Version: 3.0.1924)
HP MediaSmart Movie Themes (Version: 3.0.3102)
HP MediaSmart Music/Photo/Video (Version: 3.0.3123)
HP MediaSmart SlingPlayer (Version: 2.1.1.60)
HP MediaSmart SmartMenu (Version: 3.0.30.1)
HP MediaSmart Software Notebook Demo (Version: 1.00.0000)
HP MediaSmart Webcam (Version: 3.0.1913)
HP Officejet Pro 8500 A910 Basic Device Software (Version: 28.0.1315.0)
HP Officejet Pro 8500 A910 Help (Version: 140.0.2.2)
HP Officejet Pro 8500 A910 Product Improvement Study (Version: 28.0.1315.0)
HP Quick Launch Buttons (Version: 6.50.16.1)
HP Setup (Version: 1.2.3220.3079)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Update (Version: 5.003.003.001)
HP User Guides 0153 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.50.12.1)
I.R.I.S. OCR (Version: 12.3.4.0)
IDT Audio (Version: 1.0.6230.0)
Image Resizer Powertoy Clone for Windows (64 bit) (Version: 2.1)
InstallRoot 3.16 (Version: 3.16)
Intel® Matrix Storage Manager
iTunes (Version: 10.7.0.21)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java 7 Update 45 (Version: 7.0.450)
JMicron Flash Media Controller Driver (Version: 1.0.32.1)
KeyScrambler
LabelPrint (Version: 2.5.1913)
LightScribe System Software (Version: 1.18.13.1)
LiveUpdate (Symantec Corporation) (Version: 3.4.1.238)
Lotus Organizer 6.0
LSI HDA Modem (Version: 2.1.94)
Lupas Rename 2000 v5.0 Release
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Marketsplash Shortcuts (Version: 1.0.1.7)
MasterCook Deluxe 9 (Version: 9.0.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Moneydance 2010
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0.1)
Mozilla Thunderbird 24.0.1 (x86 en-US) (Version: 24.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Octoshape add-in for Adobe Flash Player
OneClickdigital Media Manager (Version: 57.0.0.0)
Organizer Pro (Version: 7.1)
OverDrive Media Console (Version: 3.2.20)
Palm Desktop by ACCESS (Version: 6.4.0.0)
Paragon Backup and Recovery™ 10 Compact Edition (Version: 90.00.0003)
PDFCreator (Version: 1.5.1)
PhotoNow! (Version: 1.1.5615)
PicPick (Version: 3.1.3)
PMB (Version: 5.6.01.03300)
Power2Go (Version: 6.0.3101)
PowerDirector (Version: 7.0.3101)
PowerRecover (Version: 5.5.1923)
QLBCASL (Version: 6.40.17.2)
QuickTime (Version: 7.74.80.86)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0007)
Runtime (Version: 1.00.0000)
Screen Sharing Plug-in (Version: 2.0.2)
Scripture Solitaire
Secunia PSI (3.0.0.7011) (Version: 3.0.0.7011)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SlingBoxWatchYourTVAnyWhere (Version: 2.1.1.58)
SmartWebPrinting (Version: 140.0.186.000)
Socusoft Photo To Video Converter Free Version 8.00
Standard Edition (Version: 2007.0.0.0)
Stickies 7.1b
SUPERAntiSpyware (Version: 5.6.1032)
Sweet Home 3D version 2.5
swMSM (Version: 12.0.0.1)
Symantec Endpoint Protection (Version: 12.1.3001.165)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
theWord (Version: 4.0.0.1342)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
VideoStudio (Version: 12.0.0.0000)
VT-SEPVersion checks for latest updates of Symantec Endpoint Protection
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
WinX DVD Ripper Platinum 6.0.0
Yahoo! Detect

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 4063.19 MB
Available physical RAM: 2537.52 MB
Total Pagefile: 8124.55 MB
Available Pagefile: 6025.74 MB
Total Virtual: 4095.88 MB
Available Virtual: 3963.11 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:450.62 GB) (Free:205.53 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.95 GB) (Free:2.43 GB) NTFS

========================= Users: ========================================

User accounts for \\KAREN-LAPTOP

Administrator            Guest                    Karen                    

========================= Minidump Files ==================================

No minidump file found


**** End of log ****



#12 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:18 AM

Posted 25 October 2013 - 09:49 PM

The instructions for posting to this topic specifically say not to post any logs, but to just post a description.

Thank you very much for that in the first bit, but any person (like Cryptodan) is asking you just to help.

As long as you do not post DDS / HiJackThis / ComboFix logs, all else are generally OK.

These are the ones in Red under this forum area, but many do post other basic logs.

 

TDSS Killer, Malwarebytes, and Super Anti-Spyware are programs that I would ask you to run.

If you do have logs from these, please post them here also.

 

I will review what you have posted and if you can give me updates also as we go along it will help.

 

Regards -



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:18 AM

Posted 26 October 2013 - 01:57 AM

Please Update your Malwarebytes and run a Quick scan now.

Remove (Tick) all found items and post the log back here...........

If you would please open Logs and post your last scan results also. If you are not sure how please ask me.

 

If you do have the logs for TDSS Killer please post them, and if not, then please rescan and post new logs

 

Thank You -



#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:18 PM

Posted 26 October 2013 - 03:56 PM

I would like to recommend that you do you a full scan as opposed to a quick scan.

#15 klpoff

klpoff
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 27 October 2013 - 06:24 AM

Bleepin Madman and Aussie Addict - Thank you both.  Sorry for misunderstanding the rules of what is allowed and what is not.  I have done the recommended scans.  TDSS Killer found nothing, so there is no log.  I updated and did full scans for both Malwarebytes and Super Antispyware and the logs are posted below.  Malwarebytes found nothing and Super Antispyware found only tracking cookies (lots of them, but nothing else).  I did some quick surfing this morning to test and did not get any popups.  So maybe the problem is gone now.  I will use the computer this afternoon normally and see if I get anything unusual.  I will post back later if I have any problems.  I really appreciate your help!

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.26.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Karen :: KAREN-LAPTOP [administrator]

10/26/2013 8:18:18 PM
mbam-log-2013-10-26 (20-18-18).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 604453
Time elapsed: 2 hour(s), 46 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/26/2013 at 08:00 PM

Application Version : 5.6.1040

Core Rules Database Version : 10856
Trace Rules Database Version: 8668

Scan type       : Complete Scan
Total Scan Time : 02:33:40

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 767
Memory threats detected   : 0
Registry items scanned    : 76640
Registry threats detected : 0
File items scanned        : 99793
File threats detected     : 103

Adware.Tracking Cookie
    .atdmt.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    cts.lipixeltrack.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .adtechus.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    fastonlinefinder.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .survey.g.doubleclick.net [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    cts.lipixeltrack.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    tracking.revimedia.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    cts.lipixeltrack.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    cts.lipixeltrack.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    fastclicknow.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    fastclicknow.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .lfstmedia.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .traveladvertising.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .traveladvertising.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .lfstmedia.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    network.realmedia.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    cts.lipixeltrack.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .mediaforge.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    traffic.buyservices.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .mediaforge.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .mediaforge.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    tags.mediaforge.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    tags.mediaforge.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .buycom.122.2o7.net [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    statse.webtrendslive.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .adtech.de [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    cts.lipixeltrack.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .eyeviewads.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .kontera.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .ad.mlnadvertising.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    track.prd.inpwrd.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    affiliate.mlntracker.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .t.pointroll.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    fastonlinefinder.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    cts.lipixeltrack.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .playmediaplayer.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .playmediaplayer.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .playmediaplayer.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .network.realmedia.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .network.realmedia.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    network.realmedia.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\KAREN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GPEN16G8.DEFAULT\COOKIES.SQLITE ]






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users