Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blocked from yahoo, google sites sometimes


  • Please log in to reply
31 replies to this topic

#1 Monsey

Monsey

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 17 November 2013 - 10:24 PM

Hello,

 

Sometimes I am unable to access yahoo, google, any of the email systems of the two or any associated sites (yahoo answers, google news, etc). It does not matter the search engine -- IE, Chrome, Firefox -- but once or twice a day, I will get a page cannot be displayed message if trying to get to one of those pages. Briefly, my IE homepage was changed to Bing. And, while I could not get to yahoo and google, I could get to Bing, Ask, Blekko, etc.I have no toolbars or anything like that installed. No add-ons (that I know of) either, except for the Avast site checker.

 

I have Avast, which has detected nothing. Ran Malabytes and uncovered a few crossrider files. Quarantined them. Problem persisted. Ran SuperAntiSpyware and uncovered a fake-doc trojan. Quuarantined and removed it. Problem less frequent but still there. Did ADWCleaner and it uncovered another crossrider file and a few corrupted files. Took them out. Problem better but not gone. Ran RKill and found corrupted Hosts file. Repaired that.

 

Much better than when I started but still having some spots when google and yahoo sites will spin their wheels, as do some other sites (including this one) while Bing pops up immediately if I type that in the browser. I'm no where near my data limit with my ISP, so ...

 

Here's my last RKill log. There are perhaps a couple of issues there, but I can't figure out how to handle them. If anyone can tell me what my next move is to finish off this, I'd appreciate it. Feel like I'm getting closer but not yet there.

 

 

Program started at: 11/17/2013 09:28:53 PM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * AllUserInstallAgent [Missing Service]
 * SDRSVC [Missing Service]
 * adp94xx [Missing Service]
 * adpahci [Missing Service]
 * adpu320 [Missing Service]
 * arc [Missing Service]
 * AsyncMac [Missing Service]
 * discache [Missing Service]
 * HdAudAddService [Missing Service]
 * iirsp [Missing Service]
 * LSI_SCSI [Missing Service]
 * nfrd960 [Missing Service]
 * PptpMiniport [Missing Service]
 * RasAgileVpn [Missing Service]
 * Rasl2tp [Missing Service]
 * RasSstp [Missing Service]
 * Wanarp [Missing Service]
 * Wanarpv6 [Missing Service]
 * Wd [Missing Service]
 * AppMgmt [Missing Service]
 * CSC [Missing Service]
 * CscService [Missing Service]
 * PeerDistSvc [Missing Service]

 * SystemEventsBroker => %SystemRoot%\system32\svchost.exe -k DcomLaunch [Incorrect ImagePath]
 * WSService => %SystemRoot%\System32\svchost.exe -k wsappx [Incorrect ImagePath]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 11/17/2013 09:29:53 PM
Execution time: 0 hours(s), 1 minute(s), and 0 seconds(s)
 



BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:07 PM

Posted 17 November 2013 - 10:56 PM

Can you post the logs from adwcleaner and super anti-spyware?

#3 Monsey

Monsey
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 18 November 2013 - 12:13 AM

Let me see if I can find ADWcleaner. Here is SuperAnti Spyware's log:

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/13/2013 at 09:09 PM

Application Version : 5.6.1042

Core Rules Database Version : 10887
Trace Rules Database Version: 8699

Scan type       : Complete Scan
Total Scan Time : 00:38:15

Operating System Information
 65 Edition 64-bit (Build 6.02.9200)
UAC On - Limited User

Memory items scanned      : 669
Memory threats detected   : 0
Registry items scanned    : 73018
Registry threats detected : 0
File items scanned        : 53374
File threats detected     : 111

Adware.Tracking Cookie
    .doubleclick.net [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtechus.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .amazon-adsystem.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .gntbcstglobal.112.2o7.net [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c1.atdmt.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pcworldcommunication.122.2o7.net [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    statse.webtrendslive.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lucidmedia.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .247realmedia.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mdjacksonville.112.2o7.net [ C:\USERS\ELLGEE37\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    p2632.superclick.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .247realmedia.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    oasc09.247realmedia.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    oasc10.247realmedia.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    .c1.atdmt.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\ELLGEE37\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1ZJ6NN2K.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-ImageDocFake
    C:\USERS\ELLGEE37\APPDATA\LOCAL\MICROSOFT\WINDOWS\NOTIFICATIONS\17096D09CF6D11E2BE742016D8A409A3\A6E9A7CD-E1B1-445B-967D-A1F2738E958B[1].JPG
 



#4 Monsey

Monsey
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 18 November 2013 - 12:20 AM

Still looking to see if I have ADW log. Here, if it helps, is the Malawarebytes log. I ran this before running SAS:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.11.10

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16384
ellgee37

Protection: Enabled

11/11/2013 2:41:16 PM
mbam-log-2013-11-11 (14-41-16).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 371923
Time elapsed: 41 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\CrossriderApp0026278.BHO (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0026278.BHO.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0026278.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0026278.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#5 Monsey

Monsey
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 18 November 2013 - 12:23 AM

I cannot find the ADW log. I do have the original RKill log, though, if you need that.



#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:07 PM

Posted 18 November 2013 - 12:49 AM

the adrware cleaner log should be in the directory from which it was ran or in the root directory of the hard drive.

#7 Monsey

Monsey
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 18 November 2013 - 01:49 AM

I unsinstalled after the search and destroy and can't find the log. I thought I saved but cannot find it.



#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:07 PM

Posted 18 November 2013 - 01:51 AM

rerun and post the log in your next reply.

#9 Monsey

Monsey
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 18 November 2013 - 02:06 AM

OK, here is the latest one:

 

# AdwCleaner v3.012 - Report created 18/11/2013 at 02:04:02
# Updated 11/11/2013 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : ellgee37
# Running from : C:\Users\ellgee37\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\ellgee37\AppData\Roaming\Mozilla\Firefox\Profiles\1zj6nn2k.default\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\ellgee37\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [746 octets] - [18/11/2013 02:04:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [805 octets] ##########
 



#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:07 PM

Posted 18 November 2013 - 06:27 PM

Are you still blocked?

#11 Monsey

Monsey
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 18 November 2013 - 07:59 PM

This is the longest I've gone since the trouble started without an incident. Right now, I've been able to get through. Last night, I went a four-hour online session without being blocked off. Earlier yesterday, I was blocked off but briefly.

So, being cautiously optimistic, right now I've been OK. I'll give it a few days before feeling like it has passed.



#12 Monsey

Monsey
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 18 November 2013 - 08:12 PM

As soon as I wrote that, I was blocked off for about 10 minutes before I restarted. That soloved the problem this time. So yeah, still being blocked at times.



#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:07 PM

Posted 18 November 2013 - 08:39 PM

Please download MiniToolBox, and save it to your desktop and run it, and checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#14 Monsey

Monsey
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 18 November 2013 - 09:18 PM

When I downloaded Mini Tool Box, it gave me a MySearchDial toolbar and added  Free Games to my desktop. I'm going to uninstall them.

 

Here's the log:

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by ellgee37 (administrator) on 18-11-2013 at 21:14:12
Running from "C:\Users\ellgee37\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Qualcomm Atheros AR9285 Wireless Network Adapter = Wi-Fi (Connected)
Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30) = Ethernet (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_0" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : RustyCat
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : hsd1.fl.comcast.net.

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 12-16-D8-A4-09-A3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.fl.comcast.net.
   Description . . . . . . . . . . . : Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30)
   Physical Address. . . . . . . . . : 20-89-84-34-50-38
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : hsd1.fl.comcast.net.
   Description . . . . . . . . . . . : Qualcomm Atheros AR9285 Wireless Network Adapter
   Physical Address. . . . . . . . . : 20-16-D8-A4-09-A3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:e:9480:eb:56c:8d12:a83d:508a(Preferred)
   Temporary IPv6 Address. . . . . . : 2601:e:9480:eb:b117:dc33:1635:c789(Preferred)
   Link-local IPv6 Address . . . . . : fe80::56c:8d12:a83d:508a%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, November 18, 2013 8:09:36 PM
   Lease Expires . . . . . . . . . . : Monday, November 25, 2013 8:09:36 PM
   Default Gateway . . . . . . . . . : fe80::ea3e:fcff:febe:ee81%3
                                       10.0.0.1
   DHCP Server . . . . . . . . . . . : 10.0.0.1
   DHCPv6 IAID . . . . . . . . . . . : 253761240
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-80-92-6E-20-16-D8-A4-09-A3
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 18:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:26:182e:f5ff:fffd(Preferred)
   Link-local IPv6 Address . . . . . : fe80::26:182e:f5ff:fffd%24(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 419430400
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-80-92-6E-20-16-D8-A4-09-A3
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.hsd1.fl.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.fl.comcast.net.
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #8
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    google.com
Addresses:  2607:f8b0:4008:806::1006
      74.125.229.227
      74.125.229.225
      74.125.229.229
      74.125.229.224
      74.125.229.230
      74.125.229.238
      74.125.229.232
      74.125.229.231
      74.125.229.228
      74.125.229.233
      74.125.229.226


Pinging google.com [173.194.37.105] with 32 bytes of data:
Reply from 173.194.37.105: bytes=32 time=28ms TTL=55
Reply from 173.194.37.105: bytes=32 time=54ms TTL=55

Ping statistics for 173.194.37.105:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 28ms, Maximum = 54ms, Average = 41ms
Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    yahoo.com
Addresses:  98.138.253.109
      206.190.36.45
      98.139.183.24


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=143ms TTL=48
Reply from 98.138.253.109: bytes=32 time=82ms TTL=48

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 82ms, Maximum = 143ms, Average = 112ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 4ms, Average = 3ms
===========================================================================
Interface List
 25...12 16 d8 a4 09 a3 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...20 89 84 34 50 38 ......Qualcomm Atheros AR8162/8166/8168 PCI-E Fast Ethernet Controller (NDIS 6.30)
  3...20 16 d8 a4 09 a3 ......Qualcomm Atheros AR9285 Wireless Network Adapter
  1...........................Software Loopback Interface 1
 24...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #8
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1         10.0.0.2     25
         10.0.0.0    255.255.255.0         On-link          10.0.0.2    281
         10.0.0.2  255.255.255.255         On-link          10.0.0.2    281
       10.0.0.255  255.255.255.255         On-link          10.0.0.2    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link          10.0.0.2    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link          10.0.0.2    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  3    281 ::/0                     fe80::ea3e:fcff:febe:ee81
  1    306 ::1/128                  On-link
 24    306 2001::/32                On-link
 24    306 2001:0:9d38:90d7:26:182e:f5ff:fffd/128
                                    On-link
  3    281 2601:e:9480:eb::/64      On-link
  3    281 2601:e:9480:eb:56c:8d12:a83d:508a/128
                                    On-link
  3    281 2601:e:9480:eb:b117:dc33:1635:c789/128
                                    On-link
  3    281 fe80::/64                On-link
 24    306 fe80::/64                On-link
 24    306 fe80::26:182e:f5ff:fffd/128
                                    On-link
  3    281 fe80::56c:8d12:a83d:508a/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    281 ff00::/8                 On-link
 24    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/18/2013 09:06:25 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (11/18/2013 01:20:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: RustyCat)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2147019873 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/18/2013 00:07:15 AM) (Source: Application Error) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 6.3.9600.16384, time stamp: 0x52157d67
Faulting module name: combase.dll, version: 6.3.9600.16408, time stamp: 0x523d3001
Exception code: 0xc000027b
Fault offset: 0x000fa5bd
Faulting process id: 0x4b0
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (11/17/2013 09:35:57 PM) (Source: MsiInstaller) (User: RustyCat)
Description: Product: HiJackThis -- Error 1314. The specified path 'Desktop' is unavailable.

Error: (11/17/2013 06:27:30 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (11/17/2013 04:38:18 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (11/17/2013 02:40:44 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (11/16/2013 08:44:08 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (11/16/2013 07:24:09 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (11/16/2013 06:17:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: kss.exe, version: 12.0.1.340, time stamp: 0x50c1c75f
Faulting module name: W8Toaster.dll, version: 12.0.1.335, time stamp: 0x50ae0cd9
Exception code: 0xc0000005
Fault offset: 0x000022d2
Faulting process id: 0x120c
Faulting application start time: 0xkss.exe0
Faulting application path: kss.exe1
Faulting module path: kss.exe2
Report Id: kss.exe3
Faulting package full name: kss.exe4
Faulting package-relative application ID: kss.exe5


System errors:
=============
Error: (11/18/2013 09:14:19 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/18/2013 08:14:48 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/18/2013 08:13:10 PM) (Source: Ntfs) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume \\?\Volume{b65e15aa-b155-4aa3-929d-c85f0c1aea17}.

A file on the volume is no longer reachable from its parent directory.  The parent file reference number is 0x2000000000002.  The name of the parent directory is "<unable to determine file name>".  The parent index attribute is ":$I30:$INDEX_ALLOCATION".  The file reference number of the file that needs to be reconnected is 0x1000000039cc8.  There may be additional files on the volume that also need to be reconnected to this parent directory.

Error: (11/18/2013 08:13:10 PM) (Source: Ntfs) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume \\?\Volume{b65e15aa-b155-4aa3-929d-c85f0c1aea17}.

A file on the volume is no longer reachable from its parent directory.  The parent file reference number is 0x2000000000002.  The name of the parent directory is "<unable to determine file name>".  The parent index attribute is ":$I30:$INDEX_ALLOCATION".  The file reference number of the file that needs to be reconnected is 0x300000004631f.  There may be additional files on the volume that also need to be reconnected to this parent directory.

Error: (11/18/2013 08:09:41 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/18/2013 08:09:41 PM) (Source: Service Control Manager) (User: )
Description: The HOSTS Anti-PUPs service failed to start due to the following error:
%%1053

Error: (11/18/2013 08:09:41 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect.

Error: (11/18/2013 08:08:50 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (11/18/2013 07:56:36 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/17/2013 09:46:30 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (11/18/2013 09:06:25 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (11/18/2013 01:20:46 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: RustyCat)
Description: windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel-2147019873

Error: (11/18/2013 00:07:15 AM) (Source: Application Error)(User: )
Description: backgroundTaskHost.exe6.3.9600.1638452157d67combase.dll6.3.9600.16408523d3001c000027b000fa5bd4b001cee41bef2fada6C:\WINDOWS\syswow64\backgroundTaskHost.exeC:\WINDOWS\SYSTEM32\combase.dll49cd602f-500f-11e3-beb6-208984345038E046963F.LenovoSupport_2.0.4.0_x86__k1h2ywk1493x8App

Error: (11/17/2013 09:35:57 PM) (Source: MsiInstaller)(User: RustyCat)
Description: Product: HiJackThis -- Error 1314. The specified path 'Desktop' is unavailable.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/17/2013 06:27:30 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (11/17/2013 04:38:18 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (11/17/2013 02:40:44 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (11/16/2013 08:44:08 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (11/16/2013 07:24:09 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (11/16/2013 06:17:44 AM) (Source: Application Error)(User: )
Description: kss.exe12.0.1.34050c1c75fW8Toaster.dll12.0.1.33550ae0cd9c0000005000022d2120c01cee2b2f26401b9C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\W8Toaster.dllb68b2203-4eb0-11e3-beaf-208984345038


CodeIntegrity Errors:
===================================
  Date: 2013-10-31 16:07:57.230
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-31 16:07:57.121
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-31 16:07:57.074
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-31 16:07:56.808
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-31 16:07:56.761
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-31 16:07:56.730
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-31 16:07:56.668
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-31 16:07:56.590
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-31 16:07:56.558
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2013-10-31 16:07:56.386
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


=========================== Installed Programs ============================

AdAwareInstaller (Version: 11.0.4555.0)
AdAwareUpdater (Version: 11.0.4555.0)
Adobe AIR (Version: 3.9.0.1030)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
AntimalwareEngine (Version: 2.6.0.0)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 2.1.0.7)
avast! Internet Security (Version: 9.0.2007)
Conexant HD Audio (Version: 8.54.44.50)
D3DX10 (Version: 15.4.2368.0902)
Dolby Advanced Audio v2 (Version: 7.2.8000.16)
Elevated Installer (Version: 2.3.14.0)
Energy Management (Version: 8.0.2.4)
Flash Movie Player 1.5 (Version: 1.5)
Garmin Express (Version: 2.3.14.0)
Garmin Express Tray (Version: 2.3.14.0)
Google Chrome (Version: 64.240.49198)
Google Update Helper (Version: 1.3.21.165)
Intel AppUp(SM) center (Version: 3.6.1.33057.10)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® Processor Graphics (Version: 10.18.10.3316)
Intel® Rapid Storage Technology (Version: 11.5.4.1001)
Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Lenovo EasyCamera (Version: 1.12.824.1)
Lenovo OneKey Recovery (Version: 8.0.0.0710)
Lenovo Photos
Lenovo PowerDVD10 (Version: 10.0.4310.52)
Lenovo Solution Center (Version: 2.2.002.00)
Lenovo YouCam (Version: 4.1.3127)
MahJong (Version: 4.8.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Home and Student 2013 - en-us (Version: 15.0.4551.1005)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (Version: 17.0.2015.0811)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Movie Maker (Version: 16.4.3508.0205)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Mysearchdial
Nitro Pro 7 (Version: 7.4.1.21)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1005)
Office 15 Click-to-Run Localization Component (Version: 15.0.4551.1005)
Open It! (Version: 1.1.1)
Photo Gallery (Version: 16.4.3508.0205)
Power2Go (Version: 5.6.0.9109)
Qualcomm Atheros Client Installation Program (Version: 10.0)
Realtek USB 2.0 Card Reader (Version: 6.1.8400.39030)
Shared C Run-time for x64 (Version: 10.0.0)
SugarSync Manager (Version: 1.9.61.90905)
SUPERAntiSpyware (Version: 5.6.1042)
Synaptics Pointing Device Driver (Version: 16.2.10.13)
Update for Zip Opener
UserGuide (Version: 1.0.0.9)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live Photo Common (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
Windows Live Writer (Version: 16.4.3508.0205)
Windows Live Writer Resources (Version: 16.4.3508.0205)
Zip Opener Packages

========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 3961.77 MB
Available physical RAM: 2564.16 MB
Total Pagefile: 4665.77 MB
Available Pagefile: 2362.38 MB
Total Virtual: 4095.88 MB
Available Virtual: 3975.55 MB

========================= Partitions: =====================================

1 Drive c: (Windows8_OS) (Fixed) (Total:418.09 GB) (Free:384.85 GB) NTFS
2 Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.04 GB) NTFS

========================= Users: ========================================

User accounts for \\RUSTYCAT

Administrator            ellgee37                 Guest                    


**** End of log ****
 



#15 Monsey

Monsey
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:07 PM

Posted 18 November 2013 - 09:44 PM

It looks like I was able to shake MysearchDial, not sure why that came bundled with the MiniToolBox. But here's the ADWCleaner log. Not spotting it on any of the browsers and it looks like FreeGames is gone as well. Not sure if that's related to the original problem.

 

# AdwCleaner v3.012 - Report created 18/11/2013 at 21:36:25
# Updated 11/11/2013 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : ellgee37 - RUSTYCAT
# Running from : C:\Users\ellgee37\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Users\ellgee37\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Users\ellgee37\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\ellgee37\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\ellgee37\AppData\Roaming\Mozilla\Firefox\Profiles\1zj6nn2k.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Deleted : C:\Users\ellgee37\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\Users\ellgee37\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Users\ellgee37\AppData\Roaming\Mozilla\Firefox\Profiles\1zj6nn2k.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\ellgee37\AppData\Roaming\Mozilla\Firefox\Profiles\1zj6nn2k.default\user.js
File Deleted : C:\WINDOWS\Tasks\digitalsite.job
File Deleted : C:\WINDOWS\System32\Tasks\digitalsite
File Deleted : C:\WINDOWS\Tasks\MySearchDial.job
File Deleted : C:\WINDOWS\System32\Tasks\MySearchDial

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\ellgee37\AppData\Roaming\Mozilla\Firefox\Profiles\1zj6nn2k.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.aflt", "dsites");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutBtDzzzyzzyEtAyEyDtDtAzz0D0A0AtDtN0D0Tzu0SyCzzzztN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1P1R");
Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");
Line Deleted : user_pref("extensions.mysearchdial.cr", "862530084");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "8E4A31CC75F4B054EA563C0C1C14D48A");
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEtAyEyDtDtAzz0D0A0AtDtN0D0Tzu0SyCzzzztN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "208984345038DAA0");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16027");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
Line Deleted : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEtAyEyDtDtAzz0D0A0AtDtN0D0Tzu0SyCzzzztN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCtD1B1[...]
Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.021:9:50");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEtAyEyDtDtAzz0D0A0AtDtN0D0Tzu0SyCzzzztN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1CzutCt[...]
Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"85\",\"lastVrsn\":\"85\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.sg", "none");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites&cd=2XzuyEtN2Y1L1QzutBtDzzzyzzyEtAyEyDtDtAzz0D0A0AtDtN0D0Tzu0SyCzzzztN1L2XzutBtFtBtFtCtAtFtCtAtAzztN1L1Czut[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.021:9:50");

-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\ellgee37\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7296 octets] - [18/11/2013 21:35:36]
AdwCleaner[S0].txt - [6552 octets] - [18/11/2013 21:36:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6612 octets] ##########
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users