Need help with unremovable adware (not virus) BetterMarkit

bradrice76 · Nov 28, 2014

I somehow got this adware program (BetterMarkit) stuck on my computer. It isn't anything but an annoyance, but trying to just read a story or mouse of a picture it's a HUGE one. I've read the short explanations on other pages on how to remove - I followed these instructions which included:

1. removing the actual program in Programs and Features (first removal still left the name (removed icon). Second removal stated it couldn't be found and removed it from list of programs.

2. Opened up Explorer and went to Programs and Manage Addons - program was not found but I did disable everything but Flash and Windows Media Player.

3. Explorer - Internet Options - Advanced - Reset - checked box reset personal options and reset it. (the first processed failed (with an X) not able to figure out why failed - link goes to a page that doesn't really explain why). The next 3 processes here were successful.

------------------------------------------------------------------------------------

I came across someone who it seemed had a similar problem with a "Re-Markit" and presumed (probably incorrectly) it may require the same steps here for anyone to help me. If not sorry for the waste of space -

Instructions I followed were from - http://www.computerforum.com/228391-re-markit-cant-get-rid-thing.html

1. # AdwCleaner v4.102 - Report created 28/11/2014 at 10:39:36
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Brad Rice - DESKTOP
# Running from : C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCache\IE\5AE61J4E\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\LinkSwift
Folder Deleted : C:\WINDOWS\SysWOW64\AI_RecycleBin
Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Application Updater
Folder Deleted : C:\Users\Brad Rice\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Brad Rice\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Brad Rice\AppData\Roaming\Mozilla\Firefox\Profiles\2w91t0s7.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\END
File Deleted : C:\Users\Brad Rice\AppData\Roaming\Mozilla\Firefox\Profiles\2w91t0s7.default\user.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : HKLM\SOFTWARE\Classes\.bgl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\AppDataLow\Software\BetterMarkIt
Key Deleted : HKLM\SOFTWARE\GlobalUpdate

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v26.0 (en-US)

[2w91t0s7.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Search The Web");
[2w91t0s7.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Search The Web");

*************************

AdwCleaner[R0].txt - [4636 octets] - [28/11/2014 10:36:51]
AdwCleaner[S0].txt - [4509 octets] - [28/11/2014 10:39:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4569 octets] ##########

----------------------------------------------------------------------------------------

2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 8.1 x64
Ran by Brad Rice on Fri 11/28/2014 at 10:45:18.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/28/2014 at 10:46:55.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

3. Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/28/2014
Scan Time: 10:48:56 AM
Logfile: Malware Log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.28.04
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Brad Rice

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368919
Time Elapsed: 7 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

4. OTL logfile created on: 11/28/2014 10:58:40 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCache\IE\20D0YU0X
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17416)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.87 Gb Total Physical Memory | 6.36 Gb Available Physical Memory | 80.83% Memory free
81.11 Gb Paging File | 79.61 Gb Available in Paging File | 98.15% Paging File free
Paging file location(s): c:\pagefile.sys 75000 75000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.10 Gb Total Space | 88.74 Gb Free Space | 9.71% Space Free | Partition Type: NTFS
Drive E: | 653.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.84 Gb Total Space | 0.49 Gb Free Space | 26.95% Space Free | Partition Type: FAT

Computer Name: DESKTOP | User Name: Brad Rice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCache\IE\20D0YU0X\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe (Razer Inc.)
PRC - C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe (Razer Inc.)
PRC - C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe ()
PRC - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\7159bb28e23de8ed898a2acb1dbfef6c\System.ServiceModel.Internals.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1c09d6db83322a23a1744d75c4836f85\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\43edd630a9f8cd6ac38c527b106ec94f\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\6281ab590224520bad7c4f5b3ef37575\System.Xaml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\70c6bf4a51d18b4a9a1805cd48d1caad\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\055a9f703a30ece9cce1f6a130a296b5\System.ServiceModel.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ab763e7f2c7532e9fe8f587995105156\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8efdc7a3726640f79d9333da88accaf8\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\00fc7d14bbb38db00e4103912c041adf\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\eb62bc6e97d1d2aafbf3a101d7f029e1\PresentationFramework.Aero2.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\377e9afc870e7d53922fbcfd6023b2f7\PresentationFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1799dc618cfa61adb75b82311884c3d\PresentationCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\b8e2e79f70d09551560548cda72e2c51\WindowsBase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\483443985708dc5439abe7fd6350abe4\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1c5fe4cb68f67046baec4c3a854f722f\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (OutfoxTvService) -- C:\Program Files\OutfoxTV\OutfoxTvService.exe File not found
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe (McAfee, Inc.)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BRSptStub) -- C:\ProgramData\BitRaider\BRSptStub.exe (BitRaider, LLC)
SRV - (ArcService) -- C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe (Perfect World Entertainment Inc)
SRV - (RzWizardService) -- C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe (Razer Inc.)
SRV - (PrintNotify) -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe (Qualcomm Atheros Commnucations)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (NAUpdate) -- c:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (webinstrH) -- C:\Windows\SysNative\drivers\webinstrH.sys (Corsica)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (SCDEmu) -- C:\WINDOWS\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Qualcomm Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Qualcomm Atheros)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c63x64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (BRDriver64_1_3_3_E02B25FC) -- C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys (BitRaider)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4AEA64AF-5DA5-48E7-9D86-151EC55A5A39}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{4AEA64AF-5DA5-48E7-9D86-151EC55A5A39}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {4AEA64AF-5DA5-48E7-9D86-151EC55A5A39}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4AEA64AF-5DA5-48E7-9D86-151EC55A5A39}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 85 F8 99 A1 1F 0B D0 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FC555378-24E8-38BC-E367-AC341D736C1C}: C:\Program Files (x86)\ver0BetterMarkIt\184.xpi

[2013/08/11 09:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad Rice\AppData\Roaming\Mozilla\Extensions
[2014/11/28 10:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brad Rice\AppData\Roaming\Mozilla\Firefox\Profiles\2w91t0s7.default\extensions
[2014/08/09 08:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/01/18 02:14:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2W91T0S7.DEFAULT\EXTENSIONS\{607B689F-7600-45E4-B8E5-887F72DAB15C}
File not found (No name found) -- C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2W91T0S7.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2013/08/22 08:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ArcPluginIEBHO Class) - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Arc] C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe (Perfect World Entertainment)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [RzWizard] C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe (Razer Inc.)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0414c] C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe ()
O4 - HKCU..\Run: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted File not found
O4 - Startup: C:\Users\Brad Rice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk = C:\Users\Brad Rice\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SafeModeBlockNonAdmins = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{924B6229-2AA2-4BA6-850D-ED7ACE203FE9}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/24 20:15:56 | 000,921,600 | R--- | M] (Quarium, Inc.) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/10/24 20:15:56 | 000,000,053 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6abe57e4-9628-11e3-bf48-24fd523b0f48}\Shell - "" = AutoRun
O33 - MountPoints2\{6abe57e4-9628-11e3-bf48-24fd523b0f48}\Shell\AutoRun\command - "" = "G:\AutoRun.exe"
O33 - MountPoints2\{f48989f7-af8a-11e2-be6a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f48989f7-af8a-11e2-be6a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2002/10/24 20:15:56 | 000,921,600 | R--- | M] (Quarium, Inc.)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = "D:\Autorun.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/11/28 10:45:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/11/28 10:38:06 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\Desktop\New folder (3)
[2014/11/28 10:36:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/26 09:19:10 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\Documents\Heroes of the Storm
[2014/11/26 09:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
[2014/11/26 08:42:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heroes of the Storm
[2014/11/26 07:15:17 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\Desktop\movies want
[2014/11/26 02:16:52 | 000,064,232 | ---- | C] (Corsica) -- C:\WINDOWS\SysNative\drivers\webinstrH.sys
[2014/11/24 21:01:36 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\Desktop\New folder
[2014/11/23 02:30:35 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\Documents\Star Wars - The Old Republic
[2014/11/23 02:29:02 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\Documents\HeroBlade Logs
[2014/11/23 01:33:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BitRaider
[2014/11/23 01:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\BitRaider
[2014/11/23 01:33:04 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\AppData\Local\SWTORPerf
[2014/11/23 01:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2014/11/23 01:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2014/11/22 23:53:56 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\AppData\Local\TERA
[2014/11/22 20:47:36 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\Documents\RIFT
[2014/11/22 20:47:36 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\AppData\Roaming\RIFT
[2014/11/22 19:36:00 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\AppData\Local\Glyph
[2014/11/22 19:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Glyph
[2014/11/22 19:35:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glyph
[2014/11/22 19:21:37 | 000,000,000 | -H-D | C] -- C:\ArcTemp
[2014/11/22 19:21:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Arc
[2014/11/22 18:44:46 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\AppData\Roaming\Arc
[2014/11/22 18:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2014/11/22 18:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perfect World Entertainment
[2014/11/22 18:22:11 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\AppData\Local\Funcom
[2014/11/22 18:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\media center programs
[2014/11/22 18:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funcom
[2014/11/22 08:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/11/22 07:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\GFACE
[2014/11/22 07:50:18 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\AppData\Local\wf-launcher
[2014/11/22 07:49:31 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warface Launcher
[2014/11/22 07:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crytek
[2014/11/22 06:01:31 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\AppData\Local\Ubisoft
[2014/11/22 06:01:14 | 000,000,000 | -HSD | C] -- C:\Users\Brad Rice\wc
[2014/11/22 06:01:10 | 000,000,000 | -HSD | C] -- C:\Users\Brad Rice\AppData\Roaming\wyUpdate AU
[2014/11/22 06:01:06 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duel of Champions Launcher
[2014/11/22 06:01:05 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\AppData\Roaming\Ubisoft
[2014/11/22 04:23:23 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud
[2014/11/22 04:23:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HappyCloud
[2014/11/20 00:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Angels
[2014/11/20 00:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\League of Angels
[2014/11/18 01:11:21 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\AppData\Roaming\11bitstudios
[2014/11/18 01:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\This War of Mine
[2014/11/18 01:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\This War of Mine
[2014/11/13 01:41:35 | 000,000,000 | -HSD | C] -- C:\Users\Brad Rice\AppData\Local\EmieBrowserModeList
[2014/11/05 17:54:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\directx
[2014/11/05 17:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto San Andreas + MultiPlayer [0.3e]
[2014/11/05 17:51:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grand Theft Auto San Andreas + MultiPlayer [0.3e]
[2014/11/05 17:13:58 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\Documents\Square Enix
[2014/11/05 17:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
[2014/11/05 17:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Final Fantasy VII
[2014/11/05 16:54:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tiger Woods
[2014/11/04 15:24:57 | 000,118,832 | ---- | C] (MicroQuill Software Publishing, Inc.) -- C:\WINDOWS\SysWow64\SHW32.DLL
[2014/11/04 00:43:44 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\Documents\GTA Vice City User Files
[2014/11/04 00:34:52 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2014/11/04 00:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2014/11/04 00:34:52 | 000,000,000 | ---D | C] -- C:\Users\Brad Rice\AppData\Roaming\InstallShield Installation Information
[2014/11/04 00:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/11/28 10:48:24 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/28 10:47:00 | 000,863,592 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/11/28 10:47:00 | 000,730,408 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/11/28 10:47:00 | 000,135,520 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/11/28 10:42:30 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/11/28 10:40:46 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_0414c_rmv.job
[2014/11/28 10:40:45 | 000,001,716 | ---- | M] () -- C:\WINDOWS\tasks\WOOFYCO.job
[2014/11/28 10:40:45 | 000,001,362 | ---- | M] () -- C:\WINDOWS\tasks\CJ.job
[2014/11/28 10:40:45 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_0414c_rel.job
[2014/11/28 10:40:28 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/11/28 10:40:25 | 2467,659,775 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/28 10:02:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/11/27 01:17:11 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/26 21:05:16 | 000,002,035 | ---- | M] () -- C:\WINDOWS\patsearch.bin
[2014/11/26 09:17:42 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of the Storm.lnk
[2014/11/26 02:16:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_webinstrH_01009.Wdf
[2014/11/26 02:16:37 | 000,064,232 | ---- | M] (Corsica) -- C:\WINDOWS\SysNative\drivers\webinstrH.sys
[2014/11/22 18:44:34 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Arc.lnk
[2014/11/22 07:53:50 | 000,001,119 | ---- | M] () -- C:\Users\Brad Rice\Desktop\Duel of Champions Launcher.lnk
[2014/11/22 07:49:32 | 000,001,936 | ---- | M] () -- C:\Users\Brad Rice\Desktop\Warface Launcher.lnk
[2014/11/18 01:11:14 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\This War of Mine.lnk
[2014/11/12 22:26:05 | 000,337,808 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/11/05 18:04:10 | 000,001,305 | ---- | M] () -- C:\Users\Brad Rice\Desktop\gta_sa - Shortcut.lnk
[2014/11/05 17:09:11 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Final Fantasy VII.lnk
[2014/11/05 16:22:57 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires II HD.lnk
[2014/11/04 00:37:43 | 000,001,317 | ---- | M] () -- C:\Users\Brad Rice\Desktop\gta-vc - Shortcut.lnk
[2014/10/31 12:00:54 | 000,071,078 | ---- | M] () -- C:\Users\Brad Rice\Documents\cc_20141031_130040.reg
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/11/26 09:17:42 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of the Storm.lnk
[2014/11/26 02:16:52 | 000,002,035 | ---- | C] () -- C:\WINDOWS\patsearch.bin
[2014/11/26 02:16:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_webinstrH_01009.Wdf
[2014/11/26 02:14:00 | 000,001,362 | ---- | C] () -- C:\WINDOWS\tasks\CJ.job
[2014/11/26 02:13:42 | 000,001,716 | ---- | C] () -- C:\WINDOWS\tasks\WOOFYCO.job
[2014/11/22 18:44:34 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Arc.lnk
[2014/11/22 07:49:32 | 000,001,936 | ---- | C] () -- C:\Users\Brad Rice\Desktop\Warface Launcher.lnk
[2014/11/22 06:01:06 | 000,001,119 | ---- | C] () -- C:\Users\Brad Rice\Desktop\Duel of Champions Launcher.lnk
[2014/11/18 01:11:14 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\This War of Mine.lnk
[2014/11/12 05:15:39 | 000,389,176 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/11/05 18:04:10 | 000,001,305 | ---- | C] () -- C:\Users\Brad Rice\Desktop\gta_sa - Shortcut.lnk
[2014/11/05 17:09:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Final Fantasy VII.lnk
[2014/11/05 16:22:57 | 000,000,888 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Age of Empires II HD.lnk
[2014/11/05 16:22:57 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires II HD.lnk
[2014/11/04 00:37:43 | 000,001,317 | ---- | C] () -- C:\Users\Brad Rice\Desktop\gta-vc - Shortcut.lnk
[2014/10/31 12:00:45 | 000,071,078 | ---- | C] () -- C:\Users\Brad Rice\Documents\cc_20141031_130040.reg
[2014/09/01 03:18:44 | 000,002,086 | ---- | C] () -- C:\Users\Brad Rice\AppData\Roaming\CJ
[2014/09/01 03:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Brad Rice\AppData\Roaming\WOOFYCO
[2014/06/23 00:13:48 | 000,000,017 | ---- | C] () -- C:\Users\Brad Rice\AppData\Local\resmon.resmoncfg
[2014/05/28 00:56:35 | 000,000,048 | ---- | C] () -- C:\Users\Brad Rice\jagex_cl_runescape_LIVE.dat
[2014/05/28 00:56:35 | 000,000,024 | ---- | C] () -- C:\Users\Brad Rice\random.dat
[2014/05/09 09:50:14 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2014/05/05 11:21:45 | 000,597,244 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng700.bin
[2014/05/05 11:21:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014/05/05 11:21:41 | 000,755,048 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng700.bin
[2014/04/29 01:31:52 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/03/18 04:35:49 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/12/10 11:33:12 | 000,000,866 | RHS- | C] () -- C:\Users\Brad Rice\ntuser.pol
[2013/10/03 23:42:46 | 000,343,040 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/10/03 23:42:38 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/08/24 00:28:36 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2014/02/01 17:16:22 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/30 19:15:33 | 021,197,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/30 17:59:13 | 018,723,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/04/05 21:24:08 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\.minecraft
[2014/11/18 01:11:21 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\11bitstudios
[2014/11/22 19:21:36 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\Arc
[2014/07/28 13:13:27 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\Awesomium
[2014/11/27 01:13:49 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\Azureus
[2014/07/23 19:24:40 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\Battle.net
[2014/05/10 12:50:15 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\ConverterLite
[2014/06/27 01:06:34 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\Curse
[2014/10/14 21:16:07 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\Curse Client
[2014/03/10 08:49:29 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\Hoyle
[2014/03/10 08:49:29 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\Hoyle FaceCreator
[2014/05/28 01:33:53 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\LolClient
[2014/03/27 08:24:22 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\MediaPlayerLite
[2014/02/26 05:50:36 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\PlayFirst
[2014/02/08 02:54:10 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\PowerISO
[2013/09/25 17:53:02 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\raidcall
[2014/11/22 20:54:55 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\RIFT
[2014/05/28 00:21:31 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\Riot Games
[2014/02/01 23:34:28 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\The Creative Assembly
[2014/05/30 23:42:52 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\TS3Client
[2014/11/22 06:01:05 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\Ubisoft
[2013/08/08 09:51:03 | 000,000,000 | ---D | M] -- C:\Users\Brad Rice\AppData\Roaming\WildTangent
[2014/11/22 06:01:10 | 000,000,000 | -HSD | M] -- C:\Users\Brad Rice\AppData\Roaming\wyUpdate AU

========== Purity Check ==========

< End of report >

--------------------------------------------------------------------------------------

Thanks for any help anyone can give me. Happy Holidays.

johnb35 · Nov 28, 2014

After running those scans is there any difference? I would like to see an uninstall list as you have some programs that shouldn't be installed. Download and run Ccleaner.

https://www.piriform.com/ccleaner/download/standard

Install, open and click on run program. Then click on tools on the left, click on uninstall, click on save to text file and save it. Open that file and then copy and paste that back here.

bradrice76 · Nov 28, 2014

Thanks!!

Didn't expect a reply so fast!

Yeah I'm thinking I do have extra programs too I had recently installed probably 4 or 5 free to play games (probably where this got installed, but I was very careful to install only the games and not suggested addons).

7-Zip 9.20 (x64 edition) Igor Pavlov 9/21/2013 4.53 MB 9.20.00.0
Adobe Flash Player 15 Plugin Adobe Systems Incorporated 11/25/2014 6.00 MB 15.0.0.239
Age of Conan: Unchained Funcom 11/22/2014
Age of Empires II HD (c) Microsoft Studios version 1 11/5/2014 1.33 GB 1
Age of Empires III - The Asian Dynasties Microsoft Game Studios 2/1/2014 851 MB 1.00.0000
Age of Empires III - The WarChiefs Microsoft Game Studios 2/1/2014 800 MB 1.00.0000
Apple Application Support Apple Inc. 9/1/2013 66.3 MB 2.3.4
Apple Software Update Apple Inc. 9/1/2013 2.38 MB 2.1.3.127
Battle.net Blizzard Entertainment 12/10/2013
Cabelas Dangerous Hunts 2013 2/26/2014
CCleaner Piriform 5/7/2014 4.13
ConverterLite 1.6.3 ConverterLite 12/10/2013 1.6.3
Curse Curse 10/3/2014 58.0 MB 6.0.0.0
CWA Reminder by We-Care.com v4.1.22.3 We-Care.com 8/11/2013 4.83 MB 4.1.22.3
CyberLink MediaEspresso 6.5 CyberLink Corp. 2/28/2013 167 MB 6.5.3318_45364
CyberLink PowerDVD 12 CyberLink Corp. 4/27/2013 222 MB 12.0.2531.57
Diablo II Blizzard Entertainment 2/25/2014
Duel of Champions Ubisoft 11/22/2014 3.74 MB
eBay Worldwide OEM 8/7/2013 352 KB 2.4.0105
Game Channels WildTangent, Inc. 12/10/2013 8.1.0.17
Gateway Power Management Gateway Incorporated 4/27/2013 13.7 MB 7.00.3012
Gateway Power Management Gateway Incorporated 4/27/2013 7.00.3012
Gateway Recovery Management Gateway Incorporated 4/27/2013 9.96 MB 6.00.3016
Grand Theft Auto Vice City 11/4/2014 1.00.000
Happy Cloud Client Happy Cloud, Inc. 11/22/2014 20.7 MB 4.54
Hearthstone Blizzard Entertainment 5/8/2014
Heroes of the Storm Blizzard Entertainment 11/26/2014
Hotkey Utility Gateway Incorporated 4/27/2013 2.36 MB 3.00.3004
Hotkey Utility Gateway Incorporated 4/27/2013 3.00.3004
Identity Card Gateway Incorporated 2/28/2013 1.83 MB 2.00.3004
Intel(R) Control Center Intel Corporation 4/27/2013 1.2.1.1008
Intel(R) Management Engine Components Intel Corporation 4/27/2013 8.1.0.1281
Intel(R) Network Connections Drivers Intel 12/10/2013 916 KB 17.2
Intel(R) Processor Graphics Intel Corporation 5/5/2014 9.17.10.2792
Intel(R) Processor ID Utility Intel(R) Corporation 8/10/2013 4.85 MB 4.70.0000
Intel(R) Rapid Storage Technology Intel Corporation 9/2/2014 11.5.4.1001
Intel(R) SDK for OpenCL - CPU Only Runtime Package Intel Corporation 5/5/2014 2.0.0.37149
Java 7 Update 67 Oracle 8/28/2014 118 MB 7.0.670
Latency Optimizer FREE VERSION Badosoft 5/6/2014 7.43 MB 3.1.20
League of Angels version 2.1.1 YOUZU Games Hongkong Limited 11/20/2014 1.49 MB 2.1.1
League of Legends Riot Games 7/23/2014 3.0.0
LeapFrog Connect LeapFrog 12/10/2013 5.2.1.18456
Live Updater Gateway Incorporated 2/28/2013 3.45 MB 2.00.3007
Malwarebytes Anti-Malware version 2.0.3.1025 Malwarebytes Corporation 11/27/2014 56.7 MB 2.0.3.1025
McAfee Security Scan Plus McAfee, Inc. 12/10/2013 10.2 MB 3.8.130.10
Medal of Honor Allied Assault 12/10/2013
Medal of Honor Allied Assault(tm) Spearhead 12/10/2013
Medal of Honor Allied Assault(tm) Spearhead 8/16/2013
Medal of Honor Allied Assault(tm) Spearhead Patch 2.15 12/10/2013
MediaPlayerLite 0.5.1.0 MediaPlayerLite 3/27/2014 0.5.1.0
Microsoft Office Microsoft Corporation 4/27/2013 296 MB 15.0.4454.1510
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 9/17/2014 3.22 MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 5/28/2014 6.88 MB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 4/27/2013 12.4 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 2/28/2013 13.1 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 10/14/2014 13.2 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 4/27/2013 9.63 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 2/28/2013 10.1 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 10/14/2014 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 4/27/2013 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 4/27/2013 15.0 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 11/22/2014 17.3 MB 11.0.61030.0
Mozilla Firefox 26.0 (x86 en-US) Mozilla 1/18/2014 50.1 MB 26.0
Mozilla Maintenance Service Mozilla 1/18/2014 221 KB 26.0
Need for Speed™ Most Wanted 12/10/2013
Nero BackItUp 12 Essentials OEM.a01 Nero AG 2/28/2013 188 MB 12.5.00500
Original Arcade Games B00 4/4/2014 0.97
PowerISO Power Software Ltd 2/8/2014 5.8
Qualcomm Atheros WLAN and Bluetooth Client Installation Program Qualcomm Atheros 4/27/2013 11.31
QuickTime Apple Inc. 9/1/2013 74.6 MB 7.74.80.86
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 12/10/2013 6.0.1.6680
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 4/27/2013 6.2.8400.30137
Recovery Management Gateway Incorporated 4/27/2013 9.96 MB 6.00.3016
Skype™ 6.14 Skype Technologies S.A. 3/15/2014 25.1 MB 6.14.104
Subway Surfers 1.0 Cat-A-Cat 2/1/2014 59.9 MB 1.0
System Requirements Lab for Intel Husdawg, LLC 5/5/2014 1.12 MB 4.5.22.0
This War of Mine 11 bit studios 11/18/2014 749 MB 1
Ventrilo Client for Windows x64 Flagship Industries, Inc. 8/24/2013 6.66 MB 3.0.8.0
Vuze Azureus Software, Inc. 12/10/2013 5.1.0.0
Warface Launcher (Beta) Crytek GmbH 11/22/2014 60.9 MB 1.0.0
WildTangent Games WildTangent 12/10/2013 1.0.4.0
WinZip 17.5 WinZip Computing, S.L. 8/16/2013 145 MB 17.5.10562
World of Warcraft Blizzard Entertainment 5/8/2014
Yahoo! Toolbar Yahoo! Inc. 3/27/2014

bradrice76 · Nov 28, 2014

Forgot to mention there was absolutely no change from the first 4 scans/cleanups -- ads are still partying like it's 1999 on every web page.

johnb35 · Nov 28, 2014

Uninstall the following programs.

McAfee Security Scan Plus
Latency Optimizer

What web browser do you use? IE or Firefox?

bradrice76 · Nov 29, 2014

I use IE but I've had IE go out permanently on me before (rendering me unable to download from the Internet) so I installed the other just for safety.

Took both McAfee and Latency Opt. off.

Also, I got to thinking no big deal if I can just use Firefox it's not that serious.... when I opened it up (never opened it before since I installed it) it was infected with this. Strangely to me, when I uninstalled Firefox (did not keep any settings // deleted everything) then reinstalled from scratch it was still there... this thing is nasty....

Agent Smith · Nov 29, 2014

Try Hijackthis and upload the log file here. http://www.hijackthis.de/en

Autoruns can point to what is starting up and revo uninstaller could help too. Use Advanced mode. You could also try Adwcleaner.

bradrice76 · Nov 29, 2014

HijackThis

Can't seem to find any working link for HijackThis. The link you posts goes to a page that doesn't actually contain the program but allows you to "click to run" the program.

Maybe it is working I'm really confused, all it says is this below the blank entry area after you click "analyze." Nothing else happens but this firewall message.
It says the program is made by Trend Micro but it doesn't appear in their download page at http://downloadcenter.trendmicro.com/ so not sure what to do or where to go, most the sites look like the kind of sites where this addware came from.

Only message shown

We couldn't detect any active process of a firewall on your system. Possible reasons:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don't use any firewall at all.
We recommend you to use a firewall. Download and install one or activate windows xp´s own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum.

bradrice76 · Nov 29, 2014

Ran AdwCleaner 3x. When it runs it goes through the entire blue analyze bar to 100% then gives the message "Pending please remove the elements you don't want. Problem is there is nothing readable in any of the tabs below this except under folders/path there is a box with C:\Users\Brad Rice\AppData\Local\Crashrpt. I'm hesitant to continue here that doesn't seem right.

johnb35 · Nov 30, 2014

Please download and run Roguekiller

Open Roguekiller and it will do a prescan of your system. Wait for it to finish and then press scan. When its done, press the report button and copy and paste everything back here.

Also at this point, please do the following.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.

bradrice76 · Nov 30, 2014

RogueKiller V10.0.8.0 [Nov 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Brad Rice [Administrator]
Mode : Scan -- Date : 11/30/2014 00:14:07

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRDriver64_1_3_3_E02B25FC (\??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRDriver64_1_3_3_E02B25FC (\??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1146064348-151311110-3345518273-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1146064348-151311110-3345518273-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com/ -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 4 ¤¤¤
[Suspicious.Path] CJ.job -- C:\Users\Brad Rice\AppData\Roaming\CJ.exe (/infocmdline=EsxAxIsA6CHqXnEY9nzXqmblNX8aH473SkZ2nvX1zKyak4XhLq+yvlyywVvZNzNcDN9TC5rotkxHyEXJy0SikrhVNRZI29fnQ05n1OeA5uCb3b02eppDEwYyxoJecvzMm3tERMCwvHwvQHE3LSbfkeXcOEowReYgTkSZlrsqtDsOmagFayL08fdUEIIkTnbnFlT3bPpNMoCjDuLL+LZtpJZ6vV25jN9HYFxFn/n5418k03MY1Yu37XdjKzpi7yIqfW20hXmafwTcf3JTRTi1Dp6loLm5GhRWtaRLKb92xp7Fj8tGZYzGWIZZOxzynIKeK/cy8U6T5a7SRRrqJQE6mXWCqpXekZZWQFQVfofauq4allZ0ntvanh1JSKRXtGOC31QQNkGt2+WjO9pUG2zvM95YubAh0coEJ8veASLdPVFBH4KUtpE5Rp1VaSuWuqnRNl5NMHAHHrI2ynKVwXfp1H44GIBxB2m1HEwlh1fgSPLdrjf3XHOvPEOMoJ2xBvVM) -> Found
[Suspicious.Path] WOOFYCO.job -- C:\Users\Brad Rice\AppData\Roaming\WOOFYCO.exe (/infocmdline=QXJPDeEMOufnQnjg4z+LqY5jE4KmLlYnLzxBrbNgPP92MhLnOLK14InqozP3eK0SV8jm3rKUYBoiSJAIDBbAEhvDYzk66kugoZG13CNKdrerW2/iY86Z1bbVDqR/G03t7PEk+I9MJTRa2o4Fk61QxLrtv6aKTvYphw8S5er0NIB27stYHEWdrHP6hfTN2BKszJUI3xqu9mA/ypV/XxUDAZszeEdY1UzU7SGlHNJZQVx1vn8UfXwE9bYO459UhTeb0p2ndzbP7iABCzq+ISfaiflNARPeAc+UEJmzgxrJpfqDqzK8sZsyXlQ8hqxm2X8o8/Fz6J0W9Ou0oG1UMA6BrjRvPNDU9ZwYs49DNop2mvE0Mj4+o9Fq8R0/P5RpBV3fmqaa2Od4mzcEQ+FWKupSILgs1nMfh2dldg7ErunQQ2AA3w40p2zv8y8e82aO5ld6L4CusxyLgPFtWmXPFXbvSdkto82dNd0CaOweESJL4s3MjPqnPiX6W7DQMG91YvEUqA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=) -> Found
[Suspicious.Path] \\CJ -- C:\Users\Brad Rice\AppData\Roaming\CJ.exe (/infocmdline=EsxAxIsA6CHqXnEY9nzXqmblNX8aH473SkZ2nvX1zKyak4XhLq+yvlyywVvZNzNcDN9TC5rotkxHyEXJy0SikrhVNRZI29fnQ05n1OeA5uCb3b02eppDEwYyxoJecvzMm3tERMCwvHwvQHE3LSbfkeXcOEowReYgTkSZlrsqtDsOmagFayL08fdUEIIkTnbnFlT3bPpNMoCjDuLL+LZtpJZ6vV25jN9HYFxFn/n5418k03MY1Yu37XdjKzpi7yIqfW20hXmafwTcf3JTRTi1Dp6loLm5GhRWtaRLKb92xp7Fj8tGZYzGWIZZOxzynIKeK/cy8U6T5a7SRRrqJQE6mXWCqpXekZZWQFQVfofauq4allZ0ntvanh1JSKRXtGOC31QQNkGt2+WjO9pUG2zvM95YubAh0coEJ8veASLdPVFBH4KUtpE5Rp1VaSuWuqnRNl5NMHAHHrI2ynKVwXfp1H44GIBxB2m1HEwlh1fgSPLdrjf3XHOvPEOMoJ2xBvVM) -> Found
[Suspicious.Path] \\WOOFYCO -- C:\Users\Brad Rice\AppData\Roaming\WOOFYCO.exe (/infocmdline=QXJPDeEMOufnQnjg4z+LqY5jE4KmLlYnLzxBrbNgPP92MhLnOLK14InqozP3eK0SV8jm3rKUYBoiSJAIDBbAEhvDYzk66kugoZG13CNKdrerW2/iY86Z1bbVDqR/G03t7PEk+I9MJTRa2o4Fk61QxLrtv6aKTvYphw8S5er0NIB27stYHEWdrHP6hfTN2BKszJUI3xqu9mA/ypV/XxUDAZszeEdY1UzU7SGlHNJZQVx1vn8UfXwE9bYO459UhTeb0p2ndzbP7iABCzq+ISfaiflNARPeAc+UEJmzgxrJpfqDqzK8sZsyXlQ8hqxm2X8o8/Fz6J0W9Ou0oG1UMA6BrjRvPNDU9ZwYs49DNop2mvE0Mj4+o9Fq8R0/P5RpBV3fmqaa2Od4mzcEQ+FWKupSILgs1nMfh2dldg7ErunQQ2AA3w40p2zv8y8e82aO5ld6L4CusxyLgPFtWmXPFXbvSdkto82dNd0CaOweESJL4s3MjPqnPiX6W7DQMG91YvEUqA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=) -> Found

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] Curse.lnk -- C:\Users\Brad Rice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [LNK@] C:\Users\BRADRI~1\AppData\Roaming\CURSEC~1\Bin\Curse.exe /startup -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 +++++
--- User ---
[MBR] ff31a4196f742fc6899c1c6ea993e162
[BSP] bc7b16c3e9beaf5d1053d6c93c1287c7 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SD Card +++++
--- User ---
[MBR] a6789fb8357399767e19a650ce92fe04
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 137 | Size: 1879 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

bradrice76 · Nov 30, 2014

For the TDSS I did run it as you said the report isn't at the C/ folder but their is a report button up top. Not sure if that is the same... The data is probably 3x bigger than will fit in a reply here so not sure if that's right. It said 0 threats found though.

Agent Smith · Nov 30, 2014

Hijackthis can be downloaded here. http://www.bleepingcomputer.com/download/hijackthis/

When you run it click scan and save log file. Copy the log file here.

Did you try to run Adwcleaner? http://www.bleepingcomputer.com/download/adwcleaner/

bradrice76 · Nov 30, 2014

Agent Smith said:
Hijackthis can be downloaded here. http://www.bleepingcomputer.com/download/hijackthis/

When you run it click scan and save log file. Copy the log file here.

Did you try to run Adwcleaner? http://www.bleepingcomputer.com/download/adwcleaner/

Yes both of those I have posted logs to.

bradrice76 · Nov 30, 2014

Actually looks like HIjackThis was one of the programs I had trouble d/ling. I went back and got it this time, here is the file.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:32:08 AM, on 11/30/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
C:\Program Files (x86)\Battle.net\Battle.net.5293\Battle.net.exe
C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.exe
C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCache\IE\69MIT30L\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [RzWizard] C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0414c] "C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe" /PROMPT /CMPID=0414c
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: OutfoxTvService - Unknown owner - C:\Program Files\OutfoxTV\OutfoxTvService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Razer Wizard Service (RzWizardService) - Razer Inc. - C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9453 bytes

johnb35 · Nov 30, 2014

Agent Smith said:
Hijackthis can be downloaded here. http://www.bleepingcomputer.com/download/hijackthis/

When you run it click scan and save log file. Copy the log file here.

Did you try to run Adwcleaner? http://www.bleepingcomputer.com/download/adwcleaner/

Just so you know, Hijackthis is no longer used in malware removal, its old and outdated and doesn't show lots of information. OTL is the preferred program to use.

Bradrice76,

It seems there is something embedded into the system causing your issue. I want to start by you running a different type of temp file cleaner. Please download TFC and run it.

http://www.bleepingcomputer.com/download/tfc/dl/92/

Open the program and click on start. Should only take a short time to complete since you have already ran Ccleaner hopefully since I told you to earlier.

The next step is to download and run Superantispyware and run it.

http://www.bleepingcomputer.com/download/superantispyware/dl/106/

When installing, click on deny free trial. When it opens click on complete scan. When its done, click on view scan long and copy and paste it back here.

bradrice76 · Dec 1, 2014

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/30/2014 at 11:57 AM

Application Version : 6.0.1164
Database Version : 11634

Scan type : Complete Scan
Total Scan Time : 00:11:39

Operating System Information
Windows 8.1 64-bit (Build 6.03.9200)
UAC On - Limited User

Memory items scanned : 600
Memory threats detected : 0
Registry items scanned : 60702
Registry threats detected : 0
File items scanned : 20505
File threats detected : 130

Adware.Tracking Cookie
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\82APCLJA.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\82APCLJA.txt [ /adlegend.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\GESRAPND.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\GESRAPND.txt [ /revsci.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\H0KL1WXH.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\H0KL1WXH.txt [ /atdmt.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\S1D89X3J.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\S1D89X3J.txt [ /track.adform.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\1L3IUHLP.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\1L3IUHLP.txt [ /smartadserver.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\6925LHV3.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\6925LHV3.txt [ /pro-market.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\9LCS2X5R.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\9LCS2X5R.txt [ /clickprotects.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\LZVY2AYK.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\LZVY2AYK.txt [ /ru4.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\TRYD5GKL.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\TRYD5GKL.txt [ /ad.mlnadvertising.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\KJJWWKVY.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\KJJWWKVY.txt [ /statcounter.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\E14O3ZG1.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\E14O3ZG1.txt [ /ad.360yield.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\901UB44H.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\901UB44H.txt [ /eyeviewads.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\CHSPLGVZ.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\CHSPLGVZ.txt [ /questionmarket.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\M89E0XIZ.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\M89E0XIZ.txt [ /realmedia.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\HIWNY428.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\HIWNY428.txt [ /www.clickhoofind.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\EDJS8T0B.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\EDJS8T0B.txt [ /advertising.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\F4GV9XAI.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\F4GV9XAI.txt [ /ads1.solocpm.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\VVEF5NK3.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\VVEF5NK3.txt [ /imrworldwide.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\CG8RJJ5E.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\CG8RJJ5E.txt [ /serving-sys.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\XJD8JNLF.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\XJD8JNLF.txt [ /bs.serving-sys.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\GIFBNFRD.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\GIFBNFRD.txt [ /at.atwola.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\W3ATLQ55.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\W3ATLQ55.txt [ /mediaplex.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\N2SBPU4F.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\N2SBPU4F.txt [ /casalemedia.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\SIZCMPGY.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\SIZCMPGY.txt [ /adtechus.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Y9D7TXWS.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Y9D7TXWS.txt [ /click.loudgames.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\RI0AB1G8.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\RI0AB1G8.txt [ /pointroll.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\9F3VVNK0.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\9F3VVNK0.txt [ /network.realmedia.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\W74602P0.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\W74602P0.txt [ /tribalfusion.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\PYDV424E.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\PYDV424E.txt [ /bs.serving-sys.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\4KK43L3X.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\4KK43L3X.txt [ /ads.undertone.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\NV0ATSYE.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\NV0ATSYE.txt [ /amazon-adsystem.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\BYQV6282.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\BYQV6282.txt [ /ads.creative-serving.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\ID3X7GL7.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\ID3X7GL7.txt [ /googleads.g.doubleclick.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\CMQTDKN9.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\CMQTDKN9.txt [ /t.pointroll.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\XOJE2Z8Y.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\XOJE2Z8Y.txt [ /in.getclicky.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\T6J5CGR4.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\T6J5CGR4.txt [ /ads.pointroll.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\ZU8SZWS7.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\ZU8SZWS7.txt [ /c2.clickprotects.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\QV7KMKN2.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\QV7KMKN2.txt [ /doubleclick.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\ZWILWZD4.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\ZWILWZD4.txt [ /zenmoney.sitescoutadserver.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\T4K7E3BG.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\T4K7E3BG.txt [ /ads.pubmatic.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\U9BR6YKW.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\U9BR6YKW.txt [ /adform.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\8LYOTZ42.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\8LYOTZ42.txt [ /ads.stickyadstv.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\QIGQZ750.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\QIGQZ750.txt [ /burstnet.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\B4LRLDU8.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\B4LRLDU8.txt [ /interclick.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\J8EJC6WE.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\J8EJC6WE.txt [ /c1.adform.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\DNI1GZ6D.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\DNI1GZ6D.txt [ /adlegend.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\F0PFDF0F.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\F0PFDF0F.txt [ /revsci.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\5IQLWS4L.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\5IQLWS4L.txt [ /atdmt.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\X2ZD54XI.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\X2ZD54XI.txt [ /liveperson.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\5TUJ6628.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\5TUJ6628.txt [ /iluv.clickbooth.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\F2RC1GM6.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\F2RC1GM6.txt [ /maxsecure.revenuewire.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\ZCQDXR2O.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\ZCQDXR2O.txt [ /track.adform.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\34TDU8H9.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\34TDU8H9.txt [ /smartadserver.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\ADOVYT3A.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\ADOVYT3A.txt [ /pro-market.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\71XWHKEB.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\71XWHKEB.txt [ /ru4.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\UVXZTVW4.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\UVXZTVW4.txt [ /ads.ibtracking.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\ADCLY2GD.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\ADCLY2GD.txt [ /webtrackerplus.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\QPW76NME.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\QPW76NME.txt [ /ientry.rotator.hadj1.adjuggler.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\8NNI587U.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\8NNI587U.txt [ /www.burstnet.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\0PTCSVK1.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\0PTCSVK1.txt [ /liveperson.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\YUUMBGIW.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\YUUMBGIW.txt [ /ad.mlnadvertising.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\378SFM6J.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\378SFM6J.txt [ /pornhub.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\I30F6M20.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\I30F6M20.txt [ /statcounter.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\EO3VF4HF.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\EO3VF4HF.txt [ /ad.360yield.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\22FMJJI6.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\22FMJJI6.txt [ /track-link.us ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\NNBPPFVK.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\NNBPPFVK.txt [ /adtech.de ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\M2DNXS9Z.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\M2DNXS9Z.txt [ /eyeviewads.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\6M0QTUVR.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\6M0QTUVR.txt [ /www.googleadservices.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\G6KHXGG9.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\G6KHXGG9.txt [ /questionmarket.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\2NHCCTI3.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\2NHCCTI3.txt [ /realmedia.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\XP66QE5N.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\XP66QE5N.txt [ /www.clickhoofind.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\ARYPE6ES.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\ARYPE6ES.txt [ /advertising.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\O3H5EOJ6.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\O3H5EOJ6.txt [ /imrworldwide.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\39J07QT7.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\39J07QT7.txt [ /adserver2717f6next.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\3NFSLK6S.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\3NFSLK6S.txt [ /serving-sys.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\SA8FHZRY.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\SA8FHZRY.txt [ /bs.serving-sys.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\FBBYJ1IB.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\FBBYJ1IB.txt [ /at.atwola.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\XIZB6WS3.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\XIZB6WS3.txt [ /ads2.zeusclicks.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\B57L7UYY.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\B57L7UYY.txt [ /adjuggler.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\1YPYO6RG.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\1YPYO6RG.txt [ /server.cpmstar.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\GR49SGAU.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\GR49SGAU.txt [ /mediaplex.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\NWJ53C9C.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\NWJ53C9C.txt [ /t.afftrackr.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\RG1NCDGE.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\RG1NCDGE.txt [ /casalemedia.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\3ILDPDMI.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\3ILDPDMI.txt [ /advpixeltrack.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\UZO3C4JM.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\UZO3C4JM.txt [ /adtechus.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\431T082X.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\431T082X.txt [ /ads.altitude-arena.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\P87AORDT.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\P87AORDT.txt [ /click.loudgames.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\FHM45I20.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\FHM45I20.txt [ /commission-junction.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\JLJLP1OA.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\JLJLP1OA.txt [ /exoclick.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\FE515JDG.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\FE515JDG.txt [ /ads.vm-corporate.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\CEGHUFOQ.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\CEGHUFOQ.txt [ /tribalfusion.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\V6MP8YP7.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\V6MP8YP7.txt [ /bs.serving-sys.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\B88KPC6P.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\B88KPC6P.txt [ /ads.undertone.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\2UQ0YUNK.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\2UQ0YUNK.txt [ /amazon-adsystem.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\MK50M4GG.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\MK50M4GG.txt [ /ads.creative-serving.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\YRQY53CW.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\YRQY53CW.txt [ /syndication1.traffichaus.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\5AVRIV19.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\5AVRIV19.txt [ /ads.pointroll.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\OCNGKPCT.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\OCNGKPCT.txt [ /ads.p161.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\2UR512MN.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\2UR512MN.txt [ /fastclick.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\SRIKY1R6.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\SRIKY1R6.txt [ /kontera.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\S3R7JUB2.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\S3R7JUB2.txt [ /bizrate.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\WAHSJT08.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\WAHSJT08.txt [ /doubleclick.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\J5Y36365.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\J5Y36365.txt [ /yadro.ru ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\0JOZGSYF.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\0JOZGSYF.txt [ /ads.pubmatic.com ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\DEDYWQXM.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\DEDYWQXM.txt [ /adform.net ]
C:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\EJSIL32N.txtC:\Users\Brad Rice\AppData\Local\Microsoft\Windows\INetCookies\Low\EJSIL32N.txt [ /ads.stickyadstv.com ]
.doubleclick.net [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.zenmoney.sitescoutadserver.com [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
stat.komoona.com [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.ad.mlnadvertising.com [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
c1.adform.net [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.eyeviewads.com [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\BRAD RICE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R6VVW4OS.DEFAULT\COOKIES.SQLITE ]

============
End of Log
============

johnb35 · Dec 1, 2014

Is the superantispyware window still open? If so, click on continue so it deletes those cookies. At this point, try resetting IE again by going into internet options and click on the advanced tab and click on both reset buttons again to see if it completes without errors. I would suggest using a different browser besides IE anyway as its a malware magnet. Pale Moon, Chrome or Firefox would be your alternatives.

Agent Smith · Dec 1, 2014

You can also try Freefixer. http://www.freefixer.com/

bradrice76 · Dec 1, 2014

johnb35 said:
Is the superantispyware window still open? If so, click on continue so it deletes those cookies. At this point, try resetting IE again by going into internet options and click on the advanced tab and click on both reset buttons again to see if it completes without errors. I would suggest using a different browser besides IE anyway as its a malware magnet. Pale Moon, Chrome or Firefox would be your alternatives.

I did delete the cookies. I reset the 2 options in IE and everything showed checkmarked as successful. Didn't remove the adware though. I did try to install chrome but it was the same thing as Firefox, it too has this adware (even though I never opened or used either previously.

Need help with unremovable adware (not virus) BetterMarkit

New Member

Administrator

New Member

New Member

Administrator

New Member

Well-Known Member

New Member

New Member

Administrator

New Member

New Member

Well-Known Member

New Member

New Member

Administrator

New Member

Administrator

Well-Known Member

New Member