# Solved: "Unsupported 16-Bit Application" Pop-Up dialog that won't go away...



## djstormx1981 (Feb 28, 2015)

Hello Tech Support People! I am in need of some help...

Within the last week I have started getting a pop-up dialog that keeps on coming up. It says:

Unsupported 16-bit Application
The program or feature "\??\C:\Users\***\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe" cannot start or run due to incompatibility with 64-bit versions of Windows. Please contact the software vendor to ask if a 64-bit Windows compatible version is available.










I don't know what has changed since before I started getting this message, other than I bought and downloaded a game, but it might be something I overlooked. I do know that I've noticed a pretty noticeable performance drop since it started popping up. Here's my system info from SysInfo:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 16365 Mb
Graphics Card: NVIDIA GeForce GTX 760, -2048 Mb
Hard Drives: C: Total - 114369 MB, Free - 3377 MB; D: Total - 99 MB, Free - 68 MB; E: Total - 476937 MB, Free - 141410 MB; F: Total - 953859 MB, Free - 41852 MB; H: Total - 953866 MB, Free - 78207 MB;
Motherboard: BIOSTAR Group, TP67XE
Antivirus: Microsoft Security Essentials, Updated and Enabled

And here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:33:46 AM, on 2/28/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)

Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\Joe\AppData\Roaming\Yandex\YandexDisk\wow64\YandexDiskStarter.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Joe\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Update\36.0.0.8667\TorchUpdate.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Joe\Downloads\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=T...ype=ds&q={searchTerms}&installDate=13/11/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=T...ype=ds&q={searchTerms}&installDate=13/11/2013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - H:\Program Files (x86)\Adobe CS 5.5\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ArcPluginIEBHO - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - H:\Program Files (x86)\Adobe CS 5.5\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [BrowserAppCoreService] C:\Users\Joe\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe "C:\Users\Joe\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe" "restart"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
O4 - HKLM\..\Run: [SFAUpdater] "C:\Program Files (x86)\Smart File Advisor\SFAUpdater.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [SlimCleaner Plus] "C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe" /minimize
O4 - HKCU\..\Run: [SyncManPath] "C:\Users\Joe\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe" -autostart
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: run_cgminer_startup.bat
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: RealPlayer Cloud Service UI.lnk = C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
O8 - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\Microsoft Office\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Show avast! EasyPass Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CF546E6-DB91-416B-9579-2823EDCD61F8}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{792287B7-6478-4F94-B804-BD24ABF6B69D}: NameServer = 68.105.28.11,68.105.29.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Arc Service (ArcService) - Perfect World Entertainment Inc - C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) - Alcohol Soft Development Team - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptSvc.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark - C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: COMODO IceDragon Update Service (IceDragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - H:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Overwolf Updater Service (OverwolfUpdaterService) - Overwolf - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Torch Crash Handler (TorchCrashHandler) - TorchMedia Inc. - C:\Users\Joe\AppData\Local\Torch\Update\TorchCrashHandler.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 24203 bytes

I'm a bit of a dunce when it comes to reading all of this and figuring out what it says about my system. I'm more of a hardware guy. Any and all help would be greatly appreciated. Thanks a million!


----------



## blues_harp28 (Jan 9, 2005)

Hi, first do the following.
Download AdwCleaner by Xplode to your desktop.
http://www.bleepingcomputer.com/download/adwcleaner/
Click on the *Download Now @BleepingComputer * button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close any browsers that may be open - double click on the ADWCleaner icon on your desktop
Click on the *Scan* button.
Let it scan your Pc - when that is done click on the *Logfile* button.
The report will appear on your desktop - Copy and Paste it into your next post.
======
Download Security Check by screen317 from.
http://screen317.spywareinfoforum.org/
Or
http://www.bleepingcomputer.com/download/securitycheck/

Save it to your Desktop.
Double click the install icon.
If using Vista - Win 7 - right click the install icon and select "Run as Administrator"
A command Prompt window will open.
Let it scan the Pc - press any key when asked.
It should now open in Notepad.
Copy and Paste the result of the scan in the reply box below.


----------



## flavallee (May 12, 2002)

> I've noticed a pretty noticeable performance drop


Between your computing practices and the massive number of running processes in your computer, that doesn't surprise me.

----------------------------------------------------------


----------



## djstormx1981 (Feb 28, 2015)

flavallee said:


> Between your computing practices and the massive number of running processes in your computer, that doesn't surprise me.
> 
> ----------------------------------------------------------


What exactly do you mean by my "computing practices"?

And here are the log files as requested:

# AdwCleaner v4.111 - Logfile created 28/02/2015 at 15:53:19
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Joe - JOE-PC
# Running from : C:\Users\Joe\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : torchcrashhandler
Service Found : YahooAUService

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
File Found : C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
File Found : C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Found : C:\Program Files (x86)\tiny media player
Folder Found : C:\Program Files (x86)\w3i
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tiny media player
Folder Found : C:\ProgramData\torchcrashhandler
Folder Found : C:\ProgramData\w3i
Folder Found : C:\ProgramData\Yahoo! Companion
Folder Found : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Folder Found : C:\Users\Joe\AppData\Local\torch
Folder Found : C:\Users\Joe\AppData\Local\WeatherAlerts
Folder Found : C:\Users\Joe\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Folder Found : C:\Users\Joe\AppData\Roaming\PerformerSoft
Folder Found : C:\Users\Joe\AppData\Roaming\registry mechanic

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\7c43f13b4d6ef71850652c0dbe8b01d5
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Condut
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIM
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\torch
Key Found : HKCU\Software\usyndication.com
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Condut
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\Myfree Codec
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\SweetIM
Key Found : [x64] HKCU\Software\systweak
Key Found : [x64] HKCU\Software\torch
Key Found : [x64] HKCU\Software\usyndication.com
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\TorchVLC
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\SweetIM
Key Found : HKLM\SOFTWARE\torch
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BrowserAppCoreService]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=6093fb97-e462-0b10-22f1-43c6ded13fd2&searchtype=ds&q={searchTerms}&installDate=13/11/2013
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=6093fb97-e462-0b10-22f1-43c6ded13fd2&searchtype=ds&q={searchTerms}&installDate=13/11/2013
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=6093fb97-e462-0b10-22f1-43c6ded13fd2&searchtype=ds&q={searchTerms}&installDate=13/11/2013
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=6093fb97-e462-0b10-22f1-43c6ded13fd2&searchtype=ds&q={searchTerms}&installDate=13/11/2013

-\\ Google Chrome v40.0.2214.115

[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [7855 bytes] - [28/02/2015 15:53:19]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7914 bytes] ##########

Results of screen317's Security Check version 0.99.97 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 11 
*``````````````Antivirus/Firewall Check:``````````````* 
Windows Firewall Enabled! 
Microsoft Security Essentials 
avast! Antivirus 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Java 7 Update 55 
*Java version 32-bit out of Date!* 
* Java 64-bit 8 Update 31* 
Adobe Flash Player 16.0.0.305 
Adobe Reader XI 
Google Chrome (40.0.2214.111) 
Google Chrome (40.0.2214.115) 
*````````Process Check: objlist.exe by Laurent````````* 
Microsoft Security Essentials MSMpEng.exe 
Microsoft Security Essentials msseces.exe 
AVAST Software Avast AvastSvc.exe 
AVAST Software Avast afwServ.exe 
AVAST Software Avast AvastUI.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 17% *Defragment your hard drive soon! (Do NOT defrag if SSD!)*
*````````````````````End of Log``````````````````````*


----------



## blues_harp28 (Jan 9, 2005)

Run AdwCleaner again - Scan > *Cleaning* allow it to clean and restart your pc.
Then post the latest log file.
======
You have both Microsoft Security Essentials and Avast! Antivirus installed.
They will conflict with each other and leave you less protected.
One needs to be uninstalled.
======
Download Junkware Removal Tool
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Temporarily shutdown your anti-virus to avoid any conflicts. 
http://www.bleepingcomputer.com/for...nti-virus-firewall-and-anti-malware-programs/
Be sure to enable the anti-virus program after the scan.

Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.) 
The tool will open and start scanning your system. 
Please be patient as this can take a while to complete. 
On completion, a log (JRT.txt) is saved to your desktop and will automatically open. 
Post the contents of JRT.txt into your next message.


----------



## djstormx1981 (Feb 28, 2015)

I ran AdwCleaner again, and was in the process of posting the log file, and was going to post it with the JRT log file, but was unaware that JRT was going to close my browser, so I no longer have that log. However, I am upset that it apparently uninstalled my Torch browser, as it was a secured version of Chrome that I've been using for a long time. I would have appreciated a warning that AdwCleaner may uninstall something like that, but whatever. I can always reinstall it. As far as uninstalling one of my antivirus applications, I've uninstalled Microsoft Security Essentials. Here's the JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by Joe on Sat 02/28/2015 at 17:10:53.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/28/2015 at 17:14:12.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If there's some way of retrieving that prior AdwCleaner log, let me know.


----------



## blues_harp28 (Jan 9, 2005)

Sorry about Torch.
AdwCleaner has a quarantine folder if you need a program that it has removed - C:\AdwCleaner
http://general-changelog-team.fr/en...oftware/313-how-to-use-adwcleaner-version-3-x
Scroll down to - Quarantine


----------



## blues_harp28 (Jan 9, 2005)

Download *MalwareBytes* to your desktop.
Download the Free version.
MalwareBytes

Once downloaded to your desktop.
Close all open browser windows.
Click on the Install icon - allow it to update during the install process.
Start Malwarebytes Anti-Malware.
Before you run a scan.
Under Settings > Detection and Protection in the left pane.
Under Detection Options - make sure that all *three entries are ticked*
Under Non-Malware detections - set to *Treat detections as Malware*

Now click - Scan button.
Then select - Threat Scan.
Then - Scan Now.
If any infections are found during the scan, the number of them will be listed.
When the scan is finished, make sure to select and remove Everything in the list.
You may be prompted to restart to finish the removal process.
If Yes - restart your Pc.

Start Malwarebytes Anti-Malware again.
Click History > Application Logs.
Select the most recent scan log.
Click View.
Select Export >Text File.
Name it mbam > then save it on the desktop.
Copy-and-paste its contents in the reply box below.
======
The AdwCleaner log file should also be here C:\AdwCleaner.
Post the result of the log file.
======
======
*Edit*
I have to log off for the night.
When you are ready post the scan from Malwarebytes and the AdwCleaner log file.
Also - Click Win 7 start icon
In the search box.
Type 
msconfig

Click on the Start Up Tab.
Write down carefully what is listed and post the list here.
Or post a screenshot.
http://library.techguy.org/wiki/TSG_Posting_a_Screenshot


----------



## djstormx1981 (Feb 28, 2015)

I'm posting the logs below. However, I just realized that I haven't seen those pop-ups in a while since starting this process, and my computer is also definitely running faster and I'm not seeing any of the occasional response lag that I used to. I'm not sure if that's because of the AdwCleaner, Security Check, or MalwareBytes. I don't know if you still want me to post the startup items in msconfig or not, but I'd have a pretty long list of things to list. Granted, even though the list is long, my boot time into Windows has drastically improved as well, so I'm betting that the problem has been resolved. Either way, I already had in the past utilized it to speed up my boot time. Anyway, I'll make sure to follow up this post in a couple of days to let you know if anything changes. Thanks!

# AdwCleaner v4.111 - Logfile created 28/02/2015 at 16:56:00
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Joe - JOE-PC
# Running from : C:\Users\Joe\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : torchcrashhandler
Service Deleted : YahooAUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\torchcrashhandler
Folder Deleted : C:\ProgramData\w3i
Folder Deleted : C:\ProgramData\Yahoo! Companion
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tiny media player
Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Deleted : C:\Program Files (x86)\tiny media player
Folder Deleted : C:\Program Files (x86)\w3i
Folder Deleted : C:\Users\Joe\AppData\Local\torch
Folder Deleted : C:\Users\Joe\AppData\Local\WeatherAlerts
Folder Deleted : C:\Users\Joe\AppData\LocalLow\Yahoo! Companion
Folder Deleted : C:\Users\Joe\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Joe\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Folder Deleted : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
File Deleted : C:\Users\Joe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Torch.lnk
File Deleted : C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle\SoftwareWatcher bundle.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BrowserAppCoreService]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\TorchVLC
Key Deleted : HKCU\Software\7c43f13b4d6ef71850652c0dbe8b01d5
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\usyndication.com
Key Deleted : HKCU\Software\Condut
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v40.0.2214.115

[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [8057 bytes] - [28/02/2015 15:53:19]
AdwCleaner[S0].txt - [7328 bytes] - [28/02/2015 16:56:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7387 bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/28/2015
Scan Time: 6:17:19 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.28.06
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joe

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 409990
Time Elapsed: 7 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
Hacktool.CheatEngine, C:\Users\Joe\AppData\Local\Temp\Rar$EXa0.119\Homeworld Remastered Collection V1.2 Trainer +5 MrAntiFun.EXE, No Action By User, [a801ec3636540c2ae2ab45f504fcd12f], 
Hacktool.CheatEngine, C:\Users\Joe\AppData\Local\Temp\Rar$EXa0.610\Homeworld Remastered Collection V1.2 Trainer +5 MrAntiFun.EXE, No Action By User, [2d7cab77f49648ee2766ff3bea16a858], 
PUP.Optional.OpenCandy, C:\Users\Joe\Downloads\MediaInfo_GUI_0.7.69_Windows.exe, Quarantined, [3e6b170b5a3059ddbdef7a8025e06d93], 
RiskWare.Tool.CK, C:\Windows\KMService.exe, Quarantined, [e6c33de5e1a90432d96f2b4f3bc726da], 
Trojan.Agent, C:\Users\Joe\AppData\Roaming\MicroSoft.exe.tmp, Quarantined, [6e3bc85afe8c8caa3d4c777b9173e719],

Physical Sectors: 0
(No malicious items detected)

(end)


----------



## blues_harp28 (Jan 9, 2005)

Using Hacktool.CheatEngine - can bring with it all manner of changes to your home page, search engine and Adware.
Also run *SuperAntiSpyware* Free version.
SuperAntiSpyware

Once downloaded to your desktop.
Close all open browser windows.
Click on the install icon - allow it to update during the install process.
Select the Quick Scan option.
Click Scan your Computer.
Any infections or problems will be highlighted in red.
After the scan is finished.
Click Continue.
Check that everything is listed.
Click Remove Threats.
Click OK - then click Finish
You may be prompted to restart to finish the removal process.
If Yes - restart your Pc.

Start SuperAntiSpyware again.
Click on System Tools - Scan Logs.
Highlight the latest scan log entry.
Click on the magnifying glass - View This Log File.
The scan log will appear in Notepad.
Copy and paste in your next post.
======
Malwarebytes - should revert to the Free version once the trial is over.


----------



## djstormx1981 (Feb 28, 2015)

Well, it hasn't caused any problems and the popup was occurring before I even had installed the game for which the trainer is used. I'll post the log here in a little while after I install and run SuperAntiSpyware.

BTW, the popup has happened again as of today when I turned my computer on for the first time this morning. I don't understand what could be causing this. The logo on the start bar for the window is the Nvidia logo, so I just updated my drivers as well. I'm hoping that did the trick.


----------



## blues_harp28 (Jan 9, 2005)

djstormx1981 said:


> Trojan.Agent, C:\Users\Joe\AppData\Roaming\MicroSoft.exe.tmp, Quarantined, [6e3bc85afe8c8caa3d4c777b9173e719],


We may need to get one of our Malware Experts to check this entry in Malwarebytes
http://www.systemlookup.com/search.php?type=filename&search=MicroSoft.exe.tmp&s=


----------



## djstormx1981 (Feb 28, 2015)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/01/2015 at 09:42 AM

Application Version : 6.0.1170
Database Version : 11772

Scan type : Quick Scan
Total Scan Time : 00:00:45

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 690
Memory threats detected : 0
Registry items scanned : 58199
Registry threats detected : 0
File items scanned : 8674
File threats detected : 181

Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bs.serving-sys.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\32T27LSI.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\32T27LSI.txt [ /serving-sys.com ]
.ads.pointroll.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\ZVX1YGOF.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\ZVX1YGOF.txt [ /realnetworks.112.2o7.net ]
.ads.pointroll.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
bs.serving-sys.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\8W1UZWZ3.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\8W1UZWZ3.txt [ /at.atwola.com ]
bs.serving-sys.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\48RVDTYR.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\48RVDTYR.txt [ /doubleclick.net ]
.questionmarket.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\GYPQZDOV.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\GYPQZDOV.txt [ /2o7.net ]
.atdmt.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tns-counter.ru [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
c1.adform.net [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyeviewads.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.adlegend.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adlegend.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.basebanner.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hugs.sitescoutadserver.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trackker.org [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\6K9DJH0V.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\6K9DJH0V.txt [ /fastclick.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\XO56K5BJ.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\XO56K5BJ.txt [ /ads.ibtracking.com ]
.advertising.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\T6M3DFAN.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\T6M3DFAN.txt [ /ad.360yield.com ]
.advertising.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\91UR7BZT.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\91UR7BZT.txt [ /tribalfusion.com ]
.ru4.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\TZIFOP7M.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\TZIFOP7M.txt [ /c1.adform.net ]
.advertising.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\GQXL4BCM.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\GQXL4BCM.txt [ /s.anysex.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\SNKL1Y0G.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\SNKL1Y0G.txt [ /revsci.net ]
.moviepilot.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.moviepilot.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.moviepilot.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
moviepilot.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.moviepilot.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.moviepilot.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tower.moviepilot.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.moviepilot.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.moviepilot.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\VDT1YL9L.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\VDT1YL9L.txt [ /www.hardsextube.com ]
.adtechus.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\T3KVCSXG.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\T3KVCSXG.txt [ /adtechus.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\RWI9O953.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\RWI9O953.txt [ /traffic.prod.cobaltgroup.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\EJF5IMO6.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\EJF5IMO6.txt [ /ads.undertone.com ]
.advertising.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
c1.adform.net [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adform.net [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\A1AXSZGK.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\A1AXSZGK.txt [ /atdmt.com ]
.mediaplex.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\38AEJIZK.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\38AEJIZK.txt [ /serving-sys.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\9CZLCWPZ.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\9CZLCWPZ.txt [ /ads.gorillavid.in ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\LDD34N2T.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\LDD34N2T.txt [ /pu.trafficshop.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\LZ065LG3.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\LZ065LG3.txt [ /burstnet.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\EZ6HSWF2.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\EZ6HSWF2.txt [ /ads.pubmatic.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\HLOFIVOM.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\HLOFIVOM.txt [ /xxxhdvault.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\AE3Y38IW.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\AE3Y38IW.txt [ /ads.ookla.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\AE7JWVZW.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\AE7JWVZW.txt [ /ads.stickyadstv.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\UHETW1NT.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\UHETW1NT.txt [ /pornhub.com ]
www.googleadservices.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\NTJ4SVV6.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\NTJ4SVV6.txt [ /tns-counter.ru ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\PDW9K4NR.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\PDW9K4NR.txt [ /bs.serving-sys.com ]
.kontera.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\0X72NZWO.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\0X72NZWO.txt [ /ru4.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\DMBTU74K.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\DMBTU74K.txt [ /mediaplex.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJZA5SPK.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\RJZA5SPK.txt [ /questionmarket.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\8O6MD9HE.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\8O6MD9HE.txt [ /ads.pointroll.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\XJCCNR3S.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\XJCCNR3S.txt [ /pornsharing.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZXPCKCCC.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZXPCKCCC.txt [ /anysex.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\KXKLMODQ.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\KXKLMODQ.txt [ /ads.servebom.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\M67TD09M.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\M67TD09M.txt [ /advertising.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\LYCI3F7Q.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\LYCI3F7Q.txt [ /adtech.de ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\F56RRE7J.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\F56RRE7J.txt [ /kontera.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\VTZJ94T7.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\VTZJ94T7.txt [ /onclickads.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\641MEZXB.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\641MEZXB.txt [ /stocking4sex.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\KMB6Q7EA.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\KMB6Q7EA.txt [ /at.atwola.com ]
.ru4.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\VFJY6GSP.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\VFJY6GSP.txt [ /latinsexpass.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\APITUJTC.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\APITUJTC.txt [ /pro-market.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\39B2E9BI.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\39B2E9BI.txt [ /smartadserver.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\89VDW5ED.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\89VDW5ED.txt [ /delivery.trafficbroker.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\5KC04AN7.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\5KC04AN7.txt [ /trafficshop.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\HBHXKIGL.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\HBHXKIGL.txt [ /youporn.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\OKV039G0.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\OKV039G0.txt [ /delivery.trafficforce.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\XNPJIT4F.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\XNPJIT4F.txt [ /track.adform.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\7HET8187.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\7HET8187.txt [ /tacoda.at.atwola.com ]
.adtechus.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver.adtechus.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\N3VMT3NS.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\N3VMT3NS.txt [ /casalemedia.com ]
.fastclick.net [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\5BXO6KD5.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\5BXO6KD5.txt [ /hardsextube.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\TYJ1ULFD.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\TYJ1ULFD.txt [ /basebanner.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\1DSP57D2.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\1DSP57D2.txt [ /ads.yahoo.com ]
.fastclick.net [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\YFBZLVV4.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\YFBZLVV4.txt [ /eyeviewads.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\YJG1WI0M.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\YJG1WI0M.txt [ /doubleclick.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\KY7EI5GU.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\KY7EI5GU.txt [ /imrworldwide.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\YPGFLG6O.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\YPGFLG6O.txt [ /trafficholder.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\NYV1RZ0W.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\NYV1RZ0W.txt [ /xxxhdvault.com ]
.2o7.net [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\J7KI3EPP.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\J7KI3EPP.txt [ /ads.creative-serving.com ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\A430X34Y.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\A430X34Y.txt [ /click-ads.org ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZNJ7SGOD.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZNJ7SGOD.txt [ /smartclick.net ]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\3EG4S0IP.txtC:\Users\Joe\AppData\Roaming\Microsoft\Windows\Cookies\Low\3EG4S0IP.txt [ /googleadservices.com ]
.advertising.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.adservhere.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.adservhere.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.adservhere.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.adservhere.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.adservhere.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.adservhere.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.googleadservices.com [ C:\USERS\JOE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

============
End of Log 
============


----------



## blues_harp28 (Jan 9, 2005)

Superantispyware scan - cookies only, no problem showing there.

Malwarebyte scan.
A message has been sent to a Malware Expert - they will reply when they are available.

To see what's running at start up, would be useful.
Click Win 7 start icon
In the search box.
Type
msconfig

Click on the Start Up Tab.
Write down carefully what is listed and post the list here.
Or post a screenshot.


----------



## djstormx1981 (Feb 28, 2015)

NVIDIA GeForce Experience
NVIDIA Backend
Realtek HD Audio Manager
Microsoft Windows Operating System
avast! EasyPass
Alcohol Virtual Drive Auto-mount Service
Microsoft Windows Operating System
Yandex.Disk
SUPERAntiSpyware
Logitech Camera Software
Adobe CS5.5 Service Manager
Apple Push
SSDMont Application
Adobe CS5 Service Manager
Microsoft Office 2010
Avast Antivirus
DivX Media Server Launcher
DivX Update
hpwuSchd Application
RealPlayer Cloud (32 bit)
RealDownloader
Smart File Advisor
iTunes
Dropbox
Bluetooth Software
RealPlayer Cloud

These are all the items checked off to start up. Do you need all the ones that I have disabled as well?


----------



## blues_harp28 (Jan 9, 2005)

Very little needs to load and run at start up.
Start > Search > Type 
msconfig
Under the Start Up Tab.
Untick all entries *Except*

Microsoft Windows Operating System
avast! EasyPass
Avast Antivirus

Apply > Ok > Reboot your Pc.

The System Configuration Utility box appear on restart - saying changes have been made.
Tick the box on the lower left and then OK.

*Any entry can be re-enabled using msconfig - if you feel it needs to*
http://www.netsquirrel.com/msconfig/
http://www.bleepingcomputer.com/startups/


----------



## djstormx1981 (Feb 28, 2015)

Well, after doing that I didn't get the popup. It must be something about that NVIDIA Backend program in the startup.


----------



## blues_harp28 (Jan 9, 2005)

NVIDIA GeForce Experience [of which NVIDIA Backend is a part] is for updating Nvidia graphics drivers and optimizing games.
However going to their website does just as well for updating drivers, and it does not need to run at start up.


----------



## blues_harp28 (Jan 9, 2005)

djstormx1981 said:


> RiskWare.Tool.CK, C:\Windows\KMService.exe, Quarantined, [e6c33de5e1a90432d96f2b4f3bc726da],
> Trojan.Agent, C:\Users\Joe\AppData\Roaming\MicroSoft.exe.tmp, Quarantined, [6e3bc85afe8c8caa3d4c777b9173e719],


The two entries above from the Malwarebytes scan, have been checked by one of our Malware Experts.

Please download MGADiag to your desktop.

Double-click on MGADiag.exe 
Click - Continue
Ensure that the "Windows" tab is selected (it should be by default).

Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.

Paste the MGA Diagnostic Report back here in your next reply.


----------



## djstormx1981 (Feb 28, 2015)

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-B6XBP-R4376-XBB47
Windows Product Key Hash: GaNbetejR2SH1PicwSg+eWwweZQ=
Windows Product ID: 00371-154-6110562-85429
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {7B562F83-625B-4AE9-BE81-75BC8B01ADE1}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.150113-1808
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Users\Joe\AppData\Local\Torch\Application\torch.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{7B562F83-625B-4AE9-BE81-75BC8B01ADE1}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-XBB47</PKey><PID>00371-154-6110562-85429</PID><PIDType>5</PIDType><SID>S-1-5-21-3494058993-876298691-649570503</SID><SYSTEM><Manufacturer>BIOSTAR Group</Manufacturer><Model>TP67XE</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>4.6.4</Version><SMBIOSVersion major="2" minor="7"/><Date>20110221000000.000000+000</Date></BIOS><HWID>24363F07018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-154-611056-01-1033-7601.0000-2372013
Installation ID: 021625760844395330744731621891372363959653680756216346
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: XBB47
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 3/2/2015 12:03:48 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: QAAAAAIABAABAAEAAQAFAAAAAwABAAEAHKJMUMlD5q1K3WI0XoiWCTidgFXxExLqaB/c4bWpOVPN9w6IPEoucw==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information: 
ACPI Table Name	OEMID Value	OEMTableID Value
APIC ALASKA A M I
FACP ALASKA A M I
HPET ALASKA A M I
MCFG ALASKA A M I
SSDT AMICPU PROC
ASPT ALASKA PerfTune


----------



## dvk01 (Dec 14, 2002)

That looks like a legitimate retail windows licence, so I have no idea why an activation bypass hack was installed on the computer


----------



## djstormx1981 (Feb 28, 2015)

I have no idea either. So far no more popups. If this continues through the week I will mark as solved. Thanks!


----------



## blues_harp28 (Jan 9, 2005)

djstormx1981 said:


> I have no idea either. So far no more popups. If this continues through the week I will mark as solved. Thanks!


Ok - keep us updated.


----------



## djstormx1981 (Feb 28, 2015)

Yep. No more popups. Thanks a million! I definitely plan on coming here again if/when I have problems again.


----------



## blues_harp28 (Jan 9, 2005)

:up: thanks for the update.


----------

