Announcement

Announcement Module
Collapse
No announcement yet.

Virus/malware disabling antivirus software

Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Virus/malware disabling antivirus software

    Hi,
    I'm running Vista and seem to have downloaded something that turns off my antivirus software (Symantec). I noticed a warning in Windows Defender (that my malware protection was turned off), but when I ran a scan in both Windows Defender and Symantec, it didn't find anything. Kaspersky Virus Removal Tool was also a blank, but there is definitely something going on. So far all it seems to be doing is slowing my system down considerably, with the occasional temporary disappearance of my desktop.

    Steps from the IObit guidelines for requesting malware help:

    I deleted temporary files by running Temporary File Cleaner.

    I ran IObit Malware Fighter and asked it to 'repair' the identified threat - log below:

    IObit Malware Fighter

    OS: Windows Vista
    Version: 1.2.0.16
    Define Version: 1064
    Time Elapsed: 00:40:24
    Objects Scanned: 67485
    Threats Found: 1
    Save Time: 20/11/2011 11:22:17 PM

    |Name|Type|Description|ID|
    Trojan.Generic - Quarantined, FILE, C:\Program Files\Java\jre1.6.0_07\bin\pack200.exe, 4073918


    I then ran DDS and the following two logs were generated:

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 7.0.6001.18000
    Run by Sarah at 23:24:26 on 2011-11-20
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3062.1709 [GMT 11:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\FastUserSwitching.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\MediaButtons.exe
    C:\Windows\System32\TestUnitReady.exe
    C:\Windows\System32\DELLODD.exe
    C:\Windows\System32\DELLOSD.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=3090128
    uWindow Title = Internet Explorer provided by Dell
    uDefault_Page_URL = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=3090128
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
    uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [DellOSD] c:\windows\system32\FastUserSwitching.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    TCP: DhcpNameServer = 10.1.1.1
    TCP: Interfaces\{D051BEF6-4416-4B02-BCB0-B3DB388CF55C} : DhcpNameServer = 10.1.1.1
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\sarah\appdata\roaming\mozilla\firefox\profiles\sgmkv0sx.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
    FF - component: c:\users\sarah\appdata\roaming\mozilla\firefox\profiles\sgmkv0sx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\users\sarah\appdata\roaming\mozilla\firefox\profiles\sgmkv0sx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - component: c:\users\sarah\appdata\roaming\mozilla\firefox\profiles\sgmkv0sx.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
    FF - component: c:\users\sarah\appdata\roaming\mozilla\firefox\profiles\sgmkv0sx.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-11-20 820568]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-1-28 27648]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]
    R3 DLXPDisplayName;DLXPDisplayName;c:\windows\system32\drivers\DLACPI.sys [2009-1-29 14392]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-8 106104]
    R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2011-11-20 18768]
    R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2011-11-20 30600]
    R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2011-11-20 19792]
    S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-7-14 23888]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2009-1-29 73728]
    S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-11-28 464264]
    S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-11-28 234888]
    S4 DELLODDSrv;DELLODDSrv;c:\windows\system32\WinService.exe [2009-1-28 65536]
    S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
    S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-28 30192]
    .
    =============== Created Last 30 ================
    .
    2011-11-20 11:37:45 -------- d-----w- c:\users\sarah\appdata\roaming\IObit
    2011-11-20 11:37:40 -------- d-----w- c:\program files\IObit
    2011-11-20 11:34:29 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{84636f74-db45-49a8-88d0-dc89e035a6a1}\offreg.dll
    2011-11-20 11:16:35 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{84636f74-db45-49a8-88d0-dc89e035a6a1}\mpengine.dll
    2011-11-11 20:55:41 -------- d-----w- c:\program files\Trend Micro
    2011-11-11 20:47:44 80896 ----a-w- c:\windows\system32\MSNP.ax
    2011-11-11 20:47:38 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-11-11 20:47:37 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-11-11 20:37:25 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2011-11-11 20:37:25 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2011-11-11 20:37:25 297808 ----a-w- c:\windows\system32\mscoree.dll
    2011-11-11 20:37:25 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2011-11-11 20:37:25 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2011-11-11 20:36:27 231936 ----a-w- c:\windows\system32\msshsq.dll
    2011-11-09 12:06:07 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
    2011-11-09 12:06:04 714240 ----a-w- c:\windows\system32\timedate.cpl
    2011-11-09 12:05:48 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2011-11-09 12:05:47 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-11-09 12:05:42 147456 ----a-w- c:\windows\system32\Faultrep.dll
    2011-11-09 12:05:42 125952 ----a-w- c:\windows\system32\wersvc.dll
    2011-11-09 12:04:56 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2011-11-09 12:04:51 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2011-11-09 12:04:14 66048 ----a-w- c:\program files\windows mail\wabmig.exe
    2011-11-09 12:04:14 515584 ----a-w- c:\program files\windows mail\wab.exe
    2011-11-09 12:04:14 33280 ----a-w- c:\program files\windows mail\wabfind.dll
    2011-11-09 12:04:09 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-11-09 12:04:09 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-11-09 12:04:04 72704 ----a-w- c:\windows\system32\fontsub.dll
    2011-11-09 12:04:04 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-11-09 12:04:04 292864 ----a-w- c:\windows\system32\atmfd.dll
    2011-11-09 12:02:52 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-11-09 12:02:51 3550608 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-11-09 12:02:51 1205592 ----a-w- c:\windows\system32\ntdll.dll
    2011-11-09 12:02:45 1161728 ----a-w- c:\windows\system32\mfc42u.dll
    2011-11-09 12:02:45 1136640 ----a-w- c:\windows\system32\mfc42.dll
    2011-11-09 12:02:39 1616384 ----a-w- c:\program files\windows mail\msoe.dll
    2011-11-09 12:02:33 304640 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-11-09 12:02:28 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-11-09 12:02:28 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-11-09 12:02:28 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-11-09 12:02:16 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2011-11-09 12:02:16 1315840 ----a-w- c:\windows\system32\ole32.dll
    2011-11-09 12:02:05 2042368 ----a-w- c:\windows\system32\win32k.sys
    2011-11-09 12:01:57 273408 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-11-09 12:00:55 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2011-11-09 12:00:47 430080 ----a-w- c:\windows\system32\vbscript.dll
    2011-11-09 12:00:35 563200 ----a-w- c:\windows\system32\oleaut32.dll
    2011-11-09 12:00:17 499712 ----a-w- c:\windows\system32\kerberos.dll
    2011-11-09 12:00:05 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-11-09 12:00:05 323072 ----a-w- c:\windows\system32\sbe.dll
    2011-11-09 12:00:05 177664 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-11-09 12:00:05 153088 ----a-w- c:\windows\system32\sbeio.dll
    2011-11-09 11:59:24 603648 ----a-w- c:\windows\system32\schedsvc.dll
    2011-11-09 11:59:23 357376 ----a-w- c:\windows\system32\taskschd.dll
    2011-11-09 11:59:23 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2011-11-09 11:59:22 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2011-11-09 11:59:22 171520 ----a-w- c:\windows\system32\taskeng.exe
    2011-11-09 11:59:17 738816 ----a-w- c:\windows\system32\inetcomm.dll
    2011-11-09 11:59:13 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2011-11-09 11:59:13 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
    2011-11-09 11:59:13 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
    2011-11-09 11:59:09 81920 ----a-w- c:\windows\system32\consent.exe
    2011-11-09 11:58:27 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-09 11:57:10 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2011-11-09 11:57:10 511488 ----a-w- c:\windows\system32\RMActivate.exe
    2011-11-09 11:57:10 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2011-11-09 11:57:09 472576 ----a-w- c:\windows\system32\secproc_isv.dll
    2011-11-09 11:57:09 472064 ----a-w- c:\windows\system32\secproc.dll
    2011-11-09 11:57:09 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2011-11-09 11:57:08 329216 ----a-w- c:\windows\system32\msdrm.dll
    2011-11-09 11:57:08 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2011-11-09 11:57:08 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
    2011-11-09 11:57:01 1645568 ----a-w- c:\windows\system32\connect.dll
    2011-11-09 11:56:50 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 11:55:44 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
    2011-11-09 11:55:43 310784 ----a-w- c:\windows\system32\unregmp2.exe
    2011-11-09 11:54:35 501760 ----a-w- c:\windows\system32\usp10.dll
    2011-11-09 11:54:20 81920 ----a-w- c:\windows\system32\iccvid.dll
    2011-11-09 11:54:14 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
    2011-11-09 11:54:14 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
    2011-11-09 11:53:32 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
    2011-11-09 11:53:28 1314816 ----a-w- c:\windows\system32\quartz.dll
    2011-11-09 11:48:40 -------- d-----w- c:\programdata\Kaspersky Lab
    2011-11-09 11:47:27 489048 ------w- c:\windows\system32\drivers\5605534drv.sys
    2011-11-09 11:47:16 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
    2011-11-09 11:47:16 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
    2011-11-09 11:46:48 67072 ----a-w- c:\windows\system32\asycfilt.dll
    2011-11-09 11:45:59 126464 ----a-w- c:\windows\system32\spoolsv.exe
    2011-11-09 11:45:48 157184 ----a-w- c:\windows\system32\t2embed.dll
    2011-11-09 11:44:21 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-11-09 11:44:21 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-11-09 11:44:13 766464 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
    2011-11-09 11:43:27 954752 ----a-w- c:\windows\system32\mfc40.dll
    2011-11-09 11:43:27 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2011-11-09 11:43:19 36352 ----a-w- c:\windows\system32\rtutils.dll
    2011-11-09 11:42:38 866816 ----a-w- c:\windows\system32\wmpmde.dll
    2011-11-09 11:40:10 1257472 ----a-w- c:\windows\system32\msxml3.dll
    2011-11-09 11:38:27 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-11-09 11:38:27 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-09 11:17:40 531968 ----a-w- c:\windows\system32\comctl32.dll
    2011-10-23 05:19:23 -------- d-----w- c:\program files\PeerBlock
    .
    ==================== Find3M ====================
    .
    2011-10-02 02:17:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 23:26:47.70 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 28/01/2009 9:17:21 PM
    System Uptime: 20/11/2011 10:29:59 PM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0P096C
    Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | CPU 1 | 1200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 218 GiB total, 122.008 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 9.742 GiB free.
    E: is CDROM ()
    F: is Removable
    H: is FIXED (NTFS) - 932 GiB total, 756.13 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP562: 12/11/2011 7:32:35 AM - Windows Update
    RP563: 20/11/2011 9:49:41 PM - Windows Update
    RP564: 20/11/2011 10:02:19 PM - Windows Update
    RP565: 20/11/2011 10:16:08 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Browser Address Error Redirector
    Compatibility Pack for the 2007 Office system
    Conduit Engine
    Dell Dock
    Dell Driver Download Manager
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    e-tax 2010
    e-tax 2011
    EDocs
    Google Desktop
    GoToAssist 8.0.0.514
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    IObit Malware Fighter
    iTunes
    Java(TM) 6 Update 7
    LiveUpdate 3.3 (Symantec Corporation)
    MediaButtons 5.0.0.1T4
    MediaDirect
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.6.23)
    PeerBlock 1.1 (r518)
    PIF DESIGNER
    QuickTime
    Realtek Ethernet Network Card Diagnostic tool for Windows Vista
    Realtek High Definition Audio Driver
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Symantec Endpoint Protection
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VLC media player 1.0.5
    Vuze
    Vuze Remote Toolbar
    Vuze Toolbar
    WinRAR archiver
    .
    ==== End Of File ===========================


    Any assistance with whether or not my machine still has something funky going on and how to fix it would be much appreciated.

    Thanks,
    snowkitten.

  • #2
    Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************
    I strongly recommend that you remove Ask from your computer because it;

    •Promotes its toolbars on sites targeted to kids.

    •Promotes its toolbars through ads that appear to be part of other companies' sites.

    •Promotes its toolbars through other companies' spyware.

    •Installs without any disclosure whatsoever and without any consent whatsoever.

    •Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

    •Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

    See Here for more info.

    If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

    AskBarDis or anything related to Ask

    Then please find and delete this folder in bold (if present):
    C:\Program Files\AskBarDis. or anything related to Ask.
    **********************************************************
    I should tell you that conduitengine has a certain level of trackability.

    Update Your Java (JRE)

    Old versions of Java have vulnerabilities that malware can use to infect your system.

    First Verify your Java Version

    If there are any other version(s) installed then update now.

    Get the new version (if needed)

    If your version is out of date install the newest version of the Sun Java Runtime Environment.

    Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Be sure to close ALL open web browsers before starting the installation.

    Remove any old versions

    1. Download JavaRa and unzip the file to your Desktop.
    2. Open JavaRA.exe and choose Remove Older Versions
    3. Once complete exit JavaRA.

    Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
    *********************************************************
    SUPERAntiSpyware

    If you already have SUPERAntiSpyware be sure to check for updates before scanning!

    Download SuperAntispyware Free Edition (SAS)
    * Double-click the icon on your desktop to run the installer.
    * When asked to Update the program definitions, click Yes
    * If you encounter any problems while downloading the updates, manually download and unzip them from here
    * Next click the Preferences button.

    •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
    * Click the Scanning Control tab.
    * Under Scanner Options make sure only the following are checked:

    •Close browsers before scanning
    •Scan for tracking cookies
    •Terminate memory threats before quarantining
    Please leave the others unchecked

    •Click the Close button to leave the control center screen.

    * On the main screen click Scan your computer
    * On the left check the box for the drive you are scanning.
    * On the right choose Perform Complete Scan
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete a summary box will appear. Click OK
    * Make sure everything in the white box has a check next to it, then click Next
    * It will quarantine what it found and if it asks if you want to reboot, click Yes

    •To retrieve the removal information please do the following:
    •After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    •Click Preferences. Click the Statistics/Logs tab.

    •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

    •It will open in your default text editor (preferably Notepad).
    •Save the notepad file to your desktop by clicking (in notepad) File > Save As...

    * Save the log somewhere you can easily find it. (normally the desktop)
    * Click close and close again to exit the program.
    *Copy and Paste the log in your post.
    ****************************************************
    Please download Malwarebytes Anti-Malware from here.
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
    ***************************************************************************
    Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

    link # 1
    Link # 2
    If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

    Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    Right-click combofix.exe and select Run as Administrator and follow the prompts.
    When finished, ComboFix will produce a log for you.
    Post the ComboFix login your next reply.

    NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

    Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

    Comment


    • #3
      Thanks Dave! I've done as requested (two posts needed to fit all the logs):

      Superantispyware scan log:

      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 11/22/2011 at 09:12 AM

      Application Version : 5.0.1136

      Core Rules Database Version : 7965
      Trace Rules Database Version: 5777

      Scan type : Complete Scan
      Total Scan Time : 01:39:36

      Operating System Information
      Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
      UAC On - Limited User (Administrator User)

      Memory items scanned : 641
      Memory threats detected : 0
      Registry items scanned : 35831
      Registry threats detected : 0
      File items scanned : 129363
      File threats detected : 408

      Adware.Tracking Cookie
      C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
      C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@content.yieldmanager[2].txt [ /content.yieldmanager ]
      C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@content.yieldmanager[3].txt [ /content.yieldmanager ]
      C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@euroclick[1].txt [ /euroclick ]
      C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@mediaplex[2].txt [ Cookie:sarah@mediaplex.com/ ]
      C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@content.yieldmanager[1].txt [ Cookie:sarah@content.yieldmanager.com/ ]
      C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@statse.webtrendslive[2].txt [ Cookie:sarah@statse.webtrendslive.com/ ]
      C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@doubleclick[1].txt [ Cookie:sarah@doubleclick.net/ ]
      C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@imrworldwide[2].txt [ Cookie:sarah@imrworldwide.com/cgi-bin ]
      C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@ru4[2].txt [ Cookie:sarah@ru4.com/ ]
      C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@ads.pointroll[2].txt [ Cookie:sarah@ads.pointroll.com/ ]
      C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@revsci[2].txt [ Cookie:sarah@revsci.net/ ]
      C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@f2network.112.2o7[1].txt [ Cookie:sarah@f2network.112.2o7.net/ ]
      C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@apmebf[1].txt [ Cookie:sarah@apmebf.com/ ]
      C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@specificclick[2].txt [ Cookie:sarah@specificclick.net/ ]
      C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@bs.serving-sys[2].txt [ Cookie:sarah@bs.serving-sys.com/ ]
      C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@serving-sys[1].txt [ Cookie:sarah@serving-sys.com/ ]
      C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@atdmt[1].txt [ Cookie:sarah@atdmt.com/ ]
      C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@ad.yieldmanager[2].txt [ Cookie:sarah@ad.yieldmanager.com/ ]
      C:\USERS\SARAH\Cookies\sarah@content.yieldmanager[2].txt [ Cookie:sarah@content.yieldmanager.com/ ]
      C:\USERS\SARAH\Cookies\sarah@content.yieldmanager[3].txt [ Cookie:sarah@content.yieldmanager.com/ak/ ]
      C:\USERS\SARAH\Cookies\sarah@ad.yieldmanager[1].txt [ Cookie:sarah@ad.yieldmanager.com/ ]
      C:\USERS\SARAH\Cookies\sarah@euroclick[1].txt [ Cookie:sarah@euroclick.com/ ]
      C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SARAH@112.2O7[2].TXT [ /112.2O7 ]
      C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SARAH@ADS.CREAFI[1].TXT [ /ADS.CREAFI ]
      C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SARAH@ADS.TELEGRAPH.CO[1].TXT [ /ADS.TELEGRAPH.CO ]
      C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SARAH@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
      C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SARAH@POINTROLL[2].TXT [ /POINTROLL ]
      C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SARAH@TRIBALFUSION[1].TXT [ /TRIBALFUSION ]
      .imrworldwide.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .imrworldwide.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .bs.serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .adbrite.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .adbrite.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .media6degrees.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .media6degrees.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .tribalfusion.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .advertising.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .atdmt.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .msnportal.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .fastclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .fastclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .mediaplex.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .mediaplex.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .mediaplex.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .kontera.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .kontera.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      statse.webtrendslive.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      media.sensis.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      media.sensis.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      media.sensis.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      media.sensis.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .img.mediaplex.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .tacoda.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .tacoda.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .advertising.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .at.atwola.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .at.atwola.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .247realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .network.realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .questionmarket.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .fastclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .specificclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .specificclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .247realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .interclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .f2network.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .view.atdmt.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .dmtracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ads.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ads.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ads.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ads.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ads.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ads.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      media.sensis.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      network.alluremedia.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      media.sensis.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .atdmt.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .casalemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .specificclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .fastclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .fastclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .interclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .adserving.cpxinteractive.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .overture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .media6degrees.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .view.atdmt.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .s.clickability.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .s.clickability.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .yieldmanager.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .overture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .overture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      media.sensis.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      z.blogads.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .kontera.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ad.doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      optimize.indieclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      optimize.indieclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ads.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ads.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      dc.tremormedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .specificclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .citiintl.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .adbrite.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      optimize.indieclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .specificclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .specificclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .alluremedia.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .eyewonder.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      in.getclicky.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .network.alluremedia.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .media6degrees.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .interclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .media6degrees.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .mediaplex.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .specificclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .d3.zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .network.alluremedia.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .adxpose.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .lucidmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ingdirect.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .partypoker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      tracking.hostgator.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      optimize.indieclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .iinet.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .tacoda.at.atwola.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .tacoda.at.atwola.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      eas.apm.emediate.eu [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      eas.apm.emediate.eu [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      mediamatters.org [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .mediamatters.org [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .mediamatters.org [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .c.gigcount.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ad.au.doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .gscounters.gigya.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .viacom.adbureau.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .viacom.adbureau.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .adtechus.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .kantarmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .legolas-media.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .tns-counter.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .atdmt.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      wstat.wibiya.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .server.cpmstar.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .adserver.adtechus.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .advertising.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .mediabrandsww.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .adtech.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      stats.justhost.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      www.matrix-media.biz [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .adbrite.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      ox-d.w00tmedia.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2mdn.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .s0.2mdn.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .xiti.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      adserving.versaneeds.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .casalemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .casalemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      r2.unicornmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      ad.zanox.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      optimize.indieclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .twittercounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .twittercounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      ads.crakmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ar.atwola.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .legolas-media.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .at.atwola.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .adviva.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .clickfuse.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .mm.chitika.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .sbsaustralia.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      gotacha.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      gotacha.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      gotacha.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      stats.justhost.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .care2.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .foxinteractivemedia.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      csm.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      csm.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .mbf.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .liveperson.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .liveperson.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .247realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .collective-media.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      stats.justhost.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .paypal.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ad.doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ad-apac.doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      www.grapeshot-media.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .medhelpinternational.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .rambler.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .bs.mdadx.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .bs.mdadx.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .bs.mdadx.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .bs.mdadx.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .eyewonder.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      www.flatmatefinders.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      www.flatmatefinders.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      ads2.theawl.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .wotifcom.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .columbussearchd.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .guj.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .radstats.org.uk [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .radstats.org.uk [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .cbs.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .adbrite.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .adbrite.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      ads.gamersmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      ads.gamersmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .getclicky.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .static.getclicky.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .mtvn.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      accounts.google.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .pro-market.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .adinterax.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .adinterax.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .amazon-adsystem.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .amazon-adsystem.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .casalemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .questionmarket.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .azjmp.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .azjmp.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .kaspersky.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .yadro.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .yadro.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .liveperson.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      server.iad.liveperson.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      accounts.youtube.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .legolas-media.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .legolas-media.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      accounts.google.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      accounts.google.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]
      .googleads.g.doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

      Comment


      • #4
        mbam log:
        Malwarebytes' Anti-Malware 1.51.2.1300
        www.malwarebytes.org

        Database version: 8213

        Windows 6.0.6001 Service Pack 1
        Internet Explorer 7.0.6001.18000

        22/11/2011 8:42:37 PM
        mbam-log-2011-11-22 (20-42-37).txt

        Scan type: Full scan (C:\|D:\|H:\|)
        Objects scanned: 274647
        Time elapsed: 1 hour(s), 10 minute(s), 53 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 0
        Registry Values Infected: 0
        Registry Data Items Infected: 0
        Folders Infected: 0
        Files Infected: 0

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        (No malicious items detected)

        Registry Values Infected:
        (No malicious items detected)

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        (No malicious items detected)

        Files Infected:
        (No malicious items detected)


        combofix log:

        ComboFix 11-11-22.01 - Sarah 22/11/2011 20:55:53.1.2 - x86
        Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3062.1665 [GMT 11:00]
        Running from: c:\users\Sarah\Desktop\ComboFix.exe
        AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
        FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
        SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
        SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
        SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
        .
        .
        ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        c:\users\Sarah\AppData\Roaming\DataSafeDotNet.exe
        c:\windows\System32\FastUserSwitching.exe
        H:\Autorun.inf
        H:\Pictures.lnk
        H:\Setup.exe
        .
        .
        ((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
        .
        .
        2011-11-22 08:30 . 2011-11-22 08:30 -------- d-----w- c:\users\Sarah\AppData\Roaming\Malwarebytes
        2011-11-22 08:30 . 2011-11-22 08:30 -------- d-----w- c:\programdata\Malwarebytes
        2011-11-22 08:30 . 2011-11-22 08:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
        2011-11-22 08:30 . 2011-08-31 06:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
        2011-11-21 10:20 . 2011-11-21 10:20 -------- d-----w- c:\users\Sarah\AppData\Roaming\SUPERAntiSpyware.com
        2011-11-21 10:19 . 2011-11-21 10:20 -------- d-----w- c:\program files\SUPERAntiSpyware
        2011-11-21 10:19 . 2011-11-21 10:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
        2011-11-21 10:10 . 2011-11-21 10:10 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
        2011-11-21 10:10 . 2011-11-21 10:09 544656 ----a-w- c:\windows\system32\deployJava1.dll
        2011-11-20 11:37 . 2011-11-20 11:37 -------- d-----w- c:\users\Sarah\AppData\Roaming\IObit
        2011-11-20 11:37 . 2011-11-20 11:37 -------- d-----w- c:\program files\IObit
        2011-11-20 11:23 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
        2011-11-20 11:23 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
        2011-11-20 11:22 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
        2011-11-20 11:20 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
        2011-11-20 11:20 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
        2011-11-20 11:16 . 2011-10-17 14:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84636F74-DB45-49A8-88D0-DC89E035A6A1}\mpengine.dll
        2011-11-11 20:55 . 2011-11-11 20:55 -------- d-----w- c:\program files\Trend Micro
        2011-11-11 20:47 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
        2011-11-11 20:47 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
        2011-11-11 20:47 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
        2011-11-11 20:37 . 2009-11-07 23:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
        2011-11-11 20:37 . 2009-11-07 23:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
        2011-11-11 20:37 . 2009-11-07 23:55 297808 ----a-w- c:\windows\system32\mscoree.dll
        2011-11-11 20:37 . 2009-11-07 23:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
        2011-11-11 20:37 . 2009-11-07 23:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
        2011-11-11 20:36 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
        2011-11-09 12:06 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
        2011-11-09 12:06 . 2009-10-23 17:42 714240 ----a-w- c:\windows\system32\timedate.cpl
        2011-11-09 12:05 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
        2011-11-09 12:05 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
        2011-11-09 12:04 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
        2011-11-09 12:04 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
        2011-11-09 12:04 . 2010-10-12 15:48 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
        2011-11-09 12:04 . 2010-10-12 13:52 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
        2011-11-09 12:04 . 2010-10-12 13:52 515584 ----a-w- c:\program files\Windows Mail\wab.exe
        2011-11-09 12:04 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
        2011-11-09 12:04 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
        2011-11-09 12:04 . 2011-02-16 15:29 34304 ----a-w- c:\windows\system32\atmlib.dll
        2011-11-09 12:04 . 2011-02-16 13:24 292864 ----a-w- c:\windows\system32\atmfd.dll
        2011-11-09 12:04 . 2010-06-16 15:12 72704 ----a-w- c:\windows\system32\fontsub.dll
        2011-11-09 12:02 . 2010-10-15 14:08 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
        2011-11-09 12:02 . 2010-10-15 14:08 3550608 ----a-w- c:\windows\system32\ntoskrnl.exe
        2011-11-09 12:02 . 2010-10-15 13:48 1205592 ----a-w- c:\windows\system32\ntdll.dll
        2011-11-09 12:02 . 2011-03-10 16:12 1161728 ----a-w- c:\windows\system32\mfc42u.dll
        2011-11-09 12:02 . 2011-03-10 16:12 1136640 ----a-w- c:\windows\system32\mfc42.dll
        2011-11-09 12:02 . 2010-01-29 16:22 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
        2011-11-09 12:02 . 2011-02-18 13:31 304640 ----a-w- c:\windows\system32\drivers\srv.sys
        2011-11-09 12:02 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
        2011-11-09 12:02 . 2011-04-29 12:49 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
        2011-11-09 12:02 . 2011-04-29 12:49 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
        2011-11-09 12:02 . 2010-06-28 16:15 1315840 ----a-w- c:\windows\system32\ole32.dll
        2011-11-09 12:02 . 2010-06-28 14:31 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
        2011-11-09 12:02 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys
        2011-11-09 12:01 . 2011-04-21 13:16 273408 ----a-w- c:\windows\system32\drivers\afd.sys
        2011-11-09 12:00 . 2010-12-14 15:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
        2011-11-09 12:00 . 2011-02-16 15:35 430080 ----a-w- c:\windows\system32\vbscript.dll
        2011-11-09 12:00 . 2010-12-20 15:39 563200 ----a-w- c:\windows\system32\oleaut32.dll
        2011-11-09 12:00 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
        2011-11-09 12:00 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
        2011-11-09 12:00 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
        2011-11-09 12:00 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
        2011-11-09 12:00 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
        2011-11-09 11:59 . 2010-11-06 11:09 603648 ----a-w- c:\windows\system32\schedsvc.dll
        2011-11-09 11:59 . 2010-11-06 11:10 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
        2011-11-09 11:59 . 2010-11-06 11:10 357376 ----a-w- c:\windows\system32\taskschd.dll
        2011-11-09 11:59 . 2010-11-06 11:10 270336 ----a-w- c:\windows\system32\taskcomp.dll
        2011-11-09 11:59 . 2010-11-05 00:53 171520 ----a-w- c:\windows\system32\taskeng.exe
        2011-11-09 11:59 . 2011-05-02 15:58 738816 ----a-w- c:\windows\system32\inetcomm.dll
        2011-11-09 11:59 . 2008-08-28 03:40 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
        2011-11-09 11:59 . 2008-08-28 03:40 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
        2011-11-09 11:59 . 2008-08-28 03:40 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
        2011-11-09 11:59 . 2010-10-18 14:01 81920 ----a-w- c:\windows\system32\consent.exe
        2011-11-09 11:58 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
        2011-11-09 11:57 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
        2011-11-09 11:57 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe
        2011-11-09 11:57 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
        2011-11-09 11:57 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll
        2011-11-09 11:57 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll
        2011-11-09 11:57 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
        2011-11-09 11:57 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
        2011-11-09 11:57 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
        2011-11-09 11:57 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll
        2011-11-09 11:57 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll
        2011-11-09 11:56 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
        2011-11-09 11:55 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
        2011-11-09 11:55 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
        2011-11-09 11:54 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
        2011-11-09 11:54 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
        2011-11-09 11:54 . 2010-06-17 17:15 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
        2011-11-09 11:54 . 2010-06-17 15:49 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
        2011-11-09 11:53 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
        2011-11-09 11:53 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll
        2011-11-09 11:48 . 2011-11-09 11:48 -------- d-----w- c:\programdata\Kaspersky Lab
        2011-11-09 11:47 . 2011-11-09 02:53 489048 ------w- c:\windows\system32\drivers\5605534drv.sys
        2011-11-09 11:47 . 2011-03-02 14:49 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
        2011-11-09 11:47 . 2009-05-04 10:11 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
        2011-11-09 11:46 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
        2011-11-09 11:45 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
        2011-11-09 11:45 . 2010-08-26 16:07 157184 ----a-w- c:\windows\system32\t2embed.dll
        2011-11-09 11:44 . 2011-04-29 12:49 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
        2011-11-09 11:44 . 2011-04-29 12:49 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
        2011-11-09 11:44 . 2011-05-02 16:00 766464 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
        2011-11-09 11:43 . 2010-08-31 15:41 954752 ----a-w- c:\windows\system32\mfc40.dll
        2011-11-09 11:43 . 2010-08-31 15:41 954288 ----a-w- c:\windows\system32\mfc40u.dll
        2011-11-09 11:43 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
        2011-11-09 11:42 . 2010-08-20 15:21 866816 ----a-w- c:\windows\system32\wmpmde.dll
        2011-11-09 11:40 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
        2011-11-09 11:38 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll
        2011-11-09 11:38 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll
        2011-11-09 11:17 . 2010-08-31 15:40 531968 ----a-w- c:\windows\system32\comctl32.dll
        .
        .
        .
        (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2011-10-02 02:17 . 2011-05-22 04:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
        2010-06-20 01:16 . 2009-02-03 09:23 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
        .
        .
        ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4
        .
        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
        "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
        .
        [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
        .
        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
        2011-01-17 06:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
        .
        [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
        2011-01-17 06:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
        "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
        "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
        .
        [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
        .
        [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
        .
        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 1866864]
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "RtHDVCpl"="RtHDVCpl.exe" [2008-08-26 6246400]
        "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-26 150040]
        "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-26 178712]
        "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-26 154136]
        "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]
        "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
        "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
        .
        c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
        Dell Dock First Run.lnk - c:\program files\DELL\DellDock\DellDock.exe [2008-9-24 1295656]
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
        "EnableUIADesktopToggle"= 0 (0x0)
        .
        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
        2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
        2009-01-28 02:47 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
        "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
        @=""
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
        @="Service"
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
        @="Service"
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
        @="Service"
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
        @="Service"
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
        2008-06-11 18:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
        2008-10-04 05:58 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
        2010-06-20 01:16 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
        2011-03-07 04:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
        2008-01-14 02:13 132392 ------w- c:\program files\DELL\MediaDirect\PCMService.exe
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
        2010-11-29 06:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
        "DisableMonitoring"=dword:00000001
        .
        R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
        R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2009-07-14 23888]
        R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [2011-10-08 18768]
        R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [2011-09-20 30600]
        R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [2011-09-20 19792]
        R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
        R4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-08-26 73728]
        R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [x]
        R4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [x]
        R4 DELLODDSrv;DELLODDSrv;c:\windows\System32\WinService.exe [2008-07-17 65536]
        R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
        R4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-20 30192]
        S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
        S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
        S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
        S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]
        S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-05-08 27648]
        S3 DLXPDisplayName;DLXPDisplayName;c:\windows\system32\DRIVERS\DLACPI.sys [2008-04-16 14392]
        S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-08 106104]
        .
        .
        .
        ------- Supplementary Scan -------
        .
        uStart Page = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=3090128
        uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
        uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
        IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
        TCP: DhcpNameServer = 10.1.1.1
        TCP: Interfaces\{D0AFBEFD-230A-4881-9B7E-A18EB680CCA2}: NameServer = 203.0.178.191 203.215.29.191
        FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\sgmkv0sx.default\
        FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
        FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
        FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
        FF - Ext: Java Console: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
        FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
        FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
        FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
        .
        - - - - ORPHANS REMOVED - - - -
        .
        BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
        Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
        WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
        HKLM-Run-DellOSD - c:\windows\System32\FastUserSwitching.exe
        SafeBoot-mcmscsvc
        SafeBoot-MCODS
        SafeBoot-Symantec Antvirus
        MSConfigStartUp-EPSON Stylus Photo RX530 Series - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIAGP.EXE
        AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
        .
        .
        .
        **************************************************************************
        .
        catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2011-11-22 21:02
        Windows 6.0.6001 Service Pack 1 NTFS
        .
        scanning hidden processes ...
        .
        scanning hidden autostart entries ...
        .
        scanning hidden files ...
        .
        scan completed successfully
        hidden files: 0
        .
        **************************************************************************
        .
        Completion time: 2011-11-22 21:04:25
        ComboFix-quarantined-files.txt 2011-11-22 10:04
        .
        Pre-Run: 115,080,462,336 bytes free
        Post-Run: 114,501,382,144 bytes free
        .
        - - End Of File - - 55E9DBC00DAEFD2846BC8D2D9903748D


        Whaddya reckon?

        Comment


        • #5
          SysProt Antirootkit

          Download
          SysProt Antirootkit from the link below (you will find it at the bottom
          of the page under attachments, or you can get it from one of the
          mirrors).

          http://sites.google.com/site/sysprotantirootkit/

          Unzip it into a folder on your desktop.
          • Double click Sysprot.exe to start the program.
          • Click on the Log tab.
          • In the Write to log box select the following items.
            • Process << Selected
            • Kernel Modules << Selected
            • SSDT << Selected
            • Kernel Hooks << Selected
            • IRP Hooks << NOT Selected
            • Ports << NOT Selected
            • Hidden Files << Selected
          • At the bottom of the page
            • Hidden Objects Only << Selected
          • Click on the Create Log button on the bottom right.
          • After a few seconds a new window should appear.
          • Select Scan Root Drive. Click on the Start button.
          • When it is complete a new window will appear to indicate that the scan is finished.
          • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

          Comment


          • #6
            Thanks Dave. The sysprot log:

            SysProt AntiRootkit v1.0.1.0
            by swatkat

            ******************************************************************************************
            ******************************************************************************************

            No Hidden Processes found

            ******************************************************************************************
            ******************************************************************************************
            Kernel Modules:
            Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
            Service Name: ---
            Module Base: 951BE000
            Module End: 951C9000
            Hidden: Yes

            Module Name: \SystemRoot\System32\Drivers\dump_msahci.sys
            Service Name: ---
            Module Base: 951C9000
            Module End: 951D3000
            Hidden: Yes

            ******************************************************************************************
            ******************************************************************************************
            SSDT:
            Function Name: ZwAlertResumeThread
            Address: 86BE9EC0
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwAlertThread
            Address: 86BDEA70
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwAllocateVirtualMemory
            Address: 86C0C188
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwConnectPort
            Address: 86B80FB0
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwCreateMutant
            Address: 86BE9C30
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwCreateThread
            Address: 86C0C2D8
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwFreeVirtualMemory
            Address: 86BEAAC8
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwImpersonateAnonymousToken
            Address: 86BE9D20
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwImpersonateThread
            Address: 86BE9E00
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwMapViewOfSection
            Address: 86BEA9E8
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwOpenEvent
            Address: 86BE9B50
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwOpenProcessToken
            Address: 86BDFAA8
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwOpenThreadToken
            Address: 86C0C610
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwProtectVirtualMemory
            Address: 92353880
            Driver Base: 9234E000
            Driver End: 9235C000
            Driver Name: \??\C:\Windows\system32\drivers\wpsdrvnt.sys

            Function Name: ZwResumeThread
            Address: 86C04A38
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwSetContextThread
            Address: 86A40BC0
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwSetInformationProcess
            Address: 86A2CD10
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwSetInformationThread
            Address: 86C0C4F8
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwSuspendProcess
            Address: 86BE9A70
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwSuspendThread
            Address: 869CA320
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwTerminateProcess
            Address: 86BE0D88
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwTerminateThread
            Address: 869E74E0
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwUnmapViewOfSection
            Address: 86A56398
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            Function Name: ZwWriteVirtualMemory
            Address: 86C0C0B8
            Driver Base: 0
            Driver End: 0
            Driver Name: _unknown_

            ******************************************************************************************
            ******************************************************************************************
            No Kernel Hooks found

            ******************************************************************************************
            ******************************************************************************************
            Hidden files/folders:
            Object: C:\ProgramData\Symantec\SRTSP\SrtETmp\299A5DC0.TMP
            Status: Access denied

            Object: C:\ProgramData\Symantec\SRTSP\SrtETmp\99B3A6C2.TMP
            Status: Access denied

            Object: C:\ProgramData\Symantec\SRTSP\SrtETmp\B3B6091E.TMP
            Status: Access denied

            Object: C:\Qoobox\BackEnv\AppData.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Cache.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Cookies.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Desktop.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Favorites.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\History.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Music.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\NetHood.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Personal.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Pictures.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Programs.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Recent.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\SendTo.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\SetPath.bat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\StartUp.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\SysPath.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\Templates.folder.dat
            Status: Access denied

            Object: C:\Qoobox\BackEnv\VikPev00
            Status: Access denied

            Object: C:\Users\All Users\Symantec\SRTSP\SrtETmp\299A5DC0.TMP
            Status: Access denied

            Object: C:\Users\All Users\Symantec\SRTSP\SrtETmp\99B3A6C2.TMP
            Status: Access denied

            Object: C:\Users\All Users\Symantec\SRTSP\SrtETmp\B3B6091E.TMP
            Status: Access denied

            Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
            Status: Access denied

            Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
            Status: Access denied

            Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
            Status: Access denied

            Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
            Status: Access denied

            Comment


            • #7
              ESET Online Scan

              Scan your computer with the ESET FREE Online Virus Scan

              * Click the ESET Online Scanner button.

              * For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
              * Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
              * Double click on the esetsmartinstaller_enu.exe icon on your desktop.
              * Place a check mark next to YES, I accept the Terms of Use.

              * Click the Start button.
              * Accept any security warnings from your browser.
              * Leave the check mark next to Remove found threats and place a check next to Scan archives.
              * Click the Start button.
              * ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
              * When the scan completes, click List of found threats.
              * Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
              * Click the Back button then click Finish.

              In your next reply please include the ESET Online Scan Log

              Comment


              • #8
                Hi Dave,
                ESET reported no threats found.

                Thanks,
                sarah

                Comment


                • #9
                  You're welcome. If there are no other issues, we can do some cleanup.

                  To uninstall ComboFix
                  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
                  • In the field, type in ComboFix /uninstall



                  (Note: Make sure there's a space between the word ComboFix and the forward-slash.)
                  • Then, press Enter, or click OK.
                  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
                  ****************************************************
                  Clean out your temporary internet files and temp files.

                  Download TFC by OldTimer to your desktop.

                  Double-click TFC.exe to run it.

                  Note: If you are running on Vista, right-click on the file and choose Run As Administrator

                  TFC will close all programs when run, so make sure you have saved all your work before you begin.

                  * Click the Start button to begin the cleaning process.
                  * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
                  * Please let TFC run uninterrupted until it is finished.

                  Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
                  ******************************************************
                  Go to Microsoft Windows Update and get all critical updates.

                  ----------
                  I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                  SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
                  * Using SpywareBlaster to protect your computer from Spyware and Malware
                  * If you don't know what ActiveX controls are, see here

                  Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

                  Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                  Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
                  Safe Surfing!

                  Comment


                  • #10
                    You're a saint, Dave! Thanks very much for all your help.

                    Comment


                    • #11
                      Originally posted by snowkitten View Post
                      You're a saint, Dave! Thanks very much for all your help.
                      My wife thinks I'm the devil. Thanks

                      Comment

                      Working...
                      X