Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Advanced SystemCare Pro Review IObit Coupons A Good Utility Program From IObit IObit Driver Booster Pro Review IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs IObit Software Coupons & Promo Code

Virus/malware disabling antivirus software


snowkitten

Recommended Posts

Hi,

I'm running Vista and seem to have downloaded something that turns off my antivirus software (Symantec). I noticed a warning in Windows Defender (that my malware protection was turned off), but when I ran a scan in both Windows Defender and Symantec, it didn't find anything. Kaspersky Virus Removal Tool was also a blank, but there is definitely something going on. So far all it seems to be doing is slowing my system down considerably, with the occasional temporary disappearance of my desktop.

 

Steps from the IObit guidelines for requesting malware help:

 

I deleted temporary files by running Temporary File Cleaner.

 

I ran IObit Malware Fighter and asked it to 'repair' the identified threat - log below:

 

IObit Malware Fighter

 

OS: Windows Vista

Version: 1.2.0.16

Define Version: 1064

Time Elapsed: 00:40:24

Objects Scanned: 67485

Threats Found: 1

Save Time: 20/11/2011 11:22:17 PM

 

|Name|Type|Description|ID|

Trojan.Generic - Quarantined, FILE, C:\Program Files\Java\jre1.6.0_07\bin\pack200.exe, 4073918

 

 

I then ran DDS and the following two logs were generated:

 

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 7.0.6001.18000

Run by Sarah at 23:24:26 on 2011-11-20

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3062.1709 [GMT 11:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\FastUserSwitching.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\MediaButtons.exe

C:\Windows\System32\TestUnitReady.exe

C:\Windows\System32\DELLODD.exe

C:\Windows\System32\DELLOSD.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\wuauclt.exe

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\IObit\IObit Malware Fighter\IMF.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=3090128

uWindow Title = Internet Explorer provided by Dell

uDefault_Page_URL = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=3090128

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File

uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [DellOSD] c:\windows\system32\FastUserSwitching.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{D051BEF6-4416-4B02-BCB0-B3DB388CF55C} : DhcpNameServer = 10.1.1.1

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\sarah\appdata\roaming\mozilla\firefox\profiles\sgmkv0sx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=

FF - component: c:\users\sarah\appdata\roaming\mozilla\firefox\profiles\sgmkv0sx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\users\sarah\appdata\roaming\mozilla\firefox\profiles\sgmkv0sx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: c:\users\sarah\appdata\roaming\mozilla\firefox\profiles\sgmkv0sx.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll

FF - component: c:\users\sarah\appdata\roaming\mozilla\firefox\profiles\sgmkv0sx.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-11-20 820568]

R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-1-28 27648]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-9-17 2477304]

R3 DLXPDisplayName;DLXPDisplayName;c:\windows\system32\drivers\DLACPI.sys [2009-1-29 14392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-8 106104]

R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2011-11-20 18768]

R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2011-11-20 30600]

R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2011-11-20 19792]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-7-14 23888]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2009-1-29 73728]

S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-11-28 464264]

S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-11-28 234888]

S4 DELLODDSrv;DELLODDSrv;c:\windows\system32\WinService.exe [2009-1-28 65536]

S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]

S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-1-28 30192]

.

=============== Created Last 30 ================

.

2011-11-20 11:37:45 -------- d-----w- c:\users\sarah\appdata\roaming\IObit

2011-11-20 11:37:40 -------- d-----w- c:\program files\IObit

2011-11-20 11:34:29 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{84636f74-db45-49a8-88d0-dc89e035a6a1}\offreg.dll

2011-11-20 11:16:35 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{84636f74-db45-49a8-88d0-dc89e035a6a1}\mpengine.dll

2011-11-11 20:55:41 -------- d-----w- c:\program files\Trend Micro

2011-11-11 20:47:44 80896 ----a-w- c:\windows\system32\MSNP.ax

2011-11-11 20:47:38 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-11-11 20:47:37 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-11-11 20:37:25 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-11-11 20:37:25 49472 ----a-w- c:\windows\system32\netfxperf.dll

2011-11-11 20:37:25 297808 ----a-w- c:\windows\system32\mscoree.dll

2011-11-11 20:37:25 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2011-11-11 20:37:25 1130824 ----a-w- c:\windows\system32\dfshim.dll

2011-11-11 20:36:27 231936 ----a-w- c:\windows\system32\msshsq.dll

2011-11-09 12:06:07 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2011-11-09 12:06:04 714240 ----a-w- c:\windows\system32\timedate.cpl

2011-11-09 12:05:48 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-11-09 12:05:47 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-11-09 12:05:42 147456 ----a-w- c:\windows\system32\Faultrep.dll

2011-11-09 12:05:42 125952 ----a-w- c:\windows\system32\wersvc.dll

2011-11-09 12:04:56 168960 ----a-w- c:\program files\windows media player\wmplayer.exe

2011-11-09 12:04:51 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2011-11-09 12:04:14 66048 ----a-w- c:\program files\windows mail\wabmig.exe

2011-11-09 12:04:14 515584 ----a-w- c:\program files\windows mail\wab.exe

2011-11-09 12:04:14 33280 ----a-w- c:\program files\windows mail\wabfind.dll

2011-11-09 12:04:09 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-11-09 12:04:09 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-11-09 12:04:04 72704 ----a-w- c:\windows\system32\fontsub.dll

2011-11-09 12:04:04 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-11-09 12:04:04 292864 ----a-w- c:\windows\system32\atmfd.dll

2011-11-09 12:02:52 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-11-09 12:02:51 3550608 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-11-09 12:02:51 1205592 ----a-w- c:\windows\system32\ntdll.dll

2011-11-09 12:02:45 1161728 ----a-w- c:\windows\system32\mfc42u.dll

2011-11-09 12:02:45 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-11-09 12:02:39 1616384 ----a-w- c:\program files\windows mail\msoe.dll

2011-11-09 12:02:33 304640 ----a-w- c:\windows\system32\drivers\srv.sys

2011-11-09 12:02:28 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-11-09 12:02:28 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-11-09 12:02:28 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-11-09 12:02:16 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe

2011-11-09 12:02:16 1315840 ----a-w- c:\windows\system32\ole32.dll

2011-11-09 12:02:05 2042368 ----a-w- c:\windows\system32\win32k.sys

2011-11-09 12:01:57 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-11-09 12:00:55 1169408 ----a-w- c:\windows\system32\sdclt.exe

2011-11-09 12:00:47 430080 ----a-w- c:\windows\system32\vbscript.dll

2011-11-09 12:00:35 563200 ----a-w- c:\windows\system32\oleaut32.dll

2011-11-09 12:00:17 499712 ----a-w- c:\windows\system32\kerberos.dll

2011-11-09 12:00:05 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-11-09 12:00:05 323072 ----a-w- c:\windows\system32\sbe.dll

2011-11-09 12:00:05 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-11-09 12:00:05 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-11-09 11:59:24 603648 ----a-w- c:\windows\system32\schedsvc.dll

2011-11-09 11:59:23 357376 ----a-w- c:\windows\system32\taskschd.dll

2011-11-09 11:59:23 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-11-09 11:59:22 270336 ----a-w- c:\windows\system32\taskcomp.dll

2011-11-09 11:59:22 171520 ----a-w- c:\windows\system32\taskeng.exe

2011-11-09 11:59:17 738816 ----a-w- c:\windows\system32\inetcomm.dll

2011-11-09 11:59:13 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll

2011-11-09 11:59:13 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2011-11-09 11:59:13 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2011-11-09 11:59:09 81920 ----a-w- c:\windows\system32\consent.exe

2011-11-09 11:58:27 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-09 11:57:10 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe

2011-11-09 11:57:10 511488 ----a-w- c:\windows\system32\RMActivate.exe

2011-11-09 11:57:10 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2011-11-09 11:57:09 472576 ----a-w- c:\windows\system32\secproc_isv.dll

2011-11-09 11:57:09 472064 ----a-w- c:\windows\system32\secproc.dll

2011-11-09 11:57:09 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2011-11-09 11:57:08 329216 ----a-w- c:\windows\system32\msdrm.dll

2011-11-09 11:57:08 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2011-11-09 11:57:08 151040 ----a-w- c:\windows\system32\secproc_ssp.dll

2011-11-09 11:57:01 1645568 ----a-w- c:\windows\system32\connect.dll

2011-11-09 11:56:50 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 11:55:44 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe

2011-11-09 11:55:43 310784 ----a-w- c:\windows\system32\unregmp2.exe

2011-11-09 11:54:35 501760 ----a-w- c:\windows\system32\usp10.dll

2011-11-09 11:54:20 81920 ----a-w- c:\windows\system32\iccvid.dll

2011-11-09 11:54:14 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe

2011-11-09 11:54:14 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll

2011-11-09 11:53:32 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL

2011-11-09 11:53:28 1314816 ----a-w- c:\windows\system32\quartz.dll

2011-11-09 11:48:40 -------- d-----w- c:\programdata\Kaspersky Lab

2011-11-09 11:47:27 489048 ------w- c:\windows\system32\drivers\5605534drv.sys

2011-11-09 11:47:16 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-11-09 11:47:16 25088 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-11-09 11:46:48 67072 ----a-w- c:\windows\system32\asycfilt.dll

2011-11-09 11:45:59 126464 ----a-w- c:\windows\system32\spoolsv.exe

2011-11-09 11:45:48 157184 ----a-w- c:\windows\system32\t2embed.dll

2011-11-09 11:44:21 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-11-09 11:44:21 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-11-09 11:44:13 766464 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll

2011-11-09 11:43:27 954752 ----a-w- c:\windows\system32\mfc40.dll

2011-11-09 11:43:27 954288 ----a-w- c:\windows\system32\mfc40u.dll

2011-11-09 11:43:19 36352 ----a-w- c:\windows\system32\rtutils.dll

2011-11-09 11:42:38 866816 ----a-w- c:\windows\system32\wmpmde.dll

2011-11-09 11:40:10 1257472 ----a-w- c:\windows\system32\msxml3.dll

2011-11-09 11:38:27 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-11-09 11:38:27 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-11-09 11:17:40 531968 ----a-w- c:\windows\system32\comctl32.dll

2011-10-23 05:19:23 -------- d-----w- c:\program files\PeerBlock

.

==================== Find3M ====================

.

2011-10-02 02:17:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 23:26:47.70 ===============

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 28/01/2009 9:17:21 PM

System Uptime: 20/11/2011 10:29:59 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0P096C

Processor: Intel® Core2 Duo CPU T8100 @ 2.10GHz | CPU 1 | 1200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 122.008 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 9.742 GiB free.

E: is CDROM ()

F: is Removable

H: is FIXED (NTFS) - 932 GiB total, 756.13 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP562: 12/11/2011 7:32:35 AM - Windows Update

RP563: 20/11/2011 9:49:41 PM - Windows Update

RP564: 20/11/2011 10:02:19 PM - Windows Update

RP565: 20/11/2011 10:16:08 PM - Windows Update

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Browser Address Error Redirector

Compatibility Pack for the 2007 Office system

Conduit Engine

Dell Dock

Dell Driver Download Manager

Dell Getting Started Guide

Dell Support Center (Support Software)

e-tax 2010

e-tax 2011

EDocs

Google Desktop

GoToAssist 8.0.0.514

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

IObit Malware Fighter

iTunes

Java 6 Update 7

LiveUpdate 3.3 (Symantec Corporation)

MediaButtons 5.0.0.1T4

MediaDirect

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox (3.6.23)

PeerBlock 1.1 (r518)

PIF DESIGNER

QuickTime

Realtek Ethernet Network Card Diagnostic tool for Windows Vista

Realtek High Definition Audio Driver

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Symantec Endpoint Protection

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VLC media player 1.0.5

Vuze

Vuze Remote Toolbar

Vuze Toolbar

WinRAR archiver

.

==== End Of File ===========================

 

 

Any assistance with whether or not my machine still has something funky going on and how to fix it would be much appreciated.

 

Thanks,

snowkitten.

Link to comment
Share on other sites

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

I strongly recommend that you remove Ask from your computer because it;

 

•Promotes its toolbars on sites targeted to kids.

 

•Promotes its toolbars through ads that appear to be part of other companies' sites.

 

•Promotes its toolbars through other companies' spyware.

 

•Installs without any disclosure whatsoever and without any consent whatsoever.

 

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

 

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

 

See Here for more info.

 

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

 

AskBarDis or anything related to Ask

 

Then please find and delete this folder in bold (if present):

C:\Program Files\AskBarDis. or anything related to Ask.

**********************************************************

I should tell you that conduitengine has a certain level of trackability.

 

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

*********************************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

****************************************************

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

***************************************************************************

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

 

link # 1

Link # 2

If you are using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

 

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Right-click combofix.exe and select Run as Administrator and follow the prompts.

When finished, ComboFix will produce a log for you.

Post the ComboFix login your next reply.

 

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

 

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Link to comment
Share on other sites

Thanks Dave! I've done as requested (two posts needed to fit all the logs):

 

Superantispyware scan log:

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 11/22/2011 at 09:12 AM

 

Application Version : 5.0.1136

 

Core Rules Database Version : 7965

Trace Rules Database Version: 5777

 

Scan type : Complete Scan

Total Scan Time : 01:39:36

 

Operating System Information

Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)

UAC On - Limited User (Administrator User)

 

Memory items scanned : 641

Memory threats detected : 0

Registry items scanned : 35831

Registry threats detected : 0

File items scanned : 129363

File threats detected : 408

 

Adware.Tracking Cookie

C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@ad.yieldmanager[1].txt [ /ad.yieldmanager ]

C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@content.yieldmanager[2].txt [ /content.yieldmanager ]

C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@content.yieldmanager[3].txt [ /content.yieldmanager ]

C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Cookies\sarah@euroclick[1].txt [ /euroclick ]

C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@mediaplex[2].txt [ Cookie:sarah@mediaplex.com/ ]

C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@content.yieldmanager[1].txt [ Cookie:sarah@content.yieldmanager.com/ ]

C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@statse.webtrendslive[2].txt [ Cookie:sarah@statse.webtrendslive.com/ ]

C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@doubleclick[1].txt [ Cookie:sarah@doubleclick.net/ ]

C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@imrworldwide[2].txt [ Cookie:sarah@imrworldwide.com/cgi-bin ]

C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@ru4[2].txt [ Cookie:sarah@ru4.com/ ]

C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@ads.pointroll[2].txt [ Cookie:sarah@ads.pointroll.com/ ]

C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@revsci[2].txt [ Cookie:sarah@revsci.net/ ]

C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@f2network.112.2o7[1].txt [ Cookie:sarah@f2network.112.2o7.net/ ]

C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@apmebf[1].txt [ Cookie:sarah@apmebf.com/ ]

C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@specificclick[2].txt [ Cookie:sarah@specificclick.net/ ]

C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@bs.serving-sys[2].txt [ Cookie:sarah@bs.serving-sys.com/ ]

C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@serving-sys[1].txt [ Cookie:sarah@serving-sys.com/ ]

C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@atdmt[1].txt [ Cookie:sarah@atdmt.com/ ]

C:\USERS\SARAH\AppData\Roaming\Microsoft\Windows\Cookies\Low\sarah@ad.yieldmanager[2].txt [ Cookie:sarah@ad.yieldmanager.com/ ]

C:\USERS\SARAH\Cookies\sarah@content.yieldmanager[2].txt [ Cookie:sarah@content.yieldmanager.com/ ]

C:\USERS\SARAH\Cookies\sarah@content.yieldmanager[3].txt [ Cookie:sarah@content.yieldmanager.com/ak/ ]

C:\USERS\SARAH\Cookies\sarah@ad.yieldmanager[1].txt [ Cookie:sarah@ad.yieldmanager.com/ ]

C:\USERS\SARAH\Cookies\sarah@euroclick[1].txt [ Cookie:sarah@euroclick.com/ ]

C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SARAH@112.2O7[2].TXT [ /112.2O7 ]

C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SARAH@ADS.CREAFI[1].TXT [ /ADS.CREAFI ]

C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SARAH@ADS.TELEGRAPH.CO[1].TXT [ /ADS.TELEGRAPH.CO ]

C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SARAH@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]

C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SARAH@POINTROLL[2].TXT [ /POINTROLL ]

C:\USERS\SARAH\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SARAH@TRIBALFUSION[1].TXT [ /TRIBALFUSION ]

.imrworldwide.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.imrworldwide.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.bs.serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.adbrite.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.adbrite.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.media6degrees.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.media6degrees.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.tribalfusion.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.advertising.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.atdmt.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.msnportal.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.fastclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.fastclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.mediaplex.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.mediaplex.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.mediaplex.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.kontera.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.kontera.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

statse.webtrendslive.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

media.sensis.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

media.sensis.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

media.sensis.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

media.sensis.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.img.mediaplex.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.tacoda.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.tacoda.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.advertising.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.at.atwola.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.at.atwola.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.247realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.network.realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.questionmarket.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.fastclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.specificclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.specificclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.247realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.interclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.f2network.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.view.atdmt.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.dmtracker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ads.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ads.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ads.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ads.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ads.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ads.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

media.sensis.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

network.alluremedia.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

media.sensis.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.atdmt.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.casalemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.specificclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.fastclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.fastclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.interclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.adserving.cpxinteractive.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.overture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.media6degrees.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.view.atdmt.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.s.clickability.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.s.clickability.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.yieldmanager.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.overture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.overture.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

media.sensis.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

z.blogads.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.kontera.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ad.doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

optimize.indieclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

optimize.indieclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ads.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ads.pointroll.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

dc.tremormedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.specificclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.citiintl.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.adbrite.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

optimize.indieclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.specificclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.specificclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.alluremedia.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.eyewonder.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

in.getclicky.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.network.alluremedia.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.media6degrees.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.interclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.media6degrees.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.mediaplex.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.specificclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.d3.zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.network.alluremedia.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.adxpose.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.statcounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.lucidmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ingdirect.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.partypoker.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

tracking.hostgator.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

optimize.indieclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.iinet.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.tacoda.at.atwola.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.tacoda.at.atwola.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

eas.apm.emediate.eu [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

eas.apm.emediate.eu [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

mediamatters.org [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.mediamatters.org [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.mediamatters.org [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.c.gigcount.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ad.au.doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.gscounters.gigya.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.viacom.adbureau.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.viacom.adbureau.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.adtechus.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.kantarmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.legolas-media.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.tns-counter.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.atdmt.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

wstat.wibiya.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.server.cpmstar.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.adserver.adtechus.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.advertising.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.mediabrandsww.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.adtech.de [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

stats.justhost.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

http://www.matrix-media.biz [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.adbrite.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

ox-d.w00tmedia.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2mdn.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.s0.2mdn.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.invitemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.xiti.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

adserving.versaneeds.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.casalemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.casalemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

r2.unicornmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

ad.zanox.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

optimize.indieclick.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.twittercounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.twittercounter.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

ads.crakmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ar.atwola.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.legolas-media.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.insightexpressai.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.at.atwola.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.adviva.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.clickfuse.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.mm.chitika.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.sbsaustralia.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

gotacha.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

gotacha.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

gotacha.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

stats.justhost.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.care2.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.foxinteractivemedia.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

csm.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

csm.rotator.hadj7.adjuggler.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.mbf.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.liveperson.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.liveperson.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.247realmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.collective-media.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

stats.justhost.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.paypal.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ad.doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ad-apac.doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

http://www.grapeshot-media.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.medhelpinternational.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.rambler.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.bs.mdadx.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.bs.mdadx.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.bs.mdadx.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.bs.mdadx.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.eyewonder.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

http://www.flatmatefinders.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

http://www.flatmatefinders.com.au [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.serving-sys.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

ads2.theawl.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.wotifcom.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.columbussearchd.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.ru4.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.guj.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.radstats.org.uk [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.radstats.org.uk [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.cbs.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.adbrite.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.adbrite.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

ads.gamersmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

ads.gamersmedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.getclicky.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.static.getclicky.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.mtvn.112.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

accounts.google.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.pro-market.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.adinterax.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.adinterax.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.amazon-adsystem.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.amazon-adsystem.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.zedo.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.casalemedia.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.questionmarket.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.azjmp.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.azjmp.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.kaspersky.122.2o7.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.yadro.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.yadro.ru [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.liveperson.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

server.iad.liveperson.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

accounts.youtube.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

ad.yieldmanager.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.revsci.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.legolas-media.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.legolas-media.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

accounts.google.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

accounts.google.com [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

.googleads.g.doubleclick.net [ C:\USERS\SARAH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SGMKV0SX.DEFAULT\COOKIES.SQLITE ]

Link to comment
Share on other sites

mbam log:

Malwarebytes' Anti-Malware 1.51.2.1300

http://www.malwarebytes.org

 

Database version: 8213

 

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

 

22/11/2011 8:42:37 PM

mbam-log-2011-11-22 (20-42-37).txt

 

Scan type: Full scan (C:\|D:\|H:\|)

Objects scanned: 274647

Time elapsed: 1 hour(s), 10 minute(s), 53 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

combofix log:

 

ComboFix 11-11-22.01 - Sarah 22/11/2011 20:55:53.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3062.1665 [GMT 11:00]

Running from: c:\users\Sarah\Desktop\ComboFix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Sarah\AppData\Roaming\DataSafeDotNet.exe

c:\windows\System32\FastUserSwitching.exe

H:\Autorun.inf

H:\Pictures.lnk

H:\Setup.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))

.

.

2011-11-22 08:30 . 2011-11-22 08:30 -------- d-----w- c:\users\Sarah\AppData\Roaming\Malwarebytes

2011-11-22 08:30 . 2011-11-22 08:30 -------- d-----w- c:\programdata\Malwarebytes

2011-11-22 08:30 . 2011-11-22 08:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-11-22 08:30 . 2011-08-31 06:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-21 10:20 . 2011-11-21 10:20 -------- d-----w- c:\users\Sarah\AppData\Roaming\SUPERAntiSpyware.com

2011-11-21 10:19 . 2011-11-21 10:20 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-11-21 10:19 . 2011-11-21 10:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-11-21 10:10 . 2011-11-21 10:10 611224 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-11-21 10:10 . 2011-11-21 10:09 544656 ----a-w- c:\windows\system32\deployJava1.dll

2011-11-20 11:37 . 2011-11-20 11:37 -------- d-----w- c:\users\Sarah\AppData\Roaming\IObit

2011-11-20 11:37 . 2011-11-20 11:37 -------- d-----w- c:\program files\IObit

2011-11-20 11:23 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll

2011-11-20 11:23 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll

2011-11-20 11:22 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll

2011-11-20 11:20 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-11-20 11:20 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-11-20 11:16 . 2011-10-17 14:28 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{84636F74-DB45-49A8-88D0-DC89E035A6A1}\mpengine.dll

2011-11-11 20:55 . 2011-11-11 20:55 -------- d-----w- c:\program files\Trend Micro

2011-11-11 20:47 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax

2011-11-11 20:47 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-11-11 20:47 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-11-11 20:37 . 2009-11-07 23:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-11-11 20:37 . 2009-11-07 23:55 49472 ----a-w- c:\windows\system32\netfxperf.dll

2011-11-11 20:37 . 2009-11-07 23:55 297808 ----a-w- c:\windows\system32\mscoree.dll

2011-11-11 20:37 . 2009-11-07 23:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2011-11-11 20:37 . 2009-11-07 23:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

2011-11-11 20:36 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll

2011-11-09 12:06 . 2008-10-22 03:57 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2011-11-09 12:06 . 2009-10-23 17:42 714240 ----a-w- c:\windows\system32\timedate.cpl

2011-11-09 12:05 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll

2011-11-09 12:05 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll

2011-11-09 12:04 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2011-11-09 12:04 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2011-11-09 12:04 . 2010-10-12 15:48 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll

2011-11-09 12:04 . 2010-10-12 13:52 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe

2011-11-09 12:04 . 2010-10-12 13:52 515584 ----a-w- c:\program files\Windows Mail\wab.exe

2011-11-09 12:04 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-11-09 12:04 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-11-09 12:04 . 2011-02-16 15:29 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-11-09 12:04 . 2011-02-16 13:24 292864 ----a-w- c:\windows\system32\atmfd.dll

2011-11-09 12:04 . 2010-06-16 15:12 72704 ----a-w- c:\windows\system32\fontsub.dll

2011-11-09 12:02 . 2010-10-15 14:08 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-11-09 12:02 . 2010-10-15 14:08 3550608 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-11-09 12:02 . 2010-10-15 13:48 1205592 ----a-w- c:\windows\system32\ntdll.dll

2011-11-09 12:02 . 2011-03-10 16:12 1161728 ----a-w- c:\windows\system32\mfc42u.dll

2011-11-09 12:02 . 2011-03-10 16:12 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-11-09 12:02 . 2010-01-29 16:22 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll

2011-11-09 12:02 . 2011-02-18 13:31 304640 ----a-w- c:\windows\system32\drivers\srv.sys

2011-11-09 12:02 . 2011-07-06 14:56 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-11-09 12:02 . 2011-04-29 12:49 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-11-09 12:02 . 2011-04-29 12:49 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-11-09 12:02 . 2010-06-28 16:15 1315840 ----a-w- c:\windows\system32\ole32.dll

2011-11-09 12:02 . 2010-06-28 14:31 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe

2011-11-09 12:02 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys

2011-11-09 12:01 . 2011-04-21 13:16 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-11-09 12:00 . 2010-12-14 15:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

2011-11-09 12:00 . 2011-02-16 15:35 430080 ----a-w- c:\windows\system32\vbscript.dll

2011-11-09 12:00 . 2010-12-20 15:39 563200 ----a-w- c:\windows\system32\oleaut32.dll

2011-11-09 12:00 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll

2011-11-09 12:00 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll

2011-11-09 12:00 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-11-09 12:00 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-11-09 12:00 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-11-09 11:59 . 2010-11-06 11:09 603648 ----a-w- c:\windows\system32\schedsvc.dll

2011-11-09 11:59 . 2010-11-06 11:10 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll

2011-11-09 11:59 . 2010-11-06 11:10 357376 ----a-w- c:\windows\system32\taskschd.dll

2011-11-09 11:59 . 2010-11-06 11:10 270336 ----a-w- c:\windows\system32\taskcomp.dll

2011-11-09 11:59 . 2010-11-05 00:53 171520 ----a-w- c:\windows\system32\taskeng.exe

2011-11-09 11:59 . 2011-05-02 15:58 738816 ----a-w- c:\windows\system32\inetcomm.dll

2011-11-09 11:59 . 2008-08-28 03:40 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll

2011-11-09 11:59 . 2008-08-28 03:40 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2011-11-09 11:59 . 2008-08-28 03:40 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2011-11-09 11:59 . 2010-10-18 14:01 81920 ----a-w- c:\windows\system32\consent.exe

2011-11-09 11:58 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-09 11:57 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe

2011-11-09 11:57 . 2010-01-25 08:34 511488 ----a-w- c:\windows\system32\RMActivate.exe

2011-11-09 11:57 . 2010-01-25 08:34 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2011-11-09 11:57 . 2010-01-25 12:48 472576 ----a-w- c:\windows\system32\secproc_isv.dll

2011-11-09 11:57 . 2010-01-25 12:48 472064 ----a-w- c:\windows\system32\secproc.dll

2011-11-09 11:57 . 2010-01-25 08:35 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2011-11-09 11:57 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2011-11-09 11:57 . 2010-01-25 12:48 151040 ----a-w- c:\windows\system32\secproc_ssp.dll

2011-11-09 11:57 . 2010-01-25 12:45 329216 ----a-w- c:\windows\system32\msdrm.dll

2011-11-09 11:57 . 2008-10-21 05:25 1645568 ----a-w- c:\windows\system32\connect.dll

2011-11-09 11:56 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-11-09 11:55 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe

2011-11-09 11:55 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe

2011-11-09 11:54 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll

2011-11-09 11:54 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll

2011-11-09 11:54 . 2010-06-17 17:15 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll

2011-11-09 11:54 . 2010-06-17 15:49 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe

2011-11-09 11:53 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL

2011-11-09 11:53 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll

2011-11-09 11:48 . 2011-11-09 11:48 -------- d-----w- c:\programdata\Kaspersky Lab

2011-11-09 11:47 . 2011-11-09 02:53 489048 ------w- c:\windows\system32\drivers\5605534drv.sys

2011-11-09 11:47 . 2011-03-02 14:49 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-11-09 11:47 . 2009-05-04 10:11 25088 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-11-09 11:46 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll

2011-11-09 11:45 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe

2011-11-09 11:45 . 2010-08-26 16:07 157184 ----a-w- c:\windows\system32\t2embed.dll

2011-11-09 11:44 . 2011-04-29 12:49 146432 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-11-09 11:44 . 2011-04-29 12:49 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-11-09 11:44 . 2011-05-02 16:00 766464 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll

2011-11-09 11:43 . 2010-08-31 15:41 954752 ----a-w- c:\windows\system32\mfc40.dll

2011-11-09 11:43 . 2010-08-31 15:41 954288 ----a-w- c:\windows\system32\mfc40u.dll

2011-11-09 11:43 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll

2011-11-09 11:42 . 2010-08-20 15:21 866816 ----a-w- c:\windows\system32\wmpmde.dll

2011-11-09 11:40 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll

2011-11-09 11:38 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-11-09 11:38 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-11-09 11:17 . 2010-08-31 15:40 531968 ----a-w- c:\windows\system32\comctl32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-02 02:17 . 2011-05-22 04:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2010-06-20 01:16 . 2009-02-03 09:23 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 06:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2011-01-17 06:54 175912 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 1866864]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2008-08-26 6246400]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-26 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-26 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-26 154136]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\DELL\DellDock\DellDock.exe [2008-9-24 1295656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2009-01-28 02:47 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-06-11 18:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]

2008-10-04 05:58 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2010-06-20 01:16 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-03-07 04:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2008-01-14 02:13 132392 ------w- c:\program files\DELL\MediaDirect\PCMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 06:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2009-07-14 23888]

R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [2011-10-08 18768]

R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [2011-09-20 30600]

R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [2011-09-20 19792]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-08-26 73728]

R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [x]

R4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [x]

R4 DELLODDSrv;DELLODDSrv;c:\windows\System32\WinService.exe [2008-07-17 65536]

R4 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]

R4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-20 30192]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]

S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]

S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-05-08 27648]

S3 DLXPDisplayName;DLXPDisplayName;c:\windows\system32\DRIVERS\DLACPI.sys [2008-04-16 14392]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-08 106104]

.

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=3090128

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces\{D0AFBEFD-230A-4881-9B7E-A18EB680CCA2}: NameServer = 203.0.178.191 203.215.29.191

FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\sgmkv0sx.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll

HKLM-Run-DellOSD - c:\windows\System32\FastUserSwitching.exe

SafeBoot-mcmscsvc

SafeBoot-MCODS

SafeBoot-Symantec Antvirus

MSConfigStartUp-EPSON Stylus Photo RX530 Series - c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIAGP.EXE

AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-22 21:02

Windows 6.0.6001 Service Pack 1 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-11-22 21:04:25

ComboFix-quarantined-files.txt 2011-11-22 10:04

.

Pre-Run: 115,080,462,336 bytes free

Post-Run: 114,501,382,144 bytes free

.

- - End Of File - - 55E9DBC00DAEFD2846BC8D2D9903748D

 

 

Whaddya reckon?

Link to comment
Share on other sites

SysProt Antirootkit

 

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

 

http://sites.google.com/site/sysprotantirootkit/

 

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

    [*]At the bottom of the page

    • Hidden Objects Only << Selected

    [*]Click on the Create Log button on the bottom right.

    [*]After a few seconds a new window should appear.

    [*]Select Scan Root Drive. Click on the Start button.

    [*]When it is complete a new window will appear to indicate that the scan is finished.

    [*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Link to comment
Share on other sites

Thanks Dave. The sysprot log:

 

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

Kernel Modules:

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys

Service Name: ---

Module Base: 951BE000

Module End: 951C9000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_msahci.sys

Service Name: ---

Module Base: 951C9000

Module End: 951D3000

Hidden: Yes

 

******************************************************************************************

******************************************************************************************

SSDT:

Function Name: ZwAlertResumeThread

Address: 86BE9EC0

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwAlertThread

Address: 86BDEA70

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwAllocateVirtualMemory

Address: 86C0C188

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwConnectPort

Address: 86B80FB0

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwCreateMutant

Address: 86BE9C30

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwCreateThread

Address: 86C0C2D8

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwFreeVirtualMemory

Address: 86BEAAC8

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwImpersonateAnonymousToken

Address: 86BE9D20

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwImpersonateThread

Address: 86BE9E00

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwMapViewOfSection

Address: 86BEA9E8

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwOpenEvent

Address: 86BE9B50

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwOpenProcessToken

Address: 86BDFAA8

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwOpenThreadToken

Address: 86C0C610

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwProtectVirtualMemory

Address: 92353880

Driver Base: 9234E000

Driver End: 9235C000

Driver Name: \??\C:\Windows\system32\drivers\wpsdrvnt.sys

 

Function Name: ZwResumeThread

Address: 86C04A38

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwSetContextThread

Address: 86A40BC0

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwSetInformationProcess

Address: 86A2CD10

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwSetInformationThread

Address: 86C0C4F8

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwSuspendProcess

Address: 86BE9A70

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwSuspendThread

Address: 869CA320

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwTerminateProcess

Address: 86BE0D88

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwTerminateThread

Address: 869E74E0

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwUnmapViewOfSection

Address: 86A56398

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwWriteVirtualMemory

Address: 86C0C0B8

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

******************************************************************************************

******************************************************************************************

No Kernel Hooks found

 

******************************************************************************************

******************************************************************************************

Hidden files/folders:

Object: C:\ProgramData\Symantec\SRTSP\SrtETmp\299A5DC0.TMP

Status: Access denied

 

Object: C:\ProgramData\Symantec\SRTSP\SrtETmp\99B3A6C2.TMP

Status: Access denied

 

Object: C:\ProgramData\Symantec\SRTSP\SrtETmp\B3B6091E.TMP

Status: Access denied

 

Object: C:\Qoobox\BackEnv\AppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cache.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cookies.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Desktop.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Favorites.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\History.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Music.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\NetHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Personal.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Pictures.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Programs.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Recent.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SendTo.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SetPath.bat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartUp.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SysPath.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Templates.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\VikPev00

Status: Access denied

 

Object: C:\Users\All Users\Symantec\SRTSP\SrtETmp\299A5DC0.TMP

Status: Access denied

 

Object: C:\Users\All Users\Symantec\SRTSP\SrtETmp\99B3A6C2.TMP

Status: Access denied

 

Object: C:\Users\All Users\Symantec\SRTSP\SrtETmp\B3B6091E.TMP

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Status: Access denied

Link to comment
Share on other sites

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites

You're welcome. If there are no other issues, we can do some cleanup.

 

To uninstall ComboFix

 

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall

 

http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg

 

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

 

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

****************************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

******************************************************

Go to Microsoft Windows Update and get all critical updates.

 

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

Link to comment
Share on other sites

  • 2 weeks later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...