Computer Hope

Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: faerieem on May 24, 2011, 01:51:04 PM

Title: know I have a virus, don't know anything else about it.
Post by: faerieem on May 24, 2011, 01:51:04 PM
I visited back in January; this was my experience:
http://www.computerhope.com/forum/index.php/topic,115115.msg770237.html#msg770237

I have a nearly 4 year old Toshiba Satellite A135 running Windows Vista, 32-bit, SP2.  1.5 GB of RAM and a 110 GB hard drive that has 2.3 GB free, which I know is part of the super super slowness on the machine.  I'm happy to accept suggestions of good external drives under $100 or so.

I have kept MSE running carefully since then & I use Web of Trust on the internet, which I browse with Firefox.  The only new program that I have installed since my January visit here is Skype, which my father-in-law installed in March.  I try to be diligent about shutting our computer down at night, which helps some with the slowness.

Our internet usage is typically limited to trusted commerce sites, facebook, a couple of vbulletin forums, twitter, and gmail.  Neither my husband nor I are idiots about internet usage/visiting sites that could be dangerous, etc, so I feel sort of stupid even being back here again so soon, especially as prior to the malware incident in January, we have never had trouble with viruses or spyware.

For the last few weeks, my computer has run ever slower.  Now I am unable to install new programs or updates to existing programs, notably Firefox and Thunderbird, both of which have updates that they repeatedly try to install, but I am told I don't have permission to
access the downloaded files.

A few weeks ago, I took the computer to a local tech shop, which ran scans and told me I had a virus, but $200 is more than I want to spend to repair a machine that isn't new and was only about 3 times that much new.  We're talking about buying a new machine, but until then, I'd love to get this one running properly and a bit faster.

I ran MSE and it quarantined and removed something it found as a threat, but I continue to have trouble with the installation of new items.  Fortunately, I had all of the assessment tools still installed after last time.

Logs below.
Thanks for the help!
emily

-------------
Super AntiSpyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/24/2011 at 00:17 AM

Application Version : 4.48.1000

Core Rules Database Version : 7125
Trace Rules Database Version: 4937

Scan type       : Complete Scan
Total Scan Time : 04:21:56



Memory items scanned      : 779
Memory threats detected   : 0
Registry items scanned    : 8390
Registry threats detected : 0
File items scanned        : 187520
File threats detected     : 22

Adware.Tracking Cookie
   ia.media-imdb.com [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FAKC2BUB ]
   media2.wah.fm [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FAKC2BUB ]
   secure-us.imrworldwide.com [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FAKC2BUB ]
   .adserver.adtechus.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .bs.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .doubleclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .chitika.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .atdmt.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .atdmt.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .tribalfusion.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .collective-media.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]

-----

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6662

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

5/24/2011 8:13:36 AM
mbam-log-2011-05-24 (08-13-36).txt

Scan type: Quick scan
Objects scanned: 200738
Time elapsed: 15 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\ndo8thb2ikwe (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:36:09 PM, on 5/24/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\TrendMicro\Trend Micro\HiJackThis\sniper.exe.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-961768651-989949159-2568054308-1000\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R (User '?')
O4 - HKUS\S-1-5-21-961768651-989949159-2568054308-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-961768651-989949159-2568054308-1000\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - S-1-5-21-961768651-989949159-2568054308-1000 Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (User '?')
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: CabCCT - https://oct.collaborationhost.net//codebase/ActCtrl_Apptix.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device -   - C:\Windows\system32\lxcgcoms.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\oasrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10470 bytes
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on May 24, 2011, 05:18:02 PM
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
****************************************************
Quote
110 GB hard drive that has 2.3 GB free,
Windows requires 15% (17 Gb) or more to operate properly. I'm surprised that you can even boot that computer. You will need to free up some space. You can do this by removing unused programs. You can also off-load important documents, files, videos, music and pictures to DVD's. There's not much I can do with the computer until you free up some space. You can start by uninstalling SAS and MBAM. You can also get a lite version of QuickTime here. (http://www.softpedia.com/get/Multimedia/Video/Codec-Packs-Video-Codecs/QuickTime-Lite.shtml) Please let me know when you are able to free up some space.
In the meantime, you can do this below. You can also run MRT which should be already on your computer.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
*********************************************
* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on May 25, 2011, 02:41:28 PM
Quote from: SuperDave on May 24, 2011, 05:18:02 PM
Windows requires 15% (17 Gb) or more to operate properly. I'm surprised that you can even boot that computer. You will need to free up some space. You can do this by removing unused programs. You can also off-load important documents, files, videos, music and pictures to DVD's. There's not much I can do with the computer until you free up some space. You can start by uninstalling SAS and MBAM. You can also get a lite version of QuickTime here. (http://www.softpedia.com/get/Multimedia/Video/Codec-Packs-Video-Codecs/QuickTime-Lite.shtml) Please let me know when you are able to free up some space.

done.  I have 19.6 GB free now.  I wasn't able to uninstall anything except one set of printer drivers for a printer I no longer use.  using the control panel / programs to uninstall brought up an assortment of error messages, largely telling me that the uninstall process failed.  I can attempt the process again if you want me to provide verbatim messages.

I largely moved off a huge amount of old photos, which are backed up on DVDs and a second older desktop.


Quote
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

done.

Quote
* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.

I received an error message on trying to start the program.  It reads "An error has occurred.  Please visit the Malicious Software Removal  Tool Help Page for more details" however clicking on the link did nothing.
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on May 25, 2011, 05:13:53 PM
Quote
using the control panel / programs to uninstall brought up an assortment of error messages, largely telling me that the uninstall process failed.  I can attempt the process again if you want me to provide verbatim messages.
A lot of programs have their own uninstaller. You can find them by going to All Programs and put your mouse pointer on the progam in question. If there is an uninstaller, you will find under a drop-down.

Quote
largely moved off a huge amount of old photos, which are backed up on DVDs and a second older desktop.
That's a safer method of saving them.

Quote
I received an error message on trying to start the program.  It reads "An error has occurred.  Please visit the Malicious Software Removal  Tool Help Page for more details" however clicking on the link did nothing.
It's probably not installed. You can download it, if you wish and you have the space.

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on May 25, 2011, 09:47:40 PM
when I try to install any new program, including Combo Fix and the Malicious Software Removal Tool, I receive this message:
Windows cannot access the specified device, path, or file.  You may not have the appropriate permissions to access the item.

I am logged in with my own user account, which has always had administrator rights.
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on May 26, 2011, 04:15:33 PM
Please try it in Safe Mode.
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on May 26, 2011, 05:43:37 PM

done in safe mode.  still in safe mode.  returning to regular mode yielded the same response as above on trying to open Firefox.
------
ComboFix 11-05-25.01 - Emily 05/26/2011  18:06:38.4.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1525.978 [GMT -5:00]
Running from: c:\users\Emily\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Online Armor Firewall *Enabled* {5841EF60-F43F-AE8D-642F-D79F12883626}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-26 to 2011-05-26  )))))))))))))))))))))))))))))))
.
.
2011-05-26 23:14 . 2011-05-26 23:14   --------   d-----w-   c:\users\Emily\AppData\Local\temp
2011-05-26 23:14 . 2011-05-26 23:14   --------   d-----w-   c:\users\Public\AppData\Local\temp
2011-05-26 22:59 . 2011-05-26 23:00   --------   d-----w-   C:\32788R22FWJFW
2011-05-26 13:05 . 2011-05-09 20:46   6962000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B72339B-629A-48A2-A890-A46368978DE6}\mpengine.dll
2011-05-23 00:59 . 2011-05-23 01:00   --------   d-----w-   c:\users\test
2011-05-20 13:10 . 2010-11-30 16:43   439632   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9CE9344-25FB-4A95-9F56-050877A81D7F}\gapaengine.dll
2011-05-11 13:55 . 2011-04-07 12:01   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2011-04-30 20:26 . 2011-04-30 20:27   --------   d-----w-   c:\users\Brett\AppData\Roaming\HpUpdate
2011-04-29 22:19 . 2011-04-29 22:19   --------   d-----w-   c:\users\Emily\AppData\Roaming\QuickScan
2011-04-27 19:34 . 2011-03-03 15:40   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2011-04-27 19:34 . 2011-03-03 13:35   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 19:34 . 2011-03-12 21:55   876032   ----a-w-   c:\windows\system32\XpsPrint.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-26 22:56 . 2009-08-29 01:07   17408   ----a-w-   c:\windows\system32\rpcnetp.exe
2011-05-26 22:56 . 2009-08-29 01:25   56680   ----a-w-   c:\windows\system32\rpcnet.dll
2011-05-09 20:46 . 2011-01-19 16:34   6962000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-04 12:39 . 2010-06-24 16:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-03 17:39 . 2011-04-03 17:39   161792   ----a-w-   c:\windows\system32\msls31.dll
2011-04-03 17:39 . 2011-04-03 17:39   1126912   ----a-w-   c:\windows\system32\wininet.dll
2011-04-03 17:39 . 2011-04-03 17:39   86528   ----a-w-   c:\windows\system32\iesysprep.dll
2011-04-03 17:39 . 2011-04-03 17:39   76800   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2011-04-03 17:39 . 2011-04-03 17:39   74752   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2011-04-03 17:39 . 2011-04-03 17:39   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2011-04-03 17:39 . 2011-04-03 17:39   63488   ----a-w-   c:\windows\system32\tdc.ocx
2011-04-03 17:39 . 2011-04-03 17:39   367104   ----a-w-   c:\windows\system32\html.iec
2011-04-03 17:39 . 2011-04-03 17:39   74752   ----a-w-   c:\windows\system32\iesetup.dll
2011-04-03 17:39 . 2011-04-03 17:39   23552   ----a-w-   c:\windows\system32\licmgr10.dll
2011-04-03 17:39 . 2011-04-03 17:39   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-04-03 17:39 . 2011-04-03 17:39   152064   ----a-w-   c:\windows\system32\wextract.exe
2011-04-03 17:39 . 2011-04-03 17:39   150528   ----a-w-   c:\windows\system32\iexpress.exe
2011-04-03 17:39 . 2011-04-03 17:39   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-04-03 17:39 . 2011-04-03 17:39   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-04-03 17:39 . 2011-04-03 17:39   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-04-03 17:39 . 2011-04-03 17:39   11776   ----a-w-   c:\windows\system32\mshta.exe
2011-04-03 17:39 . 2011-04-03 17:39   101888   ----a-w-   c:\windows\system32\admparse.dll
2011-04-03 17:39 . 2011-04-03 17:39   35840   ----a-w-   c:\windows\system32\imgutil.dll
2011-04-03 17:39 . 2011-04-03 17:39   1797632   ----a-w-   c:\windows\system32\jscript9.dll
2011-04-03 17:39 . 2011-04-03 17:39   110592   ----a-w-   c:\windows\system32\IEAdvpack.dll
2011-03-10 17:03 . 2011-04-14 16:17   1162240   ----a-w-   c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 16:17   1136640   ----a-w-   c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-14 16:16   739328   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 19:34   173056   ----a-w-   c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 19:34   458752   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 19:34   542720   ----a-w-   c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 19:34   2159616   ----a-w-   c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-14 16:16   2041856   ----a-w-   c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-14 16:16   86528   ----a-w-   c:\windows\system32\dnsrslvr.dll
2011-05-26 22:58 . 2011-04-04 18:40   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-03-02 16949128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"NDSTray.exe"="NDSTray.exe" [BU]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
.
c:\users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [N/A]
Skyscape SmartUpdate.lnk - c:\program files\Common Files\Skyscape\SmartUpdate.exe [N/A]
.
c:\users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-20 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]
2010-07-07 18:52   6854984   ----a-w-   c:\program files\Emsisoft\Online Armor\oaui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1001]
"EnableNotificationsRef"=dword:00000001
.
R1 MpKsl03424119;MpKsl03424119;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BB4EACC-A5A3-4F7F-B797-644282BC17C1}\MpKsl03424119.sys
R1 MpKsl426faf11;MpKsl426faf11;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19B3529-1F4D-4A28-A373-E8D5DD345EAC}\MpKsl426faf11.sys
R1 MpKsl9740c8cb;MpKsl9740c8cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{035DE9EF-62E7-4BDD-9D5C-BE7A20C09D7F}\MpKsl9740c8cb.sys
R1 MpKsl97cc59aa;MpKsl97cc59aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DC0349C-A123-4915-88F6-C5760DABBD64}\MpKsl97cc59aa.sys
R1 MpKsl98d3fb52;MpKsl98d3fb52;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D116C21-CBB6-4EC3-B876-83CB4D1F411C}\MpKsl98d3fb52.sys
R1 MpKslc093615b;MpKslc093615b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33E8D659-5C96-4CEB-9406-D3E8DEA6CB14}\MpKslc093615b.sys
R1 MpKslc7d03e3e;MpKslc7d03e3e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14BB1A6F-DF0E-4158-B709-4B88A99C9C3C}\MpKslc7d03e3e.sys
R1 MpKslf4303622;MpKslf4303622;c:\windows\system32\MpEngineStore\MpKslf4303622.sys [2011-03-03 28752]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-07-07 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-07-07 22600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [2010-07-07 3364680]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2010-07-07 29256]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
R4 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\OAcat.exe [2010-07-07 1283400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ      HPSLPSVC
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 22:15]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>;*.local
DPF: CabCCT - hxxps://oct.collaborationhost.net//codebase/ActCtrl_Apptix.cab
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\fsxq9ver.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-26 18:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-05-26  18:17:08
ComboFix-quarantined-files.txt  2011-05-26 23:16
ComboFix2.txt  2011-01-20 02:13
.
Pre-Run: 20,647,481,344 bytes free
Post-Run: 20,733,378,560 bytes free
.
- - End Of File - - 386EE067DC261FDC2043DE4364CC26A8

Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on May 26, 2011, 05:44:22 PM
should I run MRT now?
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on May 27, 2011, 04:32:04 PM
Re-running ComboFix to remove infections:


Quote
should I run MRT now?
Yes. Please try it now.
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on May 29, 2011, 11:56:27 AM
ComboFix 11-05-28.01 - Emily 05/29/2011  11:55:31.5.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1525.960 [GMT -5:00]
Running from: c:\users\Emily\Desktop\ComboFix.exe
Command switches used :: c:\users\Emily\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Online Armor Firewall *Enabled* {5841EF60-F43F-AE8D-642F-D79F12883626}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2011-04-28 to 2011-05-29  )))))))))))))))))))))))))))))))
.
.
2011-05-29 17:05 . 2011-05-29 17:19   --------   d-----w-   c:\users\Emily\AppData\Local\temp
2011-05-29 17:05 . 2011-05-29 17:05   --------   d-----w-   c:\users\Public\AppData\Local\temp
2011-05-29 17:05 . 2011-05-29 17:05   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2011-05-29 17:05 . 2011-05-29 17:05   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-05-29 17:05 . 2011-05-29 17:05   --------   d-----w-   c:\users\Brett\AppData\Local\temp
2011-05-27 18:36 . 2011-05-27 18:36   --------   d-----w-   c:\users\Brett\AppData\Roaming\skypePM
2011-05-27 18:32 . 2011-05-27 18:39   --------   d-----w-   c:\users\Brett\AppData\Roaming\Skype
2011-05-27 17:17 . 2011-05-09 20:46   6962000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2112E809-728B-43DB-A3D1-574A1BD7516D}\mpengine.dll
2011-05-23 00:59 . 2011-05-23 01:00   --------   d-----w-   c:\users\test
2011-05-20 13:10 . 2010-11-30 16:43   439632   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9CE9344-25FB-4A95-9F56-050877A81D7F}\gapaengine.dll
2011-05-11 13:55 . 2011-04-07 12:01   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2011-04-30 20:26 . 2011-04-30 20:27   --------   d-----w-   c:\users\Brett\AppData\Roaming\HpUpdate
2011-04-29 22:19 . 2011-04-29 22:19   --------   d-----w-   c:\users\Emily\AppData\Roaming\QuickScan
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 17:17 . 2009-08-29 01:07   17408   ----a-w-   c:\windows\system32\rpcnetp.exe
2011-05-29 17:17 . 2009-08-29 01:25   56680   ----a-w-   c:\windows\system32\rpcnet.dll
2011-05-09 20:46 . 2011-01-19 16:34   6962000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-04 12:39 . 2010-06-24 16:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-03 17:39 . 2011-04-03 17:39   161792   ----a-w-   c:\windows\system32\msls31.dll
2011-04-03 17:39 . 2011-04-03 17:39   1126912   ----a-w-   c:\windows\system32\wininet.dll
2011-04-03 17:39 . 2011-04-03 17:39   86528   ----a-w-   c:\windows\system32\iesysprep.dll
2011-04-03 17:39 . 2011-04-03 17:39   76800   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2011-04-03 17:39 . 2011-04-03 17:39   74752   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2011-04-03 17:39 . 2011-04-03 17:39   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2011-04-03 17:39 . 2011-04-03 17:39   63488   ----a-w-   c:\windows\system32\tdc.ocx
2011-04-03 17:39 . 2011-04-03 17:39   367104   ----a-w-   c:\windows\system32\html.iec
2011-04-03 17:39 . 2011-04-03 17:39   74752   ----a-w-   c:\windows\system32\iesetup.dll
2011-04-03 17:39 . 2011-04-03 17:39   23552   ----a-w-   c:\windows\system32\licmgr10.dll
2011-04-03 17:39 . 2011-04-03 17:39   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-04-03 17:39 . 2011-04-03 17:39   152064   ----a-w-   c:\windows\system32\wextract.exe
2011-04-03 17:39 . 2011-04-03 17:39   150528   ----a-w-   c:\windows\system32\iexpress.exe
2011-04-03 17:39 . 2011-04-03 17:39   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-04-03 17:39 . 2011-04-03 17:39   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-04-03 17:39 . 2011-04-03 17:39   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-04-03 17:39 . 2011-04-03 17:39   11776   ----a-w-   c:\windows\system32\mshta.exe
2011-04-03 17:39 . 2011-04-03 17:39   101888   ----a-w-   c:\windows\system32\admparse.dll
2011-04-03 17:39 . 2011-04-03 17:39   35840   ----a-w-   c:\windows\system32\imgutil.dll
2011-04-03 17:39 . 2011-04-03 17:39   1797632   ----a-w-   c:\windows\system32\jscript9.dll
2011-04-03 17:39 . 2011-04-03 17:39   110592   ----a-w-   c:\windows\system32\IEAdvpack.dll
2011-03-12 21:55 . 2011-04-27 19:34   876032   ----a-w-   c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-14 16:17   1162240   ----a-w-   c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 16:17   1136640   ----a-w-   c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-14 16:16   739328   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 19:34   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-27 19:34   173056   ----a-w-   c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 19:34   458752   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 19:34   542720   ----a-w-   c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 19:34   2159616   ----a-w-   c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35 . 2011-04-27 19:34   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25 . 2011-04-14 16:16   2041856   ----a-w-   c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-14 16:16   86528   ----a-w-   c:\windows\system32\dnsrslvr.dll
2011-05-26 22:58 . 2011-04-04 18:40   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-03-02 16949128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"NDSTray.exe"="NDSTray.exe" [BU]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
.
c:\users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [N/A]
Skyscape SmartUpdate.lnk - c:\program files\Common Files\Skyscape\SmartUpdate.exe [N/A]
.
c:\users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-20 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]
2010-07-07 18:52   6854984   ----a-w-   c:\program files\Emsisoft\Online Armor\oaui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 19:20   997408   ----a-w-   c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1001]
"EnableNotificationsRef"=dword:00000001
.
R1 MpKsl03424119;MpKsl03424119;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BB4EACC-A5A3-4F7F-B797-644282BC17C1}\MpKsl03424119.sys
R1 MpKsl426faf11;MpKsl426faf11;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19B3529-1F4D-4A28-A373-E8D5DD345EAC}\MpKsl426faf11.sys
R1 MpKsl9740c8cb;MpKsl9740c8cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{035DE9EF-62E7-4BDD-9D5C-BE7A20C09D7F}\MpKsl9740c8cb.sys
R1 MpKsl97cc59aa;MpKsl97cc59aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DC0349C-A123-4915-88F6-C5760DABBD64}\MpKsl97cc59aa.sys
R1 MpKsl98d3fb52;MpKsl98d3fb52;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D116C21-CBB6-4EC3-B876-83CB4D1F411C}\MpKsl98d3fb52.sys
R1 MpKslc093615b;MpKslc093615b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33E8D659-5C96-4CEB-9406-D3E8DEA6CB14}\MpKslc093615b.sys
R1 MpKslc7d03e3e;MpKslc7d03e3e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14BB1A6F-DF0E-4158-B709-4B88A99C9C3C}\MpKslc7d03e3e.sys
R1 MpKslf4303622;MpKslf4303622;c:\windows\system32\MpEngineStore\MpKslf4303622.sys [2011-03-03 28752]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-07-07 236104]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [2010-07-07 3364680]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
R4 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\OAcat.exe [2010-07-07 1283400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-07-07 22600]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2010-07-07 29256]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ      HPSLPSVC
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 22:15]
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.1
DPF: CabCCT - hxxps://oct.collaborationhost.net//codebase/ActCtrl_Apptix.cab
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\fsxq9ver.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
.
**************************************************************************
.
Completion time: 2011-05-29  12:26:27 - machine was rebooted
ComboFix-quarantined-files.txt  2011-05-29 17:25
ComboFix2.txt  2011-05-26 23:17
ComboFix3.txt  2011-01-20 02:13
.
Pre-Run: 19,847,061,504 bytes free
Post-Run: 19,735,728,128 bytes free
.
- - End Of File - - FF721FF789FD9B453A2EA0669CA10D5A

and I am running MRT now.
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on May 29, 2011, 12:14:19 PM
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)

Unzip it into a folder on your desktop.
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on May 29, 2011, 01:47:05 PM
Ran it.  Also got this message, though, when running in safe mode: "failed to start service.  SysProt AntiRootKit needs to be run with Admin privileges!"

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on May 29, 2011, 07:17:22 PM
Quote
Ran it.  Also got this message, though, when running in safe mode: "failed to start service.  SysProt AntiRootKit needs to be run with Admin privileges!"
That's strange. You should only get that message when you have a 64 bit computer. Let's try this.

Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on May 29, 2011, 08:07:09 PM
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 14 Stepping 12, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Disabled !
User Account Control (UAC) -> Disabled !
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 4.0.1 (en-US)
.
C:\  [Fixed-NTFS] .. ( Total:110 Go - Free:18 Go )
D:\  [CD_Rom]
.
Scan : 20:58.33
Path : C:\Users\Emily\Desktop\Rooter.exe
User : Emily ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (356)
______ C:\Windows\system32\csrss.exe (484)
______ C:\Windows\system32\csrss.exe (520)
______ C:\Windows\system32\wininit.exe (528)
______ C:\Windows\system32\winlogon.exe (572)
______ C:\Windows\system32\services.exe (604)
______ C:\Windows\system32\lsass.exe (616)
______ C:\Windows\system32\lsm.exe (624)
______ C:\Windows\system32\svchost.exe (760)
______ C:\Windows\system32\svchost.exe (816)
______ c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (892)
______ C:\Windows\System32\svchost.exe (992)
______ C:\Windows\system32\svchost.exe (1020)
______ C:\Windows\System32\svchost.exe (1060)
______ C:\Windows\system32\svchost.exe (1108)
______ C:\Windows\system32\svchost.exe (1124)
______ C:\Windows\system32\svchost.exe (1304)
______ C:\Windows\system32\svchost.exe (1420)
______ C:\Windows\Explorer.EXE (1796)
______ C:\Users\Emily\Desktop\Rooter.exe (1624)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:1572864000)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:1573912576 | Length:118459727872)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\Windows\joke.gif
==> KoobFace <==
.
----------------------\\ Scan completed at 21:00.12
.
C:\Rooter$\Rooter_1.txt - (29/05/2011 | 21:00.12)
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on May 30, 2011, 05:23:50 PM
Please update and run another scan with MBAM and post the log.
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on May 30, 2011, 07:49:56 PM
ran in safe mode.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6727

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

5/30/2011 8:37:25 PM
mbam-log-2011-05-30 (20-37-25).txt

Scan type: Full scan (C:\|)
Objects scanned: 371951
Time elapsed: 1 hour(s), 16 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on May 30, 2011, 08:30:19 PM
I've been running the programs in safe mode w/networking.

When I log in in normal mode, I continue to be unable to access Firefox or Thunderbird, with the "you don't have permission" message.  Also, after logging into safe mode initially, I now have an icon on my desktop with the IE logo, labelled "The Internet".  That also doesn't open in normal mode.

In normal mode, I can open word documents and print as well as open itunes and skype.
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on May 31, 2011, 05:34:51 PM
Quote
"The Internet".  That also doesn't open in normal mode.
Please right-click on that shortcut, select Properties. The file path will be highlighted. Do CRTL C to copy the file path. Do CRTL V to paste it in your reply.
Quote
When I log in in normal mode, I continue to be unable to access Firefox or Thunderbird
I assume that you can access Internet Explorer. You could try uninstalling both Firefox and Thunderbird.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
 ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 01, 2011, 06:55:12 AM
Quote
Please right-click on that shortcut, select Properties. The file path will be highlighted. Do CRTL C to copy the file path. Do CRTL V to paste it in your reply.

It doesn't appear to be a shortcut.  Right-clicking and selecting properties brings up the "internet properties" dialog box.  Clicking this icon does nothing.  Typing internet explorer into the menu search bar and selecting Internet Explorer from the start menu also does nothing.

Quote
I assume that you can access Internet Explorer. You could try uninstalling both Firefox and Thunderbird.

In normal mode, I cannot access Firefox, Thunderbird, or Chrome.  I haven't tried Safari.  When I try IE, nothing happens.


ESET:
C:\Users\Emily\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\53becaae-1d3ed455   multiple threats
C:\Users\Emily\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\6ad51e08-322e7228   multiple threats
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 01, 2011, 07:32:42 AM
Quote from: faerieem on June 01, 2011, 06:55:12 AM
It doesn't appear to be a shortcut.  Right-clicking and selecting properties brings up the "internet properties" dialog box.  Clicking this icon does nothing.  Typing internet explorer into the menu search bar and selecting Internet Explorer from the start menu also does nothing.

In normal mode, I cannot access Firefox, Thunderbird, or Chrome.  I haven't tried Safari.  When I try IE, nothing happens.

For clarity, I tried all of this in regular mode.  I can access everything in "safe mode with networking".  Safari works fine.  I will try removing and reinstalling firefox & thunderbird, which are my default browsers.  I'm not sure why Chrome is even on the machine.
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 01, 2011, 08:28:47 AM
sorry to multi-post, but I want you to have all info.
I uninstalled and reinstalled firefox & thunderbird, which I did in safe mode w/networking.
in regular mode, the "you do not have appropriate permissions" message continues to come up, even after reinstalling. 
I'm writing this from safari in normal mode.
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on June 01, 2011, 01:35:21 PM
First of all, please re-run ESET and, this time, clean the infections.

Please run this even if you don't have the OS disk

Do you have your OS  CD/DVD?

If so,

1/ Click the Start button.

2/ From the Start Menu, Click All programs followed by Accessories.

3/ In the Accessories menu, Right Click on the Command Prompt option.

4/ From the drop down menu that appears, Click on the Run as administrator option.

5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.

6/ In the Command Prompt window, type: sfc /scannow and then press Enter.

7/ A message will appear stating that the system scan will begin.

8/ Be patient because the scan may take some time.

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.

11/ After the scan has completed, Close the command prompt window.
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 01, 2011, 04:51:38 PM
Quote from: SuperDave on June 01, 2011, 01:35:21 PM
First of all, please re-run ESET and, this time, clean the infections.

done.

Quote
Do you have your OS  CD/DVD?
I have the "Toshiba Recovery Disks" that came with the computer.  Two disks.

Quote
9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.


The report reads "Windows Resource Protection found some corrupt files but was unable to fix some of them."

Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on June 01, 2011, 05:11:14 PM
Quote
The report reads "Windows Resource Protection found some corrupt files but was unable to fix some of them."
This probably means that some of the files affecting Internet Explorer are corrupt. Did you have any luck with Firefox, Thunderbird?
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 01, 2011, 06:09:05 PM
No.  I uninstalled and reinstalled them in safe mode (the only way I've had luck with uninstall/install), but a reboot into normal continues to bring up the same "you don't have permission" message.
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on June 02, 2011, 04:05:37 PM
Do you have any accounts on this computer?
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 02, 2011, 04:32:44 PM
user accounts?  Mine, my husbands, and I set up two log-ins before I came here, to see if the trouble I was having was exclusive to me or if it was universal.    It appears to be a universal problem: the not being able to use Firefox due to permissions as well as IE never opening.
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on June 03, 2011, 01:02:21 PM
We've already established that some of your files are corrupted which is probably the reason why IE doesn't work. The solution to this would be to use your Recovery Disks which will take your computer back to the day you purchased it. This could also be the problem with Firefox. You should back up your important files, documents, pictures, movies and music to DVD's and try running the Recovery. You may be able to just do a repair.
Let's try one more scan.

Please download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) to Desktop and run it.

(http://i424.photobucket.com/albums/pp322/digistar/MiniToolBox.png)

Checkmark the following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • List content of Hosts
  • List IP Configuration
  • Lst Last 10 Event Viewer Errors
  • List Users, Partitions and Memory Size
    • [/b]
Click Go and copy/paste the log (Result.txt) into your next post. .
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 03, 2011, 04:48:38 PM
should I do the recovery/repair now or wait for your indication?

MiniToolBox by Farbar
Ran by Emily (administrator) on 03-06-2011 at 17:41:27
Windows Vista (TM) Home Premium Service Pack 2 (X86)

***************************************************************************


================= Flush DNS: ============================================== 

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

================= End of Flush DNS ======================================== 

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================

"Reset IE Proxy Settings": Proxy Settings were reset.

=============== Hosts content: ============================================ 

127.0.0.1       localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Emily-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR5006EG Wireless Network Adapter
   Physical Address. . . . . . . . . : 00-16-E3-E2-AC-9D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f40f:8ce8:19d:fb90%9(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, June 03, 2011 5:38:01 PM
   Lease Expires . . . . . . . . . . : Saturday, June 04, 2011 6:08:13 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 251664099
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0D-8A-BA-27-00-16-D4-94-85-52
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
   Physical Address. . . . . . . . . : 00-16-D4-94-85-52
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{29CC3FA2-F6AB-4C99-8D5C-3FA544FDE29C}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1

Name:    google.com
Addresses:  74.125.93.147
     74.125.93.104
     74.125.93.106
     74.125.93.103
     74.125.93.105
     74.125.93.99



Pinging google.com [74.125.93.106] with 32 bytes of data:

Reply from 74.125.93.106: bytes=32 time=42ms TTL=52

Reply from 74.125.93.106: bytes=32 time=41ms TTL=52



Ping statistics for 74.125.93.106:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 41ms, Maximum = 42ms, Average = 41ms

Server:  UnKnown
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  69.147.125.65
     72.30.2.43
     98.137.149.56
     209.191.122.70
     67.195.160.76



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=45ms TTL=51

Reply from 209.191.122.70: bytes=32 time=51ms TTL=51



Ping statistics for 209.191.122.70:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 45ms, Maximum = 51ms, Average = 48ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
  9 ...00 16 e3 e2 ac 9d ...... Atheros AR5006EG Wireless Network Adapter
  8 ...00 16 d4 94 85 52 ...... Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
 20 ...00 00 00 00 00 00 00 e0  isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
 12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
 19 ...00 00 00 00 00 00 00 e0  isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
 22 ...00 00 00 00 00 00 00 e0  isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
 21 ...00 00 00 00 00 00 00 e0  isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
 23 ...00 00 00 00 00 00 00 e0  isatap.{29CC3FA2-F6AB-4C99-8D5C-3FA544FDE29C}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    281
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  9    281 fe80::/64                On-link
  9    281 fe80::f40f:8ce8:19d:fb90/128
                                    On-link
  1    306 ff00::/8                 On-link
  9    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/03/2011 05:38:22 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6801

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6801

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5787

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5787

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4711

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4711

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/03/2011 05:39:10 PM) (Source: Service Control Manager) (User: )
Description: MpFilter
OADevice
SASDIFSV
SASKUTIL
spldr
Tosrfcom
Wanarpv6

Error: (06/03/2011 05:39:10 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (06/03/2011 05:38:26 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/03/2011 05:38:24 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (06/03/2011 05:38:22 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/03/2011 05:38:14 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/03/2011 06:08:31 AM) (Source: Service Control Manager) (User: )
Description: Tosrfcom

Error: (06/03/2011 06:08:31 AM) (Source: Service Control Manager) (User: )
Description: lxcg_device%%2

Error: (06/02/2011 05:30:44 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (06/02/2011 05:28:36 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}


Microsoft Office Sessions:
=========================
Error: (06/03/2011 05:38:22 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6801

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6801

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5787

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5787

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4711

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4711

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 28%
Total physical RAM: 1525.38 MB
Available physical RAM: 1091.3 MB
Total Pagefile: 3304.57 MB
Available Pagefile: 3010.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1982.26 MB

======================= Partitions: =======================================

1 Drive c: (SQ004286V02) (Fixed) (Total:110.32 GB) (Free:17.87 GB) NTFS

================= Users: ==================================================

User accounts for \\EMILY-PC

-------------------------------------------------------------------------------
Administrator            Brett                    Emily                   
Guest                    test                     
The command completed successfully.

================= End of Users ============================================
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on June 03, 2011, 07:13:07 PM
Quote
should I do the recovery/repair now or wait for your indication?
Not just yet. The signal seems to be going through.
Let's try another scan.

Download Dr.Web CureIt to the desktop:
DrWebCureIt (http://download.cnet.com/Dr-Web-CureIt/3000-2239_4-128071.html)

  o Now, go to Settings >> Change Settings
  o Go to Actions tab >> under Objects section, change the settings to below
  Infected objects - Cure
  Incurable objects - Report
  Suspicious objects - Report
  o Don't change any other settings
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 04, 2011, 09:51:39 PM
Dr.web had a newer version, which it instructed me to download. It isn't offering me the "report" option when I choose "cure".
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on June 05, 2011, 04:45:26 PM
Quote
Dr.web had a newer version, which it instructed me to download. It isn't offering me the "report" option when I choose "cure".
You were able to get further than I did when I tried it. That scanner is no longer working.
The signal is getting through. MiniToolbox did some repairs so the problem seems to be with infected files.  It may be time to try the Recovery Repair.
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 05, 2011, 08:28:27 PM
My recovery disks with my PC: the ones provided by Toshiba seem to be strictly recovery.  I can do it.  are we sure??!

Dr.Web gave me a rather extensive log.
From it, these are the infected files:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Emily.reg infected with Trojan.StartPage.1505 - user denied curing

C:\Documents and Settings\All Users\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Emily.reg infected with Trojan.StartPage.1505 - user denied curing

C:\Program Files\HP\{2012D762-5DCA-455A-B5FE-EDF79BC93E18}\gup\netdevicemanager.exe infected with Trojan.Blackmailer.1680 - user denied curing

C:\Program Files\HP\{2012D762-5DCA-455A-B5FE-EDF79BC93E18}\wup\NetDeviceManager.exe infected with Trojan.Blackmailer.1680 - user denied curing

C:\ProgramData\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Emily.reg infected with Trojan.StartPage.1505 - user denied curing

C:\Users\All Users\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Emily.reg infected with Trojan.StartPage.1505 - user denied curing
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 05, 2011, 08:35:00 PM
also, when/if we do go for full recovery (i.e. formatting & reinstalling), should I be concerned about the safety of my backed up files, which are largely saved to a second PC, an external hard drive, and DVDs?
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on June 06, 2011, 01:39:07 PM
Quote
the ones provided by Toshiba seem to be strictly recovery.  I can do it.  are we sure??!
Yes. The Recovery disk will take your computer back to the day you purchased it. Then you will have to get all your Windows updates.
Quote
also, when/if we do go for full recovery (i.e. formatting & reinstalling), should I be concerned about the safety of my backed up files, which are largely saved to a second PC, an external hard drive, and DVDs?

Yes, you should be concerned. Make sure you scan them with a good, up-to-date Anti-Virus program that you will have installed on your computer. See list below. You can download more than one of them for scanning purposes only but only one can be active at any time on your computer. Also scan them with SAS and MBAM before putting them back on your computer.

Remember to only install one antivirus!
 
1) Avast! Home Edition (http://www.majorgeeks.com/Avast_Home_Edition_d1968.html)
2) AVG Free Edition (http://www.majorgeeks.com/download.php?det=886)
3) Avira AntiVir Personal (http://www.majorgeeks.com/AntiVir_Personal_Edition_7_d955.html)
4) Microsoft Security Essentials for Windows Vista\Windows 7 (http://majorgeeks.com/Microsoft_Security_Essentials_for_Windows_VistaWindows_7_d6242.html) - 64 bit Download (http://majorgeeks.com/downloadget.php?id=6242&file=5&evp=9112d44b71f157fc5d7fcd7724b088ca)
4-a) Microsoft Security Essentials for Windows XP (http://www.microsoft.com/security_essentials/)
5) Comodo Antivirus (http://www.majorgeeks.com/Comodo_AntiVirus_d5109.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition (http://www.majorgeeks.com/PC_Tools_AntiVirus_Free_Edition_d5469.html)

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
*********************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
****************************************
(http://i424.photobucket.com/albums/pp322/digistar/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Good luck.
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 06, 2011, 02:15:54 PM
making sure I'm clear on the next steps:
1.  run recovery
2.  get all windows updates
3.  run antivirus
4.  run antivirus on saved documents (is that an option?  to "scan external drive"?)
5.  run SAS
6.  run MBAM
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on June 07, 2011, 06:08:07 PM
Quote
run antivirus on saved documents (is that an option?  to "scan external drive"?)
Yes. Most scanners will let you chose what you want to scan.
Quote
run SAS  run MBAM
Yes, on all the files you want to put back on your computer.
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 08, 2011, 10:34:52 AM
I ran MSE on computer & on my external hard drive.  I think it removed things from the external (TrojanDownloader via Java, Exploit via Java, Rogue: Win32/FakeXPA)

these are the SAS & MBAM logs from my computer.  I'll post from the external drive in next post.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/07/2011 at 03:14 PM

Application Version : 4.53.1000

Core Rules Database Version : 7225
Trace Rules Database Version: 5037

Scan type       : Complete Scan
Total Scan Time : 00:56:15

Memory items scanned      : 575
Memory threats detected   : 0
Registry items scanned    : 6215
Registry threats detected : 2
File items scanned        : 93944
File threats detected     : 27

Adware.Tracking Cookie
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@adxpose[1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@imrworldwide[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@advertising[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@media6degrees[1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@invitemedia[1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@lucidmedia[1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@revsci[1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@tribalfusion[1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@atdmt[1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@interclick[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@serving-sys[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@ru4[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@zedo[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@doubleclick[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\Low\emily@2o7[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\Low\emily@adinterax[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\Low\emily@atdmt[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\Low\emily@doubleclick[1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\Low\emily@questionmarket[1].txt

Trojan.Agent/Gen
   HKU\S-1-5-21-2876558591-2662789015-1497126295-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#47862506
   HKU\S-1-5-21-2876558591-2662789015-1497126295-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#1922036909


-----------------------------
MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6804

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

6/7/2011 7:51:29 PM
mbam-log-2011-06-07 (19-51-29).txt

Scan type: Full scan (C:\|)
Objects scanned: 226999
Time elapsed: 39 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 08, 2011, 10:36:42 AM
and from the external drive, SAS ran overnight, and afterwards, the computer restarted itself.  I'm not sure if it repaired the items it found or not.  I can rerun.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/08/2011 at 01:43 AM

Application Version : 4.53.1000

Core Rules Database Version : 7225
Trace Rules Database Version: 5037

Scan type       : Complete Scan
Total Scan Time : 03:38:41

Memory items scanned      : 591
Memory threats detected   : 0
Registry items scanned    : 6234
Registry threats detected : 0
File items scanned        : 145253
File threats detected     : 4215

Adware.Tracking Cookie
   ia.media-imdb.com [ E:\$RECYCLE.BIN\S-1-5-21-961768651-989949159-2568054308-1000\$R8NMJBA\Roaming\Macromedia\Flash Player\#SharedObjects\VBFLKKVA ]
   ia.media-imdb.com [ E:\Seagate Backup\EMILY-PC\C\Users\Emily\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VBFLKKVA ]
   s0.2mdn.net [ E:\Seagate Backup\EMILY-PC\C\Users\Emily\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VBFLKKVA ]
   thumbs.crakmedia.com [ E:\Seagate Backup\EMILY-PC\C\Users\Emily\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VBFLKKVA ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .iacas.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .iacas.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .iacas.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .iacas.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .iacas.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .iacas.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .collective-media.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .collective-media.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .collective-media.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .collective-media.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adopt.specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .dmtracker.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .at.atwola.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   tracking.foundry42.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   tracking.foundry42.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .backcountry.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .backcountry.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .backcountry.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   www.backcountry.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   www.backcountry.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   data.coremetrics.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .pitchforkmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .pitchforkmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .mint.pitchforkmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .indieclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   optimize.indieclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   optimize.indieclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .linksynergy.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .linksynergy.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .linksynergy.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .imrworldwide.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .eyewonder.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .buzznet.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adlegend.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .viacomedycentralrl.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .zillow.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .zillow.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .nextag.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .nextag.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .chitika.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .onetoone.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .kontera.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .kontera.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .williamsoncounty-tn.gov [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adserver.adtechus.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .guthyrenker.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .longandfoster.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .phhmortgage.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .interclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .interclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   ads.bridgetrack.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.mediamayhemcorp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.mediamayhemcorp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.mediamayhemcorp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   rotator.adjuggler.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   rotator.adjuggler.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .paypal.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .mysexprofessor.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .qnsr.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .msnbc.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .redorbit.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .redorbit.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .redorbit.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .healthgrades.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .hertz.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .bookfinder.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .imrworldwide.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .directhomediscount.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .directhomediscount.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .at.atwola.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .livenation.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .bravenet.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .apmebf.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .apmebf.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .petfinder.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .petfinder.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .aanp.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .associatedcontent.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   cdn4.specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   cdn4.specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .at.atwola.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .care2.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media6degrees.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media6degrees.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .interclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   citi.bridgetrack.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   citi.bridgetrack.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lfstmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2-clicks-coins.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media6degrees.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media6degrees.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media6degrees.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .eyewonder.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   caloriecount.about.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   caloriecount.about.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .caloriecount.about.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adxpose.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .kontera.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lucidmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lucidmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lucidmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .network.realmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .e-2dj6wfliogdzigp.stats.esomniture.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .stats.paypal.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ehg-fifa.hitbox.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .invitemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .invitemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .invitemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .invitemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lucidmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lucidmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   dc.tremormedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   adserver.adreactor.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ice.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .tripod.lycos.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   stat.onestat.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   stat.onestat.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ipcmedia.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   fs10.fusestats.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media.medhelp.org [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .medhelpinternational.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .doubleclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .zedo.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .atdmt.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .advertising.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .advertising.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .advertising.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .advertising.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .revsci.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .questionmarket.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   ad.yieldmanager.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .bs.serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .advertising.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .bs.serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   webstats.peterchristopher.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   ad.yieldmanager.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   ad.yieldmanager.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .*adult URL* [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .*adult URL* [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .tracker.adtaily.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .pro-market.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .tacoda.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .tacoda.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .tacoda.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .advertising.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adbrite.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adbrite.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .fastclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .a1.interclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .fastclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   sales.liveperson.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   sales.liveperson.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   link.mercent.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   cdn4.specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .mediaplex.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .mediaplex.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adtech.de [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .tribalfusion.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .extrovert.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adinterax.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adinterax.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .burstnet.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .burstnet.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .247realmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .classmates.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .legolas-media.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .legolas-media.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .invitemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .invitemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .find.mapmuse.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .fastclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   metroleap.rotator.hadj7.adjuggler.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   metroleap.rotator.hadj7.adjuggler.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   ad.yieldmanager.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .videoegg.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .bluestreak.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .casalemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .casalemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .casalemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .trafficmp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .trafficmp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lucidmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lucidmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   uk.sitestat.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   uk.sitestat.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .xiti.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .247realmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .traveladvertising.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adbrite.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lockedonmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .enhance.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .overture.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .overture.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   imagevenue.advertserve.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   imagevenue.advertserve.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   www.nakedcelebspictures.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   www.nakedcelebspictures.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   *adult URL* [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .maxporn.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .pornex.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .youporn.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .youporn.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .youporn.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   ads.youporn.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .realmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   server.iad.liveperson.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   server.iad.liveperson.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .usatoday1.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   www.peoplefinders.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .peoplefinders.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .peoplefinders.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .zedo.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .trafficmp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .bizrate.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .bizrate.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .thefind.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .thefind.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .thefind.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .thefind.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .thefind.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   statse.webtrendslive.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .usnews.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .timeinc.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .greatschools.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   eas.apm.emediate.eu [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .eas.apm.emediate.eu [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .trafficmp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .trafficmp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .trafficmp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .a1.interclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .interclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   cdn4.specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   cdn4.specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   cdn4.specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .zedo.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .rainbowmedia.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .highbeam.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   eas.apm.emediate.eu [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adbrite.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   adserver.i3d.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .revsci.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adecn.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .porntube.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .porntube.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .naiadsystems.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .youpornmate.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .xfuckbook.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .xfuckbook.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media.mtvnservices.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media.mtvnservices.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .clickbank.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   www.qsstats.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   e1.cdn.qnsr.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .qnsr.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .hearstmagazines.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .walmart.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .msnportal.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media6degrees.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .xm.xtendmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .activenetwork.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .kontera.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   stat.dealtime.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .mediaplex.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   w00tpublishers.wootmedia.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adserver.beggarspromo.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adserver.beggarspromo.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adlegend.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   counter.hitslink.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   www.findgift.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   www.findgift.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .yieldmanager.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .mediaforge.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   traffic.buyservices.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .buycom.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   cdn4.specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .liveperson.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .liveperson.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .perf.overture.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .tracking.realtor.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .homestore.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   tracking.admarketplace.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .pro-market.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .pro-market.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .revsci.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .doubleclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .revsci.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .atdmt.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .trafficmp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .andomedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .questionmarket.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .revsci.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .revsci.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   ad.yieldmanager.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   secure-us.imrworldwide.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Emily\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TJR6VSLQ ]
   .media6degrees.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\fsxq9ver.default\cookies.sqlite ]
   .media6degrees.com [ E:\Seagate Backup
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on June 08, 2011, 12:56:51 PM
Has anything changed on your internet access?
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 08, 2011, 02:44:42 PM
internet is the same as before: wireless connection with password.
All programs are now working again, since the full recovery, including firefox & IE.  IE has given me some unusual messages, for example, it wouldn't perform a search on this site using the search box. 

Is there a program/tool that will help me determine which programs that are reloaded need updating (i.e. java, adobe, etc)?  The recovery disk is from 2007.
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on June 08, 2011, 05:07:34 PM
I'm glad to hear that. Here are a couple of sites.

Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 08, 2011, 09:18:29 PM
awesome.  Both done.  updated adobe products & java; the other very few items I have installed so far were fine.
Now I can move back over my backed up files & documents?
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 08, 2011, 09:23:04 PM
also, going forward, would using MSE + the windows firewall be the best way to protect my system?  Do I also need a separate spyware checker?  I have used web of trust in the past & I'll proably go back to that; I feel very comfortable with it.
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on June 09, 2011, 04:33:29 PM
Quote
would using MSE + the windows firewall be the best way to protect my system?
Yes. This would be a good start. If you want or require extra protection you can always add a third-part firewall
Quote
Do I also need a separate spyware checker?
Yes. You need programs to protect against malware because your AV program won't do it. I have SpywareBlaster, Threatfire, Spybot Search and Destroy as well as Windows Defender on my computer. I keep SAS and MBAM on my computer and I update them and run them on a regular basis. Remember, viruses mess up your computer so that it won't function properly. Malware, on the other hand can get all kinds of information off your computer including your dogs name.lol.
Quote
I have used web of trust in the past & I'll proably go back to that
WOT is a great program but it's just a security advisor warning you about unsafe sites.
Title: Re: know I have a virus, don't know anything else about it.
Post by: faerieem on June 11, 2011, 08:49:40 AM
thanks.  I think I am almost back up and running.  Now that I've "freshened up" my laptop with a full format, I may go off and do the same thing to my old XP desktop that has a very full hard drive.

With spyware programs like you listed, do I have them all on and active?  do they run in the background or do I need to get back into the habit of just running them weekly?
I have Windows Defender on and running.  Is there a way to settle User Account Control down so it isn't popping up every time I make a change?
Title: Re: know I have a virus, don't know anything else about it.
Post by: SuperDave on June 11, 2011, 06:15:57 PM
Quote
With spyware programs like you listed, do I have them all on and active?  do they run in the background or do I need to get back into the habit of just running them weekly?
MBAM has a free trial period of continous scanning. Once that expires, you will probably have to buy the new version. Or, you can keep MBAM and SAS on your computer, update them and run regularyly.
Quote
Is there a way to settle User Account Control down so it isn't popping up every time I make a change?
You can disable it.