Author Topic: know I have a virus, don't know anything else about it. (Read 23948 times)

faerieem · « **on:** May 24, 2011, 01:51:04 PM »

I visited back in January; this was my experience:
http://www.computerhope.com/forum/index.php/topic,115115.msg770237.html#msg770237

I have a nearly 4 year old Toshiba Satellite A135 running Windows Vista, 32-bit, SP2. 1.5 GB of RAM and a 110 GB hard drive that has 2.3 GB free, which I know is part of the super super slowness on the machine. I'm happy to accept suggestions of good external drives under $100 or so.

I have kept MSE running carefully since then & I use Web of Trust on the internet, which I browse with Firefox. The only new program that I have installed since my January visit here is Skype, which my father-in-law installed in March. I try to be diligent about shutting our computer down at night, which helps some with the slowness.

Our internet usage is typically limited to trusted commerce sites, facebook, a couple of vbulletin forums, twitter, and gmail. Neither my husband nor I are idiots about internet usage/visiting sites that could be dangerous, etc, so I feel sort of stupid even being back here again so soon, especially as prior to the malware incident in January, we have never had trouble with viruses or spyware.

For the last few weeks, my computer has run ever slower. Now I am unable to install new programs or updates to existing programs, notably Firefox and Thunderbird, both of which have updates that they repeatedly try to install, but I am told I don't have permission to
access the downloaded files.

A few weeks ago, I took the computer to a local tech shop, which ran scans and told me I had a virus, but $200 is more than I want to spend to repair a machine that isn't new and was only about 3 times that much new. We're talking about buying a new machine, but until then, I'd love to get this one running properly and a bit faster.

I ran MSE and it quarantined and removed something it found as a threat, but I continue to have trouble with the installation of new items. Fortunately, I had all of the assessment tools still installed after last time.

Logs below.
Thanks for the help!
emily

-------------
Super AntiSpyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/24/2011 at 00:17 AM

Application Version : 4.48.1000

Core Rules Database Version : 7125
Trace Rules Database Version: 4937

Scan type : Complete Scan
Total Scan Time : 04:21:56

Memory items scanned : 779
Memory threats detected : 0
Registry items scanned : 8390
Registry threats detected : 0
File items scanned : 187520
File threats detected : 22

Adware.Tracking Cookie
   ia.media-imdb.com [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FAKC2BUB ]
   media2.wah.fm [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FAKC2BUB ]
   secure-us.imrworldwide.com [ C:\Users\Brett\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FAKC2BUB ]
   .adserver.adtechus.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .bs.serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .serving-sys.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .doubleclick.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .chitika.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .invitemedia.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .atdmt.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .atdmt.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .tribalfusion.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .collective-media.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zpmr6x54.default\cookies.sqlite ]

-----

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6662

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

5/24/2011 8:13:36 AM
mbam-log-2011-05-24 (08-13-36).txt

Scan type: Quick scan
Objects scanned: 200738
Time elapsed: 15 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\ndo8thb2ikwe (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:36:09 PM, on 5/24/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\TrendMicro\Trend Micro\HiJackThis\sniper.exe.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-961768651-989949159-2568054308-1000\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R (User '?')
O4 - HKUS\S-1-5-21-961768651-989949159-2568054308-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-21-961768651-989949159-2568054308-1000\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - S-1-5-21-961768651-989949159-2568054308-1000 Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (User '?')
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: CabCCT - https://oct.collaborationhost.net//codebase/ActCtrl_Apptix.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\Windows\system32\lxcgcoms.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\oasrv.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10470 bytes

SuperDave · « **Reply #1 on:** May 24, 2011, 05:18:02 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
****************************************************

Quote

110 GB hard drive that has 2.3 GB free,

Windows requires 15% (17 Gb) or more to operate properly. I'm surprised that you can even boot that computer. You will need to free up some space. You can do this by removing unused programs. You can also off-load important documents, files, videos, music and pictures to DVD's. There's not much I can do with the computer until you free up some space. You can start by uninstalling SAS and MBAM. You can also get a lite version of QuickTime here. Please let me know when you are able to free up some space.
In the meantime, you can do this below. You can also run MRT which should be already on your computer.

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
*********************************************
* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.

faerieem · « **Reply #2 on:** May 25, 2011, 02:41:28 PM »

Quote from: SuperDave on May 24, 2011, 05:18:02 PM

Windows requires 15% (17 Gb) or more to operate properly. I'm surprised that you can even boot that computer. You will need to free up some space. You can do this by removing unused programs. You can also off-load important documents, files, videos, music and pictures to DVD's. There's not much I can do with the computer until you free up some space. You can start by uninstalling SAS and MBAM. You can also get a lite version of QuickTime here. Please let me know when you are able to free up some space.

done. I have 19.6 GB free now. I wasn't able to uninstall anything except one set of printer drivers for a printer I no longer use. using the control panel / programs to uninstall brought up an assortment of error messages, largely telling me that the uninstall process failed. I can attempt the process again if you want me to provide verbatim messages.

I largely moved off a huge amount of old photos, which are backed up on DVDs and a second older desktop.

Quote

Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

done.

Quote

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.

I received an error message on trying to start the program. It reads "An error has occurred. Please visit the Malicious Software Removal Tool Help Page for more details" however clicking on the link did nothing.

SuperDave · « **Reply #3 on:** May 25, 2011, 05:13:53 PM »

Quote

using the control panel / programs to uninstall brought up an assortment of error messages, largely telling me that the uninstall process failed. I can attempt the process again if you want me to provide verbatim messages.

A lot of programs have their own uninstaller. You can find them by going to All Programs and put your mouse pointer on the progam in question. If there is an uninstaller, you will find under a drop-down.

Quote

largely moved off a huge amount of old photos, which are backed up on DVDs and a second older desktop.

That's a safer method of saving them.

Quote

I received an error message on trying to start the program. It reads "An error has occurred. Please visit the Malicious Software Removal Tool Help Page for more details" however clicking on the link did nothing.

It's probably not installed. You can download it, if you wish and you have the space.

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

faerieem · « **Reply #4 on:** May 25, 2011, 09:47:40 PM »

when I try to install any new program, including Combo Fix and the Malicious Software Removal Tool, I receive this message:
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

I am logged in with my own user account, which has always had administrator rights.

SuperDave · « **Reply #5 on:** May 26, 2011, 04:15:33 PM »

Please try it in Safe Mode.

faerieem · « **Reply #6 on:** May 26, 2011, 05:43:37 PM »

done in safe mode. still in safe mode. returning to regular mode yielded the same response as above on trying to open Firefox.
------
ComboFix 11-05-25.01 - Emily 05/26/2011 18:06:38.4.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1525.978 [GMT -5:00]
Running from: c:\users\Emily\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Online Armor Firewall *Enabled* {5841EF60-F43F-AE8D-642F-D79F12883626}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-04-26 to 2011-05-26 )))))))))))))))))))))))))))))))
.
.
2011-05-26 23:14 . 2011-05-26 23:14   --------   d-----w-   c:\users\Emily\AppData\Local\temp
2011-05-26 23:14 . 2011-05-26 23:14   --------   d-----w-   c:\users\Public\AppData\Local\temp
2011-05-26 22:59 . 2011-05-26 23:00   --------   d-----w-   C:\32788R22FWJFW
2011-05-26 13:05 . 2011-05-09 20:46   6962000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B72339B-629A-48A2-A890-A46368978DE6}\mpengine.dll
2011-05-23 00:59 . 2011-05-23 01:00   --------   d-----w-   c:\users\test
2011-05-20 13:10 . 2010-11-30 16:43   439632   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9CE9344-25FB-4A95-9F56-050877A81D7F}\gapaengine.dll
2011-05-11 13:55 . 2011-04-07 12:01   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2011-04-30 20:26 . 2011-04-30 20:27   --------   d-----w-   c:\users\Brett\AppData\Roaming\HpUpdate
2011-04-29 22:19 . 2011-04-29 22:19   --------   d-----w-   c:\users\Emily\AppData\Roaming\QuickScan
2011-04-27 19:34 . 2011-03-03 15:40   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2011-04-27 19:34 . 2011-03-03 13:35   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 19:34 . 2011-03-12 21:55   876032   ----a-w-   c:\windows\system32\XpsPrint.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-26 22:56 . 2009-08-29 01:07   17408   ----a-w-   c:\windows\system32\rpcnetp.exe
2011-05-26 22:56 . 2009-08-29 01:25   56680   ----a-w-   c:\windows\system32\rpcnet.dll
2011-05-09 20:46 . 2011-01-19 16:34   6962000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-04 12:39 . 2010-06-24 16:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-03 17:39 . 2011-04-03 17:39   161792   ----a-w-   c:\windows\system32\msls31.dll
2011-04-03 17:39 . 2011-04-03 17:39   1126912   ----a-w-   c:\windows\system32\wininet.dll
2011-04-03 17:39 . 2011-04-03 17:39   86528   ----a-w-   c:\windows\system32\iesysprep.dll
2011-04-03 17:39 . 2011-04-03 17:39   76800   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2011-04-03 17:39 . 2011-04-03 17:39   74752   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2011-04-03 17:39 . 2011-04-03 17:39   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2011-04-03 17:39 . 2011-04-03 17:39   63488   ----a-w-   c:\windows\system32\tdc.ocx
2011-04-03 17:39 . 2011-04-03 17:39   367104   ----a-w-   c:\windows\system32\html.iec
2011-04-03 17:39 . 2011-04-03 17:39   74752   ----a-w-   c:\windows\system32\iesetup.dll
2011-04-03 17:39 . 2011-04-03 17:39   23552   ----a-w-   c:\windows\system32\licmgr10.dll
2011-04-03 17:39 . 2011-04-03 17:39   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-04-03 17:39 . 2011-04-03 17:39   152064   ----a-w-   c:\windows\system32\wextract.exe
2011-04-03 17:39 . 2011-04-03 17:39   150528   ----a-w-   c:\windows\system32\iexpress.exe
2011-04-03 17:39 . 2011-04-03 17:39   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-04-03 17:39 . 2011-04-03 17:39   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-04-03 17:39 . 2011-04-03 17:39   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-04-03 17:39 . 2011-04-03 17:39   11776   ----a-w-   c:\windows\system32\mshta.exe
2011-04-03 17:39 . 2011-04-03 17:39   101888   ----a-w-   c:\windows\system32\admparse.dll
2011-04-03 17:39 . 2011-04-03 17:39   35840   ----a-w-   c:\windows\system32\imgutil.dll
2011-04-03 17:39 . 2011-04-03 17:39   1797632   ----a-w-   c:\windows\system32\jscript9.dll
2011-04-03 17:39 . 2011-04-03 17:39   110592   ----a-w-   c:\windows\system32\IEAdvpack.dll
2011-03-10 17:03 . 2011-04-14 16:17   1162240   ----a-w-   c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 16:17   1136640   ----a-w-   c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-14 16:16   739328   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 19:34   173056   ----a-w-   c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 19:34   458752   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 19:34   542720   ----a-w-   c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 19:34   2159616   ----a-w-   c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-14 16:16   2041856   ----a-w-   c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-14 16:16   86528   ----a-w-   c:\windows\system32\dnsrslvr.dll
2011-05-26 22:58 . 2011-04-04 18:40   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-03-02 16949128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"NDSTray.exe"="NDSTray.exe" [BU]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
.
c:\users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [N/A]
Skyscape SmartUpdate.lnk - c:\program files\Common Files\Skyscape\SmartUpdate.exe [N/A]
.
c:\users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-20 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]
2010-07-07 18:52   6854984   ----a-w-   c:\program files\Emsisoft\Online Armor\oaui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1001]
"EnableNotificationsRef"=dword:00000001
.
R1 MpKsl03424119;MpKsl03424119;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BB4EACC-A5A3-4F7F-B797-644282BC17C1}\MpKsl03424119.sys

R1 MpKsl426faf11;MpKsl426faf11;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19B3529-1F4D-4A28-A373-E8D5DD345EAC}\MpKsl426faf11.sys

R1 MpKsl9740c8cb;MpKsl9740c8cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{035DE9EF-62E7-4BDD-9D5C-BE7A20C09D7F}\MpKsl9740c8cb.sys

R1 MpKsl97cc59aa;MpKsl97cc59aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DC0349C-A123-4915-88F6-C5760DABBD64}\MpKsl97cc59aa.sys

R1 MpKsl98d3fb52;MpKsl98d3fb52;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D116C21-CBB6-4EC3-B876-83CB4D1F411C}\MpKsl98d3fb52.sys

R1 MpKslc093615b;MpKslc093615b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33E8D659-5C96-4CEB-9406-D3E8DEA6CB14}\MpKslc093615b.sys

R1 MpKslc7d03e3e;MpKslc7d03e3e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14BB1A6F-DF0E-4158-B709-4B88A99C9C3C}\MpKslc7d03e3e.sys

R1 MpKslf4303622;MpKslf4303622;c:\windows\system32\MpEngineStore\MpKslf4303622.sys [2011-03-03 28752]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-07-07 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-07-07 22600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [2010-07-07 3364680]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2010-07-07 29256]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

R4 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\OAcat.exe [2010-07-07 1283400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ     HPSLPSVC
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 22:15]
.
2011-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>;*.local
DPF: CabCCT - hxxps://oct.collaborationhost.net//codebase/ActCtrl_Apptix.cab
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\fsxq9ver.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-26 18:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-05-26 18:17:08
ComboFix-quarantined-files.txt 2011-05-26 23:16
ComboFix2.txt 2011-01-20 02:13
.
Pre-Run: 20,647,481,344 bytes free
Post-Run: 20,733,378,560 bytes free
.
- - End Of File - - 386EE067DC261FDC2043DE4364CC26A8

faerieem · « **Reply #7 on:** May 26, 2011, 05:44:22 PM »

should I run MRT now?

SuperDave · « **Reply #8 on:** May 27, 2011, 04:32:04 PM »

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=-
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1000]
"EnableNotificationsRef"=-
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1001]
"EnableNotificationsRef"=-
Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Quote

should I run MRT now?

Yes. Please try it now.

faerieem · « **Reply #9 on:** May 29, 2011, 11:56:27 AM »

ComboFix 11-05-28.01 - Emily 05/29/2011 11:55:31.5.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1525.960 [GMT -5:00]
Running from: c:\users\Emily\Desktop\ComboFix.exe
Command switches used :: c:\users\Emily\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Online Armor Firewall *Enabled* {5841EF60-F43F-AE8D-642F-D79F12883626}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-29 )))))))))))))))))))))))))))))))
.
.
2011-05-29 17:05 . 2011-05-29 17:19   --------   d-----w-   c:\users\Emily\AppData\Local\temp
2011-05-29 17:05 . 2011-05-29 17:05   --------   d-----w-   c:\users\Public\AppData\Local\temp
2011-05-29 17:05 . 2011-05-29 17:05   --------   d-----w-   c:\users\Guest\AppData\Local\temp
2011-05-29 17:05 . 2011-05-29 17:05   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-05-29 17:05 . 2011-05-29 17:05   --------   d-----w-   c:\users\Brett\AppData\Local\temp
2011-05-27 18:36 . 2011-05-27 18:36   --------   d-----w-   c:\users\Brett\AppData\Roaming\skypePM
2011-05-27 18:32 . 2011-05-27 18:39   --------   d-----w-   c:\users\Brett\AppData\Roaming\Skype
2011-05-27 17:17 . 2011-05-09 20:46   6962000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2112E809-728B-43DB-A3D1-574A1BD7516D}\mpengine.dll
2011-05-23 00:59 . 2011-05-23 01:00   --------   d-----w-   c:\users\test
2011-05-20 13:10 . 2010-11-30 16:43   439632   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9CE9344-25FB-4A95-9F56-050877A81D7F}\gapaengine.dll
2011-05-11 13:55 . 2011-04-07 12:01   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2011-04-30 20:26 . 2011-04-30 20:27   --------   d-----w-   c:\users\Brett\AppData\Roaming\HpUpdate
2011-04-29 22:19 . 2011-04-29 22:19   --------   d-----w-   c:\users\Emily\AppData\Roaming\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 17:17 . 2009-08-29 01:07   17408   ----a-w-   c:\windows\system32\rpcnetp.exe
2011-05-29 17:17 . 2009-08-29 01:25   56680   ----a-w-   c:\windows\system32\rpcnet.dll
2011-05-09 20:46 . 2011-01-19 16:34   6962000   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-04 12:39 . 2010-06-24 16:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-03 17:39 . 2011-04-03 17:39   161792   ----a-w-   c:\windows\system32\msls31.dll
2011-04-03 17:39 . 2011-04-03 17:39   1126912   ----a-w-   c:\windows\system32\wininet.dll
2011-04-03 17:39 . 2011-04-03 17:39   86528   ----a-w-   c:\windows\system32\iesysprep.dll
2011-04-03 17:39 . 2011-04-03 17:39   76800   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2011-04-03 17:39 . 2011-04-03 17:39   74752   ----a-w-   c:\windows\system32\RegisterIEPKEYs.exe
2011-04-03 17:39 . 2011-04-03 17:39   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2011-04-03 17:39 . 2011-04-03 17:39   63488   ----a-w-   c:\windows\system32\tdc.ocx
2011-04-03 17:39 . 2011-04-03 17:39   367104   ----a-w-   c:\windows\system32\html.iec
2011-04-03 17:39 . 2011-04-03 17:39   74752   ----a-w-   c:\windows\system32\iesetup.dll
2011-04-03 17:39 . 2011-04-03 17:39   23552   ----a-w-   c:\windows\system32\licmgr10.dll
2011-04-03 17:39 . 2011-04-03 17:39   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-04-03 17:39 . 2011-04-03 17:39   152064   ----a-w-   c:\windows\system32\wextract.exe
2011-04-03 17:39 . 2011-04-03 17:39   150528   ----a-w-   c:\windows\system32\iexpress.exe
2011-04-03 17:39 . 2011-04-03 17:39   420864   ----a-w-   c:\windows\system32\vbscript.dll
2011-04-03 17:39 . 2011-04-03 17:39   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2011-04-03 17:39 . 2011-04-03 17:39   142848   ----a-w-   c:\windows\system32\ieUnatt.exe
2011-04-03 17:39 . 2011-04-03 17:39   11776   ----a-w-   c:\windows\system32\mshta.exe
2011-04-03 17:39 . 2011-04-03 17:39   101888   ----a-w-   c:\windows\system32\admparse.dll
2011-04-03 17:39 . 2011-04-03 17:39   35840   ----a-w-   c:\windows\system32\imgutil.dll
2011-04-03 17:39 . 2011-04-03 17:39   1797632   ----a-w-   c:\windows\system32\jscript9.dll
2011-04-03 17:39 . 2011-04-03 17:39   110592   ----a-w-   c:\windows\system32\IEAdvpack.dll
2011-03-12 21:55 . 2011-04-27 19:34   876032   ----a-w-   c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-14 16:17   1162240   ----a-w-   c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 16:17   1136640   ----a-w-   c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-14 16:16   739328   ----a-w-   c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 19:34   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2011-03-03 15:40 . 2011-04-27 19:34   173056   ----a-w-   c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 19:34   458752   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 19:34   542720   ----a-w-   c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 19:34   2159616   ----a-w-   c:\windows\apppatch\AcGenral.dll
2011-03-03 13:35 . 2011-04-27 19:34   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:25 . 2011-04-14 16:16   2041856   ----a-w-   c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-14 16:16   86528   ----a-w-   c:\windows\system32\dnsrslvr.dll
2011-05-26 22:58 . 2011-04-04 18:40   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-03-02 16949128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"NDSTray.exe"="NDSTray.exe" [BU]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
.
c:\users\Brett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\palmOne\HOTSYNC.EXE [N/A]
Skyscape SmartUpdate.lnk - c:\program files\Common Files\Skyscape\SmartUpdate.exe [N/A]
.
c:\users\Emily\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-8-20 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@OnlineArmor GUI]
2010-07-07 18:52   6854984   ----a-w-   c:\program files\Emsisoft\Online Armor\oaui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2010-11-30 19:20   997408   ----a-w-   c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-961768651-989949159-2568054308-1001]
"EnableNotificationsRef"=dword:00000001
.
R1 MpKsl03424119;MpKsl03424119;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0BB4EACC-A5A3-4F7F-B797-644282BC17C1}\MpKsl03424119.sys

R1 MpKsl426faf11;MpKsl426faf11;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B19B3529-1F4D-4A28-A373-E8D5DD345EAC}\MpKsl426faf11.sys

R1 MpKsl9740c8cb;MpKsl9740c8cb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{035DE9EF-62E7-4BDD-9D5C-BE7A20C09D7F}\MpKsl9740c8cb.sys

R1 MpKsl97cc59aa;MpKsl97cc59aa;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DC0349C-A123-4915-88F6-C5760DABBD64}\MpKsl97cc59aa.sys

R1 MpKsl98d3fb52;MpKsl98d3fb52;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D116C21-CBB6-4EC3-B876-83CB4D1F411C}\MpKsl98d3fb52.sys

R1 MpKslc093615b;MpKslc093615b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33E8D659-5C96-4CEB-9406-D3E8DEA6CB14}\MpKslc093615b.sys

R1 MpKslc7d03e3e;MpKslc7d03e3e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{14BB1A6F-DF0E-4158-B709-4B88A99C9C3C}\MpKslc7d03e3e.sys

R1 MpKslf4303622;MpKslf4303622;c:\windows\system32\MpEngineStore\MpKslf4303622.sys [2011-03-03 28752]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-07-07 236104]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 136176]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [2010-07-07 3364680]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

R4 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\OAcat.exe [2010-07-07 1283400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-07-07 22600]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2010-07-07 29256]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ     FontCache
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
HPService   REG_MULTI_SZ     HPSLPSVC
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 22:15]
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-19 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.1
DPF: CabCCT - hxxps://oct.collaborationhost.net//codebase/ActCtrl_Apptix.cab
FF - ProfilePath - c:\users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\fsxq9ver.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
.
**************************************************************************
.
Completion time: 2011-05-29 12:26:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-29 17:25
ComboFix2.txt 2011-05-26 23:17
ComboFix3.txt 2011-01-20 02:13
.
Pre-Run: 19,847,061,504 bytes free
Post-Run: 19,735,728,128 bytes free
.
- - End Of File - - FF721FF789FD9B453A2EA0669CA10D5A

and I am running MRT now.

SuperDave · « **Reply #10 on:** May 29, 2011, 12:14:19 PM »

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

faerieem · « **Reply #11 on:** May 29, 2011, 01:47:05 PM »

Ran it. Also got this message, though, when running in safe mode: "failed to start service. SysProt AntiRootKit needs to be run with Admin privileges!"

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

SuperDave · « **Reply #12 on:** May 29, 2011, 07:17:22 PM »

Quote

Ran it. Also got this message, though, when running in safe mode: "failed to start service. SysProt AntiRootKit needs to be run with Admin privileges!"

That's strange. You should only get that message when you have a 64 bit computer. Let's try this.

Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

faerieem · « **Reply #13 on:** May 29, 2011, 08:07:09 PM »

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6002) Service Pack 2
[32_bits] - x86 Family 6 Model 14 Stepping 12, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Disabled !
User Account Control (UAC) -> Disabled !
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 4.0.1 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:110 Go - Free:18 Go )
D:\ [CD_Rom]
.
Scan : 20:58.33
Path : C:\Users\Emily\Desktop\Rooter.exe
User : Emily ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (356)
______ C:\Windows\system32\csrss.exe (484)
______ C:\Windows\system32\csrss.exe (520)
______ C:\Windows\system32\wininit.exe (528)
______ C:\Windows\system32\winlogon.exe (572)
______ C:\Windows\system32\services.exe (604)
______ C:\Windows\system32\lsass.exe (616)
______ C:\Windows\system32\lsm.exe (624)
______ C:\Windows\system32\svchost.exe (760)
______ C:\Windows\system32\svchost.exe (816)
______ c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (892)
______ C:\Windows\System32\svchost.exe (992)
______ C:\Windows\system32\svchost.exe (1020)
______ C:\Windows\System32\svchost.exe (1060)
______ C:\Windows\system32\svchost.exe (1108)
______ C:\Windows\system32\svchost.exe (1124)
______ C:\Windows\system32\svchost.exe (1304)
______ C:\Windows\system32\svchost.exe (1420)
______ C:\Windows\Explorer.EXE (1796)
______ C:\Users\Emily\Desktop\Rooter.exe (1624)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:1572864000)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:1573912576 | Length:118459727872)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
C:\Windows\joke.gif
==> KoobFace <==
.
----------------------\\ Scan completed at 21:00.12
.
C:\Rooter$\Rooter_1.txt - (29/05/2011 | 21:00.12)

SuperDave · « **Reply #14 on:** May 30, 2011, 05:23:50 PM »

Please update and run another scan with MBAM and post the log.

faerieem · « **Reply #15 on:** May 30, 2011, 07:49:56 PM »

ran in safe mode.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6727

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

5/30/2011 8:37:25 PM
mbam-log-2011-05-30 (20-37-25).txt

Scan type: Full scan (C:\|)
Objects scanned: 371951
Time elapsed: 1 hour(s), 16 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

faerieem · « **Reply #16 on:** May 30, 2011, 08:30:19 PM »

I've been running the programs in safe mode w/networking.

When I log in in normal mode, I continue to be unable to access Firefox or Thunderbird, with the "you don't have permission" message. Also, after logging into safe mode initially, I now have an icon on my desktop with the IE logo, labelled "The Internet". That also doesn't open in normal mode.

In normal mode, I can open word documents and print as well as open itunes and skype.

SuperDave · « **Reply #17 on:** May 31, 2011, 05:34:51 PM »

Quote

"The Internet". That also doesn't open in normal mode.

Please right-click on that shortcut, select Properties. The file path will be highlighted. Do CRTL C to copy the file path. Do CRTL V to paste it in your reply.

Quote

When I log in in normal mode, I continue to be unable to access Firefox or Thunderbird

I assume that you can access Internet Explorer. You could try uninstalling both Firefox and Thunderbird.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

faerieem · « **Reply #18 on:** June 01, 2011, 06:55:12 AM »

Quote

Please right-click on that shortcut, select Properties. The file path will be highlighted. Do CRTL C to copy the file path. Do CRTL V to paste it in your reply.

It doesn't appear to be a shortcut. Right-clicking and selecting properties brings up the "internet properties" dialog box. Clicking this icon does nothing. Typing internet explorer into the menu search bar and selecting Internet Explorer from the start menu also does nothing.

Quote

I assume that you can access Internet Explorer. You could try uninstalling both Firefox and Thunderbird.

In normal mode, I cannot access Firefox, Thunderbird, or Chrome. I haven't tried Safari. When I try IE, nothing happens.

ESET:
C:\Users\Emily\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\53becaae-1d3ed455 multiple threats
C:\Users\Emily\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\6ad51e08-322e7228 multiple threats

faerieem · « **Reply #19 on:** June 01, 2011, 07:32:42 AM »

Quote from: faerieem on June 01, 2011, 06:55:12 AM

It doesn't appear to be a shortcut. Right-clicking and selecting properties brings up the "internet properties" dialog box. Clicking this icon does nothing. Typing internet explorer into the menu search bar and selecting Internet Explorer from the start menu also does nothing.

In normal mode, I cannot access Firefox, Thunderbird, or Chrome. I haven't tried Safari. When I try IE, nothing happens.

For clarity, I tried all of this in regular mode. I can access everything in "safe mode with networking". Safari works fine. I will try removing and reinstalling firefox & thunderbird, which are my default browsers. I'm not sure why Chrome is even on the machine.

faerieem · « **Reply #20 on:** June 01, 2011, 08:28:47 AM »

sorry to multi-post, but I want you to have all info.
I uninstalled and reinstalled firefox & thunderbird, which I did in safe mode w/networking.
in regular mode, the "you do not have appropriate permissions" message continues to come up, even after reinstalling.
I'm writing this from safari in normal mode.

SuperDave · « **Reply #21 on:** June 01, 2011, 01:35:21 PM »

First of all, please re-run ESET and, this time, clean the infections.

Please run this even if you don't have the OS disk

Do you have your OS CD/DVD?

If so,

1/ Click the Start button.

2/ From the Start Menu, Click All programs followed by Accessories.

3/ In the Accessories menu, Right Click on the Command Prompt option.

4/ From the drop down menu that appears, Click on the Run as administrator option.

5/ If you have the User Account Control (UAC) enabled you will be asked for authorisation prior to the command prompt opening. You may simply need to press the Continue button if you are the administrator or insert the administrator password etc.

6/ In the Command Prompt window, type: sfc /scannow and then press Enter.

7/ A message will appear stating that the system scan will begin.

8/ Be patient because the scan may take some time.

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.

11/ After the scan has completed, Close the command prompt window.

faerieem · « **Reply #22 on:** June 01, 2011, 04:51:38 PM »

Quote from: SuperDave on June 01, 2011, 01:35:21 PM

First of all, please re-run ESET and, this time, clean the infections.

done.

Quote

Do you have your OS CD/DVD?

I have the "Toshiba Recovery Disks" that came with the computer. Two disks.

Quote

9/ If any files require replacing SFC will replace them. You may be asked to insert your Vista DVD for this process to continue.

10/ If everything is okay you should, after the scan, see the following message Windows resource protection did not find any integrity violations.

The report reads "Windows Resource Protection found some corrupt files but was unable to fix some of them."

SuperDave · « **Reply #23 on:** June 01, 2011, 05:11:14 PM »

Quote

The report reads "Windows Resource Protection found some corrupt files but was unable to fix some of them."

This probably means that some of the files affecting Internet Explorer are corrupt. Did you have any luck with Firefox, Thunderbird?

faerieem · « **Reply #24 on:** June 01, 2011, 06:09:05 PM »

No. I uninstalled and reinstalled them in safe mode (the only way I've had luck with uninstall/install), but a reboot into normal continues to bring up the same "you don't have permission" message.

SuperDave · « **Reply #25 on:** June 02, 2011, 04:05:37 PM »

Do you have any accounts on this computer?

faerieem · « **Reply #26 on:** June 02, 2011, 04:32:44 PM »

user accounts? Mine, my husbands, and I set up two log-ins before I came here, to see if the trouble I was having was exclusive to me or if it was universal. It appears to be a universal problem: the not being able to use Firefox due to permissions as well as IE never opening.

SuperDave · « **Reply #27 on:** June 03, 2011, 01:02:21 PM »

We've already established that some of your files are corrupted which is probably the reason why IE doesn't work. The solution to this would be to use your Recovery Disks which will take your computer back to the day you purchased it. This could also be the problem with Firefox. You should back up your important files, documents, pictures, movies and music to DVD's and try running the Recovery. You may be able to just do a repair.
Let's try one more scan.

Please download MiniToolBox to Desktop and run it.

Checkmark the following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
List content of Hosts
List IP Configuration
Lst Last 10 Event Viewer Errors
List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post. .

faerieem · « **Reply #28 on:** June 03, 2011, 04:48:38 PM »

should I do the recovery/repair now or wait for your indication?

MiniToolBox by Farbar
Ran by Emily (administrator) on 03-06-2011 at 17:41:27
Windows Vista (TM) Home Premium Service Pack 2 (X86)

***************************************************************************

================= Flush DNS: ==============================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

================= End of Flush DNS ========================================

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= End of IE Proxy Settings ========================

"Reset IE Proxy Settings": Proxy Settings were reset.

=============== Hosts content: ============================================

127.0.0.1 localhost

=============== End of Hosts ==============================================

================= IP Configuration: =======================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Emily-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5006EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-16-E3-E2-AC-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f40f:8ce8:19d:fb90%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, June 03, 2011 5:38:01 PM
Lease Expires . . . . . . . . . . : Saturday, June 04, 2011 6:08:13 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 251664099
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0D-8A-BA-27-00-16-D4-94-85-52
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-16-D4-94-85-52
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 18:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{29CC3FA2-F6AB-4C99-8D5C-3FA544FDE29C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.93.147
     74.125.93.104
     74.125.93.106
     74.125.93.103
     74.125.93.105
     74.125.93.99

Pinging google.com [74.125.93.106] with 32 bytes of data:

Reply from 74.125.93.106: bytes=32 time=42ms TTL=52

Reply from 74.125.93.106: bytes=32 time=41ms TTL=52

Ping statistics for 74.125.93.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 41ms, Maximum = 42ms, Average = 41ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 69.147.125.65
     72.30.2.43
     98.137.149.56
     209.191.122.70
     67.195.160.76

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=45ms TTL=51

Reply from 209.191.122.70: bytes=32 time=51ms TTL=51

Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 51ms, Average = 48ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
9 ...00 16 e3 e2 ac 9d ...... Atheros AR5006EG Wireless Network Adapter
8 ...00 16 d4 94 85 52 ...... Realtek RTL8101E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
20 ...00 00 00 00 00 00 00 e0 isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
19 ...00 00 00 00 00 00 00 e0 isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
22 ...00 00 00 00 00 00 00 e0 isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
21 ...00 00 00 00 00 00 00 e0 isatap.{ADC55B76-4C45-49E5-99B9-15E555F65E01}
23 ...00 00 00 00 00 00 00 e0 isatap.{29CC3FA2-F6AB-4C99-8D5C-3FA544FDE29C}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.3 281
192.168.1.3 255.255.255.255 On-link 192.168.1.3 281
192.168.1.255 255.255.255.255 On-link 192.168.1.3 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.3 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.3 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
9 281 fe80::/64 On-link
9 281 fe80::f40f:8ce8:19d:fb90/128
On-link
1 306 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

================= End of IP Configuration =================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/03/2011 05:38:22 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6801

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6801

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5787

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5787

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4711

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4711

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (06/03/2011 05:39:10 PM) (Source: Service Control Manager) (User: )
Description: MpFilter
OADevice
SASDIFSV
SASKUTIL
spldr
Tosrfcom
Wanarpv6

Error: (06/03/2011 05:39:10 PM) (Source: Service Control Manager) (User: )
Description: Computer BrowserServer%%1068

Error: (06/03/2011 05:38:26 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/03/2011 05:38:24 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (06/03/2011 05:38:22 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (06/03/2011 05:38:14 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (06/03/2011 06:08:31 AM) (Source: Service Control Manager) (User: )
Description: Tosrfcom

Error: (06/03/2011 06:08:31 AM) (Source: Service Control Manager) (User: )
Description: lxcg_device%%2

Error: (06/02/2011 05:30:44 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (06/02/2011 05:28:36 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Microsoft Office Sessions:
=========================
Error: (06/03/2011 05:38:22 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6801

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6801

Error: (06/03/2011 10:36:56 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5787

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5787

Error: (06/03/2011 10:36:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4711

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4711

Error: (06/03/2011 10:36:54 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

========================= End of Event log errors =========================

========================= Memory info: ====================================

Percentage of memory in use: 28%
Total physical RAM: 1525.38 MB
Available physical RAM: 1091.3 MB
Total Pagefile: 3304.57 MB
Available Pagefile: 3010.22 MB
Total Virtual: 2047.88 MB
Available Virtual: 1982.26 MB

======================= Partitions: =======================================

1 Drive c: (SQ004286V02) (Fixed) (Total:110.32 GB) (Free:17.87 GB) NTFS

================= Users: ==================================================

User accounts for \\EMILY-PC

-------------------------------------------------------------------------------
Administrator Brett Emily
Guest test
The command completed successfully.

================= End of Users ============================================

SuperDave · « **Reply #29 on:** June 03, 2011, 07:13:07 PM »

Quote

should I do the recovery/repair now or wait for your indication?

Not just yet. The signal seems to be going through.
Let's try another scan.

Download Dr.Web CureIt to the desktop:
DrWebCureIt

Double-click the launch.exe or cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, just let it cure whatever it finds...

o Now, go to Settings >> Change Settings
o Go to Actions tab >> under Objects section, change the settings to below
Infected objects - Cure
Incurable objects - Report
Suspicious objects - Report
o Don't change any other settings

Start the scan again. This time, choose Complete Scan
Click the green arrow button at the right, and the scan will start.
After the scan finished, click Select all
Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
When the scan has finished, in the menu, click File and choose Save report list
Save the report to your Desktop. The report will be called DrWeb.csv
Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..

faerieem · « **Reply #30 on:** June 04, 2011, 09:51:39 PM »

Dr.web had a newer version, which it instructed me to download. It isn't offering me the "report" option when I choose "cure".

SuperDave · « **Reply #31 on:** June 05, 2011, 04:45:26 PM »

Quote

Dr.web had a newer version, which it instructed me to download. It isn't offering me the "report" option when I choose "cure".

You were able to get further than I did when I tried it. That scanner is no longer working.
The signal is getting through. MiniToolbox did some repairs so the problem seems to be with infected files. It may be time to try the Recovery Repair.

faerieem · « **Reply #32 on:** June 05, 2011, 08:28:27 PM »

My recovery disks with my PC: the ones provided by Toshiba seem to be strictly recovery. I can do it. are we sure??!

Dr.Web gave me a rather extensive log.
From it, these are the infected files:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Emily.reg infected with Trojan.StartPage.1505 - user denied curing

C:\Documents and Settings\All Users\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Emily.reg infected with Trojan.StartPage.1505 - user denied curing

C:\Program Files\HP\{2012D762-5DCA-455A-B5FE-EDF79BC93E18}\gup\netdevicemanager.exe infected with Trojan.Blackmailer.1680 - user denied curing

C:\Program Files\HP\{2012D762-5DCA-455A-B5FE-EDF79BC93E18}\wup\NetDeviceManager.exe infected with Trojan.Blackmailer.1680 - user denied curing

C:\ProgramData\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Emily.reg infected with Trojan.StartPage.1505 - user denied curing

C:\Users\All Users\Spybot - Search & Destroy\Snapshots2\RegUBP2b-Emily.reg infected with Trojan.StartPage.1505 - user denied curing

faerieem · « **Reply #33 on:** June 05, 2011, 08:35:00 PM »

also, when/if we do go for full recovery (i.e. formatting & reinstalling), should I be concerned about the safety of my backed up files, which are largely saved to a second PC, an external hard drive, and DVDs?

SuperDave · « **Reply #34 on:** June 06, 2011, 01:39:07 PM »

Quote

the ones provided by Toshiba seem to be strictly recovery. I can do it. are we sure??!

Yes. The Recovery disk will take your computer back to the day you purchased it. Then you will have to get all your Windows updates.

Quote

also, when/if we do go for full recovery (i.e. formatting & reinstalling), should I be concerned about the safety of my backed up files, which are largely saved to a second PC, an external hard drive, and DVDs?

Yes, you should be concerned. Make sure you scan them with a good, up-to-date Anti-Virus program that you will have installed on your computer. See list below. You can download more than one of them for scanning purposes only but only one can be active at any time on your computer. Also scan them with SAS and MBAM before putting them back on your computer.

Remember to only install one antivirus!

1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
*********************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
****************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Good luck.

faerieem · « **Reply #35 on:** June 06, 2011, 02:15:54 PM »

making sure I'm clear on the next steps:
1. run recovery
2. get all windows updates
3. run antivirus
4. run antivirus on saved documents (is that an option? to "scan external drive"?)
5. run SAS
6. run MBAM

SuperDave · « **Reply #36 on:** June 07, 2011, 06:08:07 PM »

Quote

run antivirus on saved documents (is that an option? to "scan external drive"?)

Yes. Most scanners will let you chose what you want to scan.

Quote

run SAS run MBAM

Yes, on all the files you want to put back on your computer.

faerieem · « **Reply #37 on:** June 08, 2011, 10:34:52 AM »

I ran MSE on computer & on my external hard drive. I think it removed things from the external (TrojanDownloader via Java, Exploit via Java, Rogue: Win32/FakeXPA)

these are the SAS & MBAM logs from my computer. I'll post from the external drive in next post.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/07/2011 at 03:14 PM

Application Version : 4.53.1000

Core Rules Database Version : 7225
Trace Rules Database Version: 5037

Scan type : Complete Scan
Total Scan Time : 00:56:15

Memory items scanned : 575
Memory threats detected : 0
Registry items scanned : 6215
Registry threats detected : 2
File items scanned : 93944
File threats detected : 27

Adware.Tracking Cookie
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@adxpose[1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@imrworldwide[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@advertising[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@media6degrees[1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@invitemedia[1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@lucidmedia[1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@revsci[1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@tribalfusion[1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@atdmt[1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@interclick[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@serving-sys[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@ru4[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@zedo[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\emily@doubleclick[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\Low\emily@2o7[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\Low\emily@adinterax[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\Low\emily@atdmt[2].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\Low\emily@doubleclick[1].txt
   C:\Users\Emily\AppData\Roaming\Microsoft\Windows\Cookies\Low\emily@questionmarket[1].txt

Trojan.Agent/Gen
   HKU\S-1-5-21-2876558591-2662789015-1497126295-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#47862506
   HKU\S-1-5-21-2876558591-2662789015-1497126295-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN#1922036909

-----------------------------
MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6804

Windows 6.0.6000
Internet Explorer 7.0.6000.16982

6/7/2011 7:51:29 PM
mbam-log-2011-06-07 (19-51-29).txt

Scan type: Full scan (C:\|)
Objects scanned: 226999
Time elapsed: 39 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

faerieem · « **Reply #38 on:** June 08, 2011, 10:36:42 AM »

and from the external drive, SAS ran overnight, and afterwards, the computer restarted itself. I'm not sure if it repaired the items it found or not. I can rerun.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/08/2011 at 01:43 AM

Application Version : 4.53.1000

Core Rules Database Version : 7225
Trace Rules Database Version: 5037

Scan type : Complete Scan
Total Scan Time : 03:38:41

Memory items scanned : 591
Memory threats detected : 0
Registry items scanned : 6234
Registry threats detected : 0
File items scanned : 145253
File threats detected : 4215

Adware.Tracking Cookie
   ia.media-imdb.com [ E:\$RECYCLE.BIN\S-1-5-21-961768651-989949159-2568054308-1000\$R8NMJBA\Roaming\Macromedia\Flash Player\#SharedObjects\VBFLKKVA ]
   ia.media-imdb.com [ E:\Seagate Backup\EMILY-PC\C\Users\Emily\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VBFLKKVA ]
   s0.2mdn.net [ E:\Seagate Backup\EMILY-PC\C\Users\Emily\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VBFLKKVA ]
   thumbs.crakmedia.com [ E:\Seagate Backup\EMILY-PC\C\Users\Emily\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\VBFLKKVA ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .iacas.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .iacas.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .iacas.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .iacas.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .iacas.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .iacas.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .collective-media.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .collective-media.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .collective-media.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .collective-media.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adopt.specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .dmtracker.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .at.atwola.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   tracking.foundry42.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   tracking.foundry42.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .backcountry.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .backcountry.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .backcountry.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   www.backcountry.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   www.backcountry.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   data.coremetrics.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .pitchforkmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .pitchforkmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .mint.pitchforkmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .indieclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   optimize.indieclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   optimize.indieclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .linksynergy.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .linksynergy.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .linksynergy.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .imrworldwide.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .eyewonder.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .buzznet.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adlegend.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .viacomedycentralrl.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .zillow.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .zillow.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .nextag.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .nextag.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .chitika.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .onetoone.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .kontera.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .kontera.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .williamsoncounty-tn.gov [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adserver.adtechus.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .guthyrenker.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .longandfoster.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .phhmortgage.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .interclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .interclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   ads.bridgetrack.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.mediamayhemcorp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.mediamayhemcorp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.mediamayhemcorp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   rotator.adjuggler.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   rotator.adjuggler.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .paypal.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .mysexprofessor.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .qnsr.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .msnbc.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .redorbit.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .redorbit.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .redorbit.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .healthgrades.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .hertz.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .bookfinder.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .imrworldwide.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .directhomediscount.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .directhomediscount.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .at.atwola.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .livenation.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .bravenet.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .apmebf.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .apmebf.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .petfinder.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .petfinder.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .aanp.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .associatedcontent.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   cdn4.specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   cdn4.specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .at.atwola.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .care2.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media6degrees.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media6degrees.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .interclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   citi.bridgetrack.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   citi.bridgetrack.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lfstmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2-clicks-coins.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media6degrees.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media6degrees.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media6degrees.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .eyewonder.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   caloriecount.about.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   caloriecount.about.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .caloriecount.about.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adxpose.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .kontera.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lucidmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lucidmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lucidmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .network.realmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .e-2dj6wfliogdzigp.stats.esomniture.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .stats.paypal.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ehg-fifa.hitbox.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .invitemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .invitemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .invitemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .invitemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lucidmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lucidmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   dc.tremormedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   adserver.adreactor.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ice.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .tripod.lycos.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   stat.onestat.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   stat.onestat.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ipcmedia.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   fs10.fusestats.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media.medhelp.org [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .medhelpinternational.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .doubleclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .zedo.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .atdmt.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .advertising.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .advertising.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .advertising.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .advertising.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .revsci.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .questionmarket.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   ad.yieldmanager.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .bs.serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .advertising.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .bs.serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   webstats.peterchristopher.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   ad.yieldmanager.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   ad.yieldmanager.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .*adult URL* [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .*adult URL* [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .tracker.adtaily.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .pro-market.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .tacoda.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .tacoda.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .tacoda.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .advertising.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adbrite.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adbrite.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .fastclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .a1.interclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .fastclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   sales.liveperson.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   sales.liveperson.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   link.mercent.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   cdn4.specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .mediaplex.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .mediaplex.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adtech.de [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .tribalfusion.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .extrovert.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adinterax.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adinterax.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .burstnet.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .burstnet.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .247realmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .classmates.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .legolas-media.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .legolas-media.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .invitemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .invitemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .find.mapmuse.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .fastclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   metroleap.rotator.hadj7.adjuggler.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   metroleap.rotator.hadj7.adjuggler.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   ad.yieldmanager.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .videoegg.adbureau.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .bluestreak.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .casalemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .casalemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .casalemedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .trafficmp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .trafficmp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lucidmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lucidmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   uk.sitestat.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   uk.sitestat.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .xiti.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .247realmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .traveladvertising.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adbrite.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .lockedonmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .enhance.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .overture.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .overture.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   imagevenue.advertserve.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   imagevenue.advertserve.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   www.nakedcelebspictures.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   www.nakedcelebspictures.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   *adult URL* [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .maxporn.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .pornex.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .youporn.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .youporn.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .youporn.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   ads.youporn.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .realmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   server.iad.liveperson.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   server.iad.liveperson.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .ads.pointroll.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .usatoday1.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   www.peoplefinders.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .peoplefinders.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .peoplefinders.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .zedo.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .trafficmp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .bizrate.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .bizrate.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .statcounter.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .thefind.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .thefind.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .thefind.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .thefind.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .thefind.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   statse.webtrendslive.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .usnews.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .timeinc.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .greatschools.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   eas.apm.emediate.eu [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .eas.apm.emediate.eu [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .trafficmp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .trafficmp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .trafficmp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .a1.interclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .interclick.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   cdn4.specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   cdn4.specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   cdn4.specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .zedo.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .rainbowmedia.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .highbeam.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   eas.apm.emediate.eu [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adbrite.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   adserver.i3d.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .revsci.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adecn.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .porntube.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .porntube.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .naiadsystems.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .youpornmate.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .xfuckbook.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .xfuckbook.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media.mtvnservices.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media.mtvnservices.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .clickbank.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   www.qsstats.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   e1.cdn.qnsr.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .qnsr.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .hearstmagazines.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .walmart.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .msnportal.112.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .serving-sys.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .media6degrees.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .xm.xtendmedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .activenetwork.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .kontera.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   stat.dealtime.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .mediaplex.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .insightexpressai.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   w00tpublishers.wootmedia.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adserver.beggarspromo.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adserver.beggarspromo.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .adlegend.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   counter.hitslink.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   www.findgift.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   www.findgift.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .yieldmanager.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .mediaforge.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   traffic.buyservices.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .buycom.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   cdn4.specificclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .liveperson.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .liveperson.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .perf.overture.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .tracking.realtor.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .homestore.122.2o7.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   tracking.admarketplace.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .pro-market.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .pro-market.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .revsci.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .doubleclick.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .revsci.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .atdmt.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .trafficmp.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .andomedia.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .questionmarket.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .revsci.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   .revsci.net [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   ad.yieldmanager.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Brett\AppData\Roaming\Mozilla\Firefox\Profiles\g22o5y1k.default\cookies.sqlite ]
   secure-us.imrworldwide.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Emily\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TJR6VSLQ ]
   .media6degrees.com [ E:\Seagate Backup\EMILY-PC\History\Level10\C\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\fsxq9ver.default\cookies.sqlite ]
   .media6degrees.com [ E:\Seagate Backup

SuperDave · « **Reply #39 on:** June 08, 2011, 12:56:51 PM »

Has anything changed on your internet access?

faerieem · « **Reply #40 on:** June 08, 2011, 02:44:42 PM »

internet is the same as before: wireless connection with password.
All programs are now working again, since the full recovery, including firefox & IE. IE has given me some unusual messages, for example, it wouldn't perform a search on this site using the search box.

Is there a program/tool that will help me determine which programs that are reloaded need updating (i.e. java, adobe, etc)? The recovery disk is from 2007.

SuperDave · « **Reply #41 on:** June 08, 2011, 05:07:34 PM »

I'm glad to hear that. Here are a couple of sites.

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

faerieem · « **Reply #42 on:** June 08, 2011, 09:18:29 PM »

awesome. Both done. updated adobe products & java; the other very few items I have installed so far were fine.
Now I can move back over my backed up files & documents?

faerieem · « **Reply #43 on:** June 08, 2011, 09:23:04 PM »

also, going forward, would using MSE + the windows firewall be the best way to protect my system? Do I also need a separate spyware checker? I have used web of trust in the past & I'll proably go back to that; I feel very comfortable with it.

SuperDave · « **Reply #44 on:** June 09, 2011, 04:33:29 PM »

Quote

would using MSE + the windows firewall be the best way to protect my system?

Yes. This would be a good start. If you want or require extra protection you can always add a third-part firewall

Quote

Do I also need a separate spyware checker?

Yes. You need programs to protect against malware because your AV program won't do it. I have SpywareBlaster, Threatfire, Spybot Search and Destroy as well as Windows Defender on my computer. I keep SAS and MBAM on my computer and I update them and run them on a regular basis. Remember, viruses mess up your computer so that it won't function properly. Malware, on the other hand can get all kinds of information off your computer including your dogs name.lol.

Quote

I have used web of trust in the past & I'll proably go back to that

WOT is a great program but it's just a security advisor warning you about unsafe sites.

faerieem · « **Reply #45 on:** June 11, 2011, 08:49:40 AM »

thanks. I think I am almost back up and running. Now that I've "freshened up" my laptop with a full format, I may go off and do the same thing to my old XP desktop that has a very full hard drive.

With spyware programs like you listed, do I have them all on and active? do they run in the background or do I need to get back into the habit of just running them weekly?
I have Windows Defender on and running. Is there a way to settle User Account Control down so it isn't popping up every time I make a change?

SuperDave · « **Reply #46 on:** June 11, 2011, 06:15:57 PM »

Quote

With spyware programs like you listed, do I have them all on and active? do they run in the background or do I need to get back into the habit of just running them weekly?

MBAM has a free trial period of continous scanning. Once that expires, you will probably have to buy the new version. Or, you can keep MBAM and SAS on your computer, update them and run regularyly.

Quote

Is there a way to settle User Account Control down so it isn't popping up every time I make a change?

You can disable it.

Computer Hope Forum

News:

Author Topic: know I have a virus, don't know anything else about it. (Read 23948 times)

faerieem

SuperDave

faerieem

SuperDave

faerieem

SuperDave

faerieem

faerieem

SuperDave

faerieem

SuperDave

faerieem

SuperDave

faerieem

SuperDave

faerieem

faerieem

SuperDave

faerieem

faerieem

faerieem

SuperDave

faerieem

SuperDave

faerieem

SuperDave

faerieem

SuperDave

faerieem

SuperDave

faerieem

SuperDave

faerieem

faerieem

SuperDave

faerieem

SuperDave

faerieem

faerieem

SuperDave

faerieem

SuperDave

faerieem

faerieem

SuperDave

faerieem

SuperDave