Results 1 to 8 of 8

Thread: Infected by a java drive by..

  1. #1

    Infected by a java drive by..

    My fb account and a game I play have both been hacked and they have been sending me system messages etc

    I read the sticky and it cleaned some java.backdoor trojans and a few other files..

    Here is my DDS logs

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
    Run by owner at 17:52:26 on 2012-03-12
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6069.3785 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\Net4Switch\Net4Switch.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
    C:\Windows\System32\rundll32.exe
    C:\Users\owner\AppData\Local\Temp\sysglobl.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Users\owner\AppData\Local\Temp\iedvtool.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppL aunch.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    TB: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [© Windows Live Messenger Music Status Plugin Module] C:\Users\owner\AppData\Local\Temp\sysglobl.exe
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
    mRun: [UpdReg] C:\Windows\UpdReg.EXE
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r install /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /w
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{A90AD191-8679-4AFA-B492-89E52E480697} : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{A90AD191-8679-4AFA-B492-89E52E480697}\34963736F61403036393 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{A90AD191-8679-4AFA-B492-89E52E480697}\3547566756E637F6E6D27657563747 : DhcpNameServer = 192.168.1.1 192.168.33.1
    TCP: Interfaces\{A90AD191-8679-4AFA-B492-89E52E480697}\D616273786 : DhcpNameServer = 68.87.64.150 68.87.75.198
    TCP: Interfaces\{A90AD191-8679-4AFA-B492-89E52E480697}\D616273786D27657563747 : DhcpNameServer = 68.87.64.150 68.87.75.198
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
    mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r install /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /w
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Pro files\eonqia8g.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={s earchTerms}
    FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=2&q=
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.funmoods_i.newTab - false
    FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=axl&q=
    FF - user.js: extensions.funmoods_i.id - b2efceaa00000000000000231525993d
    FF - user.js: extensions.funmoods_i.instlDay - 15398
    FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
    FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.163:18:06
    FF - user.js: extensions.funmoods_i.prtnrId - funmoods
    FF - user.js: extensions.funmoods_i.prdct - funmoods
    FF - user.js: extensions.funmoods_i.aflt - axl
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods_i.tlbrId - base
    FF - user.js: extensions.funmoods_i.instlRef -
    FF - user.js: extensions.funmoods_i.dfltLng -
    FF - user.js: extensions.funmoods_i.excTlbr - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGI DSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe " --> C:\Windows\system32\FBAgent.exe [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-24 13592]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-10 652360]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-10-24 2314240]
    R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-24 909152]
    R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIV ERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIV ERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.s ys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
    R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
    R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sy s --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system3 2\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sy s --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftpla ylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftr edirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh .sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-10-24 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-24 79360]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssflt r.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-1-9 4925184]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-03-12 05:41:47 -------- d-----w- C:\Users\owner\AppData\Local\ASUS
    2012-03-12 01:16:09 -------- d-----w- C:\Program Files (x86)\ESET
    2012-03-12 01:16:01 -------- d--h--w- C:\Windows\AxInstSV
    2012-03-12 01:05:38 -------- d-----w- C:\Users\owner\AppData\Local\{4D77DC52-5EA4-48EB-989B-8D94C7989657}
    2012-03-12 01:04:50 -------- d-----w- C:\Users\owner\AppData\Local\{EC4614E6-829A-4733-B92A-BF9F9A968E6D}
    2012-03-12 00:16:43 -------- d-----w- C:\Users\owner\AppData\Local\ElevatedDiagnostics
    2012-03-12 00:09:33 -------- d-----w- C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.co m
    2012-03-12 00:08:57 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-03-12 00:08:57 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-03-10 22:57:41 -------- d-----w- C:\Users\owner\AppData\Local\{E51864C6-AD00-4168-9EAB-32D0354DAA71}
    2012-03-10 22:57:23 -------- d-----w- C:\Users\owner\AppData\Local\{8F24EF18-76B0-4D15-BCC7-40F6DA819E4C}
    2012-03-10 22:40:20 388096 ----a-r- C:\Users\owner\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-03-10 22:40:20 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-03-10 16:19:08 -------- d-----w- C:\Program Files\CheckPoint
    2012-03-10 16:18:35 -------- d-----w- C:\ProgramData\CheckPoint
    2012-03-10 16:17:48 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-03-10 16:14:51 -------- d-----w- C:\Program Files (x86)\CheckPoint
    2012-03-10 15:47:01 -------- d-----w- C:\ProgramData\PC Tools
    2012-03-10 15:47:01 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
    2012-03-10 15:47:01 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2012-03-10 15:37:56 -------- d-----w- C:\Users\owner\AppData\Roaming\GetRightToGo
    2012-03-10 15:37:51 -------- d-----w- C:\Users\owner\AppData\Roaming\Malwarebytes
    2012-03-10 15:37:19 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-10 15:37:19 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-03-10 15:37:19 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-03-10 10:48:19 -------- d-----w- C:\Users\owner\AppData\Local\{A3400C8E-C046-47B8-8018-57049D78E194}
    2012-03-10 10:48:07 -------- d-----w- C:\Users\owner\AppData\Local\{C4F2A1EA-1063-443A-A374-FBDF78AB86A3}
    2012-03-10 00:09:01 -------- d-----w- C:\Fraps
    2012-03-09 16:50:30 -------- d-----w- C:\Users\owner\AppData\Local\{3A3C904F-CB32-4EDE-95E0-96F3922E8F28}
    2012-03-09 16:50:19 -------- d-----w- C:\Users\owner\AppData\Local\{13E9EC5B-FC91-4D95-94E4-7BDB3098B9E8}
    2012-03-09 02:22:28 -------- d-----w- C:\Users\owner\AppData\Local\{1C1ADDFA-8353-41A4-9C9C-33F8DD80559A}
    2012-03-09 02:22:19 -------- d-----w- C:\Users\owner\AppData\Local\{C1A7A53D-68F4-4019-BB8B-8AD3EA0D203A}
    2012-03-07 20:24:56 -------- d-----w- C:\Users\owner\AppData\Local\{B30762EA-C6DD-4366-9665-E56487EC06F8}
    2012-03-07 20:24:46 -------- d-----w- C:\Users\owner\AppData\Local\{FDDB34FD-63F2-4F1F-9E70-0387E84DA3DE}
    2012-03-06 1803 -------- d-----w- C:\Users\owner\AppData\Local\{C85D4497-1882-417E-9C22-0A891C7E27FE}
    2012-03-06 18:26:53 -------- d-----w- C:\Users\owner\AppData\Local\{BEAE6A5C-D69E-4068-934D-CEA00C7620B7}
    2012-03-06 01:03:33 -------- d-----w- C:\Users\owner\AppData\Local\{6E7C4C3A-935E-4EB2-B411-7B104E8B5B1A}
    2012-03-06 01:03:23 -------- d-----w- C:\Users\owner\AppData\Local\{A2F2F203-5531-43C6-8EC2-5126FA87F238}
    2012-03-05 04:13:21 -------- d-----w- C:\Users\owner\AppData\Local\{9D75E4DE-8082-4AB8-B710-7381A3F1D377}
    2012-03-05 04:13:11 -------- d-----w- C:\Users\owner\AppData\Local\{0D8E9C66-CF07-41C8-AF8C-AECF6FD76EDE}
    2012-02-29 18:32:05 -------- d-----w- C:\Users\owner\AppData\Local\{233E5868-5154-49B1-83E7-CDE5B028F949}
    2012-02-29 18:31:54 -------- d-----w- C:\Users\owner\AppData\Local\{1CDBED0B-C2B8-46AB-BDCB-4CA847A5092E}
    2012-02-28 08:19:29 -------- d-----w- C:\Program Files (x86)\VideoLAN
    2012-02-27 21:26:03 -------- d-----w- C:\Users\owner\AppData\Local\{5681EC64-0C8B-42EB-99D4-58916B18996D}
    2012-02-27 21:25:48 -------- d-----w- C:\Users\owner\AppData\Local\{35ADFAAA-1105-4264-84F5-98FFC40BEFB4}
    2012-02-27 04:17:28 -------- d-----w- C:\Users\owner\AppData\Local\{C0EA3819-1BB2-4C86-88A7-3B44EB04BABA}
    2012-02-27 04:17:15 -------- d-----w- C:\Users\owner\AppData\Local\{1F55204A-B180-48D2-A19A-FEC17E6B390C}
    2012-02-27 04:16:54 -------- d-----w- C:\Users\owner\AppData\Local\{A9103A03-4DAD-41EB-BED9-D7D228369B3C}
    2012-02-27 02:38:16 -------- d-----w- C:\Program Files\Oracle
    2012-02-27 02:36:48 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
    2012-02-27 02:36:48 660368 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-02-26 10:09:27 -------- d-----w- C:\Users\owner\RSCEmulation
    2012-02-26 04:51:48 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
    2012-02-26 04:50:04 -------- d--h--w- C:\Windows\msdownld.tmp
    2012-02-26 04:50:03 -------- d-----w- C:\Windows\SysWow64\directx
    2012-02-26 04:47:09 -------- d-----w- C:\Users\owner\AppData\Roaming\RIFT
    2012-02-24 08:21:35 -------- d-----w- C:\Users\owner\AppData\Local\{056910DF-B684-4869-90AC-69DF82C56B63}
    2012-02-24 08:21:26 -------- d-----w- C:\Users\owner\AppData\Local\{E2ACBB37-893C-43CD-96CC-A301A0824A7D}
    2012-02-24 08:21:26 -------- d-----w- C:\Users\owner\AppData\Local\{6FA48141-F8DD-4442-84C4-2133CD875CAD}
    2012-02-22 08:11:08 -------- d-----w- C:\Users\owner\AppData\Roaming\FOG Downloader
    .
    ==================== Find3M ====================
    .
    2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
    2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-12-16 08:45:22 1197568 ----a-w- C:\Windows\System32\wininet.dll
    2011-12-16 08:42:13 634368 ----a-w- C:\Windows\System32\msvcrt.dll
    2011-12-16 08:41:26 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2011-12-16 08:02:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-12-16 07:59:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2011-12-16 07:58:33 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2011-12-16 07:26:35 482816 ----a-w- C:\Windows\System32\html.iec
    2011-12-16 06:49:33 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2011-12-16 06:43:48 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-12-16 06:15:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 17:53:41.92 ===============

  2. #2
    Attached is the .zip file
    Attached Files Attached Files

  3. #3
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    The instructions are very clear, Copy/Paste both DDS logs, we do not open attached files. We need to see logs from all programs run especially programs that removed infected files. We need the full logs, not just infection names so please post the logs from top to bottom. You appear to have run MBA-M, SUPERAntispyware, ESET Scanner. I need to see all three.
    You also appear to have extensions.funmoods in Firefox. Uninstall those they are malware for sure.

  4. #4
    sorry, I followed the directions in the log that said attach the one as a ZIP.. heres the logs you requested:

    (ESET scanner found nothing on my 2nd try so no logs)

    Also, I keep getting this random update from superantispyware that it blocks some file named java.teste.vbs trojan.vbs from running at random times

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/24/2011 8:02:50 PM
    System Uptime: 3/11/2012 10:38:53 PM (19 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | G73Jh
    Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz | Socket 989 | 1734/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 596 GiB total, 542.929 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP55: 3/5/2012 12:09:31 PM - Scheduled Checkpoint
    RP56: 3/8/2012 3:47:23 PM - Installed Ventrilo Client
    RP57: 3/8/2012 8:30:47 PM - Removed Ventrilo Client
    RP58: 3/8/2012 8:31:33 PM - Removed RIFT
    RP59: 3/10/2012 11:17:10 AM - Windows Update
    RP60: 3/10/2012 5:35:24 PM - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Reader 9.0.1
    Alcor Micro USB Card Reader
    Apple Application Support
    Apple Software Update
    ASUS AI Recovery
    ASUS Data Security Manager
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    Asus_G73_Screensaver
    ATK Package
    AVG Security Toolbar
    Bing Bar
    BitTorrent
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cisco Connect
    ControlDeck
    Creative MediaSource 5
    D3DX10
    ESET Online Scanner v3
    Express Gate
    Fraps
    HiJackThis
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.60.1.1000
    Mesh Runtime
    Messenger Companion
    Microsoft Office Click-to-Run 2010
    Microsoft Office Home and Student 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 10.0.2 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    NB Probe
    Net4Switch
    Pinnacle Instant DVD Recorder
    Realtek High Definition Audio Driver
    Remove Startup Programs Buddy 2.2
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Sound Blaster Audigy HD
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Visual Studio 2008 x64 Redistributables
    VLC media player 1.1.11
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Movie Maker 2.6
    WinFlash
    WinRAR 4.11 (32-bit)
    Wireless Console 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/11/2012 9:10:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    3/11/2012 8:16:37 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/11/2012 8:15:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    3/11/2012 8:15:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    3/11/2012 8:15:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/11/2012 8:15:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/11/2012 8:15:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/11/2012 8:15:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/11/2012 8:15:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/11/2012 8:15:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/11/2012 8:15:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy pctgntdi Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
    3/11/2012 8:15:31 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/11/2012 8:15:31 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/11/2012 8:15:31 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/11/2012 8:15:31 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/11/2012 8:15:31 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/11/2012 8:15:31 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    3/11/2012 8:15:31 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/11/2012 8:15:31 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/11/2012 8:15:31 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/11/2012 8:15:31 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    3/11/2012 8:15:31 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    3/11/2012 7:12:13 PM, Error: Service Control Manager [7034] - The AFBAgent service terminated unexpectedly. It has done this 1 time(s).
    3/11/2012 10:39:21 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    3/11/2012 10:39:21 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    3/11/2012 10:39:20 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    3/10/2012 5:57:50 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    3/10/2012 10:54:13 AM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    .
    ==== End Of File ===========================




    Superantispyware
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 03/13/2012 at 10:11 PM

    Application Version : 5.0.1146

    Core Rules Database Version : 8324
    Trace Rules Database Version: 6136

    Scan type : Complete Scan
    Total Scan Time : 01:21:54

    Operating System Information
    Windows 7 Home Premium 64-bit (Build 6.01.7600)
    UAC On - Limited User

    Memory items scanned : 710
    Memory threats detected : 0
    Registry items scanned : 67265
    Registry threats detected : 0
    File items scanned : 48817
    File threats detected : 217

    Adware.Tracking Cookie
    C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\C ookies\Low\0T5F1ZZB.txt [ Cookiewner@eset.122.2o7.net/ ]
    C:\USERS\OWNER\AppData\Roaming\Microsoft\Windows\C ookies\Low\ZQGGLC3N.txt [ Cookiewner@serving-sys.com/ ]
    .kaspersky.122.2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .eset.122.2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .adxpose.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .www.burstnet.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .kontera.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .harrenmedianetwork.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .microsoftsto.112.2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .apmebf.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .akamai.interclickproxy.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .zedo.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .lucidmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .yieldmanager.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    rotator.adjuggler.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    rotator.adjuggler.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    ox-d.enveromedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .amazon-adsystem.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .trafficmp.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    webservices.evolvemediacorp.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .technoratimedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .collective-media.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .ar.atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .ar.atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    www.burstnet.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .burstnet.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .socialmediaexaminer.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .socialmediaexaminer.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .socialmediaexaminer.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .socialmediaexaminer.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .socialmediaexaminer.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .socialmediaexaminer.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .socialmediaexaminer.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .socialmediaexaminer.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .www.socialmediaexaminer.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    www.socialmediaexaminer.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    www.socialmediaexaminer.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    wstat.wibiya.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .realmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .webservices.evolvemediacorp.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .webservices.evolvemediacorp.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .webservices.evolvemediacorp.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .adserver.adtechus.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .solvemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .solvemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .adserver.adtechus.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .pro-market.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .fastclick.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    www.googleadservices.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .questionmarket.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .2o7.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    s10.flagcounter.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .a1.interclick.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .mediaplex.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    network.realmedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .advertising.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .tacoda.at.atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .at.atwola.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .insightexpressai.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    ad2.adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .adfarm1.adition.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .bs.serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .revsci.net [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    statse.webtrendslive.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .pointroll.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .ads.pointroll.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .adbrite.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .serving-sys.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .invitemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .media6degrees.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .trafficmp.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .casalemedia.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    .tribalfusion.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PRO FILES\EONQIA8G.DEFAULT\COOKIES.SQLITE ]


    Malwarebytes
    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.13.06

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    owner :: OWNER-PC [administrator]

    Protection: Enabled

    3/13/2012 8:50:36 PM
    mbam-log-2012-03-13 (20-50-36).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 324553
    Time elapsed: 1 hour(s), 33 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  5. #5
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Randomuser321 sorry, I followed the directions in the log that said attach the one as a ZIP..
    I urge you to go back and read the instructions again:
    http://forum.iamnotageek.com/showthr...equesting-Help
    You will see the DDS Instructions read exactly as quoted below, with the two sentences in bold black print. No place do our instructions say to attach as a ZIP.



    Be sure follow the instructions below carefully

    • If your AV has a script blocker, please disable it
    • DoubleClick on dds.scr to run the tool
    * A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
    * Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).
    Copy&Paste both the DDS.txt and the DDS Attach.txt into your post for assistance.

    Notice I say copy/paste BOTH logs. The Attach.txt log says at the top to attach it, please do not attach it but copy/paste it also
    I see a LOT of problems here.
    Your Java is two updates behind. Current version is 6 update 31.
    But one of the biggest problems has to be that your browsers are configured incorrectly, especially Firefox, you have it set to allow Tracking Cookies. The SAS log was LOADED with Tracking cookies. All of them in Firefox. Several of those cookies contain the names of security programs...ESET, Kaspersky, but those cookies were not from either of those sites, so we don't really know for certain that the ESET scan you did was legit. There should be NO tracking cookie listed with ESET on it.

    The ESET scan is done at, http://www.eset.com/us/online-scanner/

    and if any ESET cookie would be found, and that would be a 1st party cookie meaning it's a GOOD one and it should show that listing above. The one on yours showed eset.122.2o7.net which is a KNOWN tracking site. The Kaspersky cookie also showed the same thing, 122.207.net, meaning it's likely the computer has been hijacked. Those aren't the only two, there were 217 threats detected and the bulk of these cookies are from sites considered to be Privacy Trackers, meaning every piece of personal information on the computer is likely at risk.

    The other big problem is see is BitTorrent, a P2P program, literally one of the easiest ways to get an infection. Considering your nearly 600GB hard drive only has a little less than 54GB of free space remaining I would imagine you have either music, videos, etc. If these were shared files, the computer is at great risk.
    You have multiple errors noted in the Event log, one noting Threatfire being listed but it does not appear to even be installed on the machine.
    You have a lousy AV program on there AVG is one of the lowest rated Security Suites around, not recommended at any reputable computer web site.
    You recently installed HiJack This, it is rarely used today, uninstall it.

    I would recommend that you empty ALL cookies from all browsers you have. Configure them to Accept 1st Party Cookies and BLOCK 3rd party cookies.
    Uninstall the BitTorrent, or we cannot go forward. I really would prefer that you get rid of ALL shared files, because one of those at least may have started all of this.
    I would advise you uninstall AVG. Go back to the ESET site, the correct site, and do another scan and see what it shows.

  6. #6
    Few questions..

    I haven't entered my CC or bank information since I got hijacked and I haven't entered any passwords beside FB and the game I play (the rest of my passwords are all automatically saved)

    Can they see my saved passwords and I'm just going to wipe my whole computer I think because there isn't anything on here that I need really bad and I feel like it would be the best option. :/

  7. #7
    by the way, did what you said and ran the ESET scanner again

    Found this:
    C:\Users\owner\AppData\LocalLow\Sun\Java\Deploymen t\cache\6.0\34\13b390e2-30ba2dca Java/Exploit.CVE-2011-3544.BC trojan deleted - quarantined

    I also deleted my java cache after I ran this test.

  8. #8
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Of course they can see your saved passwords if they have control over your computer.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •