Vista Anti-Virus 2012

Hi, my computer a Windows Vista got attacked by a virus called Vista Anti-Virus 2012, it is preventing me from launching any programs or going online. I am writing this from a Windows XP laptop. What can I do to get rid of this?

Update: following the advice from the BleepingComputer [http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012] my computer is up to the point where I can use it to access the internet and such.

Is there anything I need to do to clean it up?

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
******************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
***********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

part 1 of the logs

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/28/2011 at 07:32 PM

Application Version : 5.0.1136

Core Rules Database Version : 7992
Trace Rules Database Version: 5804

Scan type : Complete Scan
Total Scan Time : 03:14:29

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 698
Memory threats detected : 0
Registry items scanned : 43708
Registry threats detected : 0
File items scanned : 267612
File threats detected : 437

Adware.Tracking Cookie
C:\Users\Nick F\AppData\Roaming\Microsoft\Windows\Cookies\nick_f@adecn[2].txt [ /adecn ]
C:\Users\Nick F\AppData\Roaming\Microsoft\Windows\Cookies\nick_f@adinterax[1].txt [ /adinterax ]
C:\Users\Nick F\AppData\Roaming\Microsoft\Windows\Cookies\nick_f@adserver.zonemedia[2].txt [ /adserver.zonemedia ]
C:\Users\Nick F\AppData\Roaming\Microsoft\Windows\Cookies\nick_f@eyewonder[1].txt [ /eyewonder ]
C:\Users\Nick F\AppData\Roaming\Microsoft\Windows\Cookies\nick_f@legolas-media[2].txt [ /legolas-media ]
C:\Users\Nick F\AppData\Roaming\Microsoft\Windows\Cookies\ZP2RIDP8.txt [ /pmamedia.sitescout.com ]
C:\Users\Nick F\AppData\Roaming\Microsoft\Windows\Cookies\9JJ53COM.txt [ /atdmt.combing.com ]
C:\Users\Nick F\AppData\Roaming\Microsoft\Windows\Cookies\O1Z1J60G.txt [ /collective-media.net ]
C:\Users\Nick F\AppData\Roaming\Microsoft\Windows\Cookies\BM3MRN5Q.txt [ /yieldmanager.net ]
C:\Users\Nick F\AppData\Roaming\Microsoft\Windows\Cookies\7J8QT145.txt [ /invitemedia.com ]
C:\Users\Nick F\AppData\Roaming\Microsoft\Windows\Cookies\MSHZ9VE4.txt [ /media6degrees.com ]
C:\Users\Nick F\AppData\Roaming\Microsoft\Windows\Cookies\XIXRYHND.txt [ /mediabrandsww.com ]
C:\USERS\NICK F\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick_f@ads.bridgetrack[1].txt [ Cookie:nick f@ads.bridgetrack.com/ ]
C:\USERS\NICK F\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick_f@e-2dj6wjnyomdjieo.stats.esomniture[2].txt [ Cookie:nick f@e-2dj6wjnyomdjieo.stats.esomniture.com/ ]
C:\USERS\NICK F\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick_f@media6degrees[1].txt [ Cookie:nick f@media6degrees.com/ ]
C:\USERS\NICK F\AppData\Roaming\Microsoft\Windows\Cookies\Low\nick_f@segment-pixel.invitemedia[1].txt [ Cookie:nick f@segment-pixel.invitemedia.com/ ]
amatuersexclips.net [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
cdn.eyewonder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
cdn.insights.gravity.com [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
cdn.selectablemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
cdn.tremormedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
content.yieldmanager.edgesuite.net [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
convoad.technoratimedia.net [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
exgirlfriendporn.org [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
ia.media-imdb.com [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
konac.kontera.com [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
media.ign.com [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
media.mtvnservices.com [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
media.scanscout.com [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
media1.break.com [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
objects.tremormedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
s0.2mdn.net [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
secure-us.imrworldwide.com [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
www.porn-amateur.com [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
www.teengfs.com [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
www.watchgfporn.com [ C:\USERS\NICK F\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\8376EUZ6 ]
C:\USERS\NICK F\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\NICK_F@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adtechus.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
adserver.adreactor.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediaforge.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
s04.flagcounter.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.game-advertising-online.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
ads.react2media.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.ero-advertising.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adultadworld.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
imagevenue.advertserve.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
imagevenue.advertserve.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.eyeviewads.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.eyeviewads.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.viacom.adbureau.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.viacom.adbureau.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
www.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
www.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
upload.wikimedia.org [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
upload.wikimedia.org [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.www.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
hpi.rotator.hadj7.adjuggler.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
hpi.rotator.hadj7.adjuggler.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.cdn.eyewonder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.cdn.eyewonder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mm.chitika.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.steelhousemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.tracking.dsmmadvantage.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.sexy-toons.org [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.sexy-toons.org [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adnetxchange.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.amtk-media.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.amtk-media.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
adup.rotator.hadj7.adjuggler.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
adup.rotator.hadj7.adjuggler.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediabrandsww.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.gsimedia.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.gsimedia.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
perfectadserver.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.intermundomedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.intermundomedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
us.sitestat.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
us.sitestat.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.harrenmedianetwork.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media.contextweb.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media.contextweb.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
counters.gigya.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.viacom.adbureau.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adultadworld.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adultadworld.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adultadworld.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
pornshareproject.org [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
pornshareproject.org [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
pornshareproject.org [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.whatpornsite.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.whatpornsite.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.watchgfporn.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.watchgfporn.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.exgirlfriendporn.org [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.exgirlfriendporn.org [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.naked.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.porn-amateur.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.porn-amateur.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
adserver.leanmarket.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
ads.react2media.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.akamai.interclickproxy.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
www.burstbeacon.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media.adfrontiers.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
www.sexynaked.org [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
freeporn-hd.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
freeporn-hd.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
freeporn-hd.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
freeporn-hd.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
freeporn-hd.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
freeporn-hd.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
freeporn-hd.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
freeporn-hd.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adultfriendfinder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
rts.pgmediaserve.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
ads.ventivmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adxpansion.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.naked.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.naked.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
www.teenink.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.batman-porn.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.batman-porn.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
www.teenink.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.teenink.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.teenink.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.teenink.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.xm.xtendmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.girlfriendpornblog.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.girlfriendpornblog.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mynakedexgf.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mynakedexgf.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.realsexygirlfriends.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.realsexygirlfriends.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.teengfs.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.teengfs.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.teengfs.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.xxxmatch.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
www.exposedteengfs.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
adserver.bigcocksyndicate.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
www.watchgfporn.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.teen.preferredconsumer.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.teen.preferredconsumer.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.teen.preferredconsumer.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revenuemantra.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.rmserve.revenuemantra.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.pagetrackr.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.pagetrackr.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.pagetrackr.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.watchgfporn.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.watchgfporn.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.watchgfporn.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.watchgfporn.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.watchgfporn.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media.photobucket.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.azjmp.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.azjmp.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.azjmp.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.brandspotmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
pfatracking.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.network.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
mediaservices-d.openxenterprise.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]

Rogue.AVProtection2011
C:\USERS\NICK F\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\XGR4RJ1K\FILE[1].EXE
C:\USERS\NICK F\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\19\67B4C953-26194852
C:\USERS\NICK F\APPDATA\LOCALLOW\SUN\JAVA\DEPLOYMENT\CACHE\6.0\7\6A8E5947-6AF544EA
C:\USERS\NICK F\DOCUMENTS\6D8TML.EXE
C:\USERS\NICK F\DOCUMENTS\OXHQ.EXE
C:\WINDOWS\TEMP\GKMJSHDXBS
C:\Windows\Prefetch\6D8TML.EXE-85952D14.pf

part 2

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8263

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11/28/2011 9:20:07 PM
mbam-log-2011-11-28 (21-20-07).txt

Scan type: Quick scan
Objects scanned: 184699
Time elapsed: 12 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

next logs are coming up

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_26
Run by Nick F at 21:24:39 on 2011-11-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1384 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxdmcoms.exe
C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NCH Swift Sound\VRS\vrs.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\Philips\SPC230NC\Monitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Lexmark 5000 Series\lxdmmon.exe
C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Nick F\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Users\Nick F\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {C0FBA15F-7424-4DF0-8195-CAC3D6CFA44B} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Cookienator] "c:\program files\cookienator\cookienator.exe" /auto
uRun: [Akamai NetSession Interface] c:\users\nick f\appdata\local\akamai\netsession_win.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [SPC_Monitor] c:\windows\philips\spc230nc\Monitor.exe
mRun: [SPC230NC_Monitor] c:\windows\philips\spc230nc\Monitor.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [lxdmmon.exe] "c:\program files\lexmark 5000 series\lxdmmon.exe"
mRun: [lxdmamon] "c:\program files\lexmark 5000 series\lxdmamon.exe"
mRun: [Lexmark 5000 Series Fax Server] "c:\program files\lexmark 5000 series\fm3032.exe" /s
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{A954DE27-F7EC-4389-8169-E84D1098E16D} : DhcpNameServer = 192.168.10.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nick f\appdata\roaming\mozilla\firefox\profiles\l4fjkkx4.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www2.cscc.edu/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppanda3d.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-15 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-7-19 320856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-19 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-7-19 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-7 44768]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2011-3-9 1104608]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-24 361808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-5 24652]
R2 VRSService;VRS Recording System;c:\program files\nch swift sound\vrs\vrs.exe [2011-10-13 1206276]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-24 193840]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-3 42528]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [2011-3-18 17792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MP4ConverterAudio;MP4ConverterAudio;c:\windows\system32\drivers\MP4ConverterAudio.sys [2011-6-26 23608]
S3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [2009-7-8 8576]
S3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [2009-7-8 461056]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-29 00:15:18 -------- d-----w- c:\users\nick f\appdata\roaming\SUPERAntiSpyware.com
2011-11-29 00:14:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-29 00:14:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-22 08:58:42 -------- d-----w- c:\users\nick f\Toolbar
2011-11-20 20:51:14 -------- d-----w- c:\program files\iPod
2011-11-15 19:36:23 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1cc1cbcb-c0d3-49b1-9e6a-38f911fe443f}\mpengine.dll
2011-11-09 18:01:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-11-09 18:00:28 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:00:28 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 18:00:26 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-04 04:42:34 -------- d-----w- c:\users\nick f\appdata\local\Akamai
.
==================== Find3M ====================
.
2011-10-24 21:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 17:21:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:36:26 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 13:39:07 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 06:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
.
============= FINISH: 21:33:46.38 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/11/2009 10:45:22 AM
System Uptime: 11/28/2011 8:36:20 PM (1 hours ago)
.
Motherboard: Wistron | | 360A
Processor: AMD Athlon Dual-Core QL-60 | Socket A | 1000/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 14.52 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.68 GiB free.
E: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
7-Zip 4.65
ABBYY FineReader 6.0 Sprint
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Audition CS5.5
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Akamai NetSession Interface Service
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i 3
ArcSoft VideoImpression 2
ArcSoft WebCam Companion 2
Atheros Driver Installation Program
Audacity 1.3.13 (Unicode)
avast! Free Antivirus
Blaine's Custom Blends (Translucency and Compositing)
Bonjour
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Celtx (2.9.1)
Champions Online
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco NAC Agent
Cisco PEAP Module
Clouded Horizons Character Creation Utility
Conexant HD Audio
Cookienator
CyberLink DVD Suite
Download Updater (AOL LLC)
ESET Online Scanner v3
FFmpeg v0.6.2 for Audacity
GIMP 2.6.11
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Button Manager
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 D3
HP Smart Web Printing 4.60
HP Total Care Advisor
HP Update
HP User Guides 0110
HP Webcam User's Guide
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
HPTCSSetup
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
K-Lite Mega Codec Pack 5.2.0
Lexmark 5000 Series
Malwarebytes' Anti-Malware version 1.51.2.1300
Messenger Plus! 5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft UI Engine
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Microsoft® PowerPoint® Animation Player
MobileMe Control Panel
Movavi Video Converter 11
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.3
Panda3D Game Engine
Philips Intelligent Agent
Philips SPC230NC Webcam
Power2Go
PowerDirector
Prince of Persia Warrior Within
PSSWCORE
PVSonyDll
QuickPlay SlingPlayer 0.4.6
QuickTime
RecordPad Sound Recorder
Safari
Screenshot Utility version 1.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Skype Click to Call
Skype™ 5.5
SmartWebPrinting
SpywareBlaster 4.4
SUPERAntiSpyware
Switch Sound File Converter
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Vegas Movie Studio HD 11.0
Vegas Pro 10.0
VideoToolkit01
VoiceOver Kit
VRS Recording System
Webcam Video Viewer
Winamp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
YouTube Downloader 3.4
.
==== Event Viewer Messages From Past Week ========
.
11/28/2011 8:38:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdmCATSCustConnectService service to connect.
11/28/2011 8:38:25 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/28/2011 8:38:25 PM, Error: Service Control Manager [7000] - The lxdmCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/28/2011 8:35:20 PM, Error: Service Control Manager [7016] - The MgiSvr service has reported an invalid current state 32.
.
==== End Of File ===========================

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
*************************************************
The log shows that you only have 14.52 Gb of free space on your harddrive. Windows requires at least 15% (21 Gb) to operate properly. You will need to free up some space.

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

ComboFix 11-11-29.04 - Nick F 11/29/2011 16:24:08.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1873 [GMT -8:00]
Running from: c:\users\Nick F\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-30 )))))))))))))))))))))))))))))))
.
.
2011-11-30 00:40 . 2011-11-30 00:41 -------- d-----w- c:\users\Nick F\AppData\Local\temp
2011-11-30 00:40 . 2011-11-30 00:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-11-30 00:40 . 2011-11-30 00:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-11-30 00:40 . 2011-11-30 00:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-29 00:15 . 2011-11-29 00:15 -------- d-----w- c:\users\Nick F\AppData\Roaming\SUPERAntiSpyware.com
2011-11-29 00:14 . 2011-11-29 00:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-29 00:14 . 2011-11-29 00:14 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-22 08:58 . 2011-11-22 09:00 -------- d-----w- c:\users\Nick F\Toolbar
2011-11-20 20:51 . 2011-11-20 20:51 -------- d-----w- c:\program files\iPod
2011-11-15 19:36 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CC1CBCB-C0D3-49B1-9E6A-38F911FE443F}\mpengine.dll
2011-11-09 18:01 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 18:00 . 2011-09-20 21:02 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 18:00 . 2011-09-20 13:44 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 18:00 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-04 04:42 . 2011-11-18 06:42 -------- d-----w- c:\users\Nick F\AppData\Local\Akamai
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-24 21:29 . 2011-10-24 21:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 21:29 . 2011-10-24 21:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-24 17:21 . 2011-05-15 17:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 20:45 . 2010-09-07 10:20 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2009-07-19 16:58 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-03-16 02:15 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2009-07-19 16:59 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2009-07-19 16:59 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2009-07-19 16:59 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2009-07-19 16:58 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2009-07-19 16:59 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 13:30 . 2011-10-12 17:06 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 13:39 . 2011-10-12 17:04 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-15 14:44 . 2011-06-18 21:23 568832 ----a-w- c:\program files\mozilla firefox\plugins\msvcp90.dll
2011-03-15 14:44 . 2011-06-18 21:23 655872 ----a-w- c:\program files\mozilla firefox\plugins\msvcr90.dll
2011-11-09 02:13 . 2011-04-21 23:23 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cookienator"="c:\program files\Cookienator\cookienator.exe" [2009-10-19 1333472]
"Akamai NetSession Interface"="c:\users\Nick F\AppData\Local\Akamai\netsession_win.exe" [2011-11-17 3303000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 4617600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-02 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SPC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"SPC230NC_Monitor"="c:\windows\Philips\SPC230NC\Monitor.exe" [2007-12-10 323584]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"lxdmmon.exe"="c:\program files\Lexmark 5000 Series\lxdmmon.exe" [2007-12-14 455336]
"lxdmamon"="c:\program files\Lexmark 5000 Series\lxdmamon.exe" [2007-12-14 25256]
"Lexmark 5000 Series Fax Server"="c:\program files\Lexmark 5000 Series\fm3032.exe" [2007-12-14 307880]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"NACAgentUI"="c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2011-03-10 524512]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-09-20 801792]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Button Manager.lnk
backup=c:\windows\pss\HP Button Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-15 01:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 15:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 08:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-22 08:18 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
2011-10-13 18:23 1240068 ----a-w- c:\program files\NCH Software\Recordpad\recordpad.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VRS]
2011-10-13 18:20 1206276 ----a-w- c:\program files\NCH Swift Sound\VRS\vrs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MP4ConverterAudio;MP4ConverterAudio;c:\windows\system32\drivers\MP4ConverterAudio.sys [2011-04-01 23608]
R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\DRIVERS\PAEAFLT.sys [2007-09-26 8576]
R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\DRIVERS\SPC230NC.SYS [2007-12-31 461056]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [2011-03-10 1104608]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-25 361808]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 VRSService;VRS Recording System;c:\program files\NCH Swift Sound\VRS\vrs.exe [2011-10-13 1206276]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-03 42528]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 17792]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-16 c:\windows\Tasks\HPCeeScheduleForNick F.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-06-25 03:03]
.
2011-11-29 c:\windows\Tasks\User_Feed_Synchronization-{0C8D02E5-EE49-4906-BB76-3FD2EAF72B59}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Nick F\AppData\Roaming\Mozilla\Firefox\Profiles\l4fjkkx4.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www2.cscc.edu/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{c0fba15f-7424-4df0-8195-cac3d6cfa44b} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{C0FBA15F-7424-4DF0-8195-CAC3D6CFA44B} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - c:\users\NICKF~1\AppData\Local\Temp\anj.dll
MSConfigStartUp-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0316.3\mswinext.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-29 16:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
Completion time: 2011-11-29 16:50:26
ComboFix-quarantined-files.txt 2011-11-30 00:50
ComboFix2.txt 2011-01-02 23:27
.
Pre-Run: 29,154,254,848 bytes free
Post-Run: 29,302,005,760 bytes free
.
- - End Of File - - 830AB35A65BB30D432D295868A4045F4

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • Hidden Files << Selected
    
  
  
• At the bottom of the page
  
  
  
  • Hidden Objects Only << Selected
    
  
  
• Click on the Create Log button on the bottom right.
  
• After a few seconds a new window should appear.
  
• Select Scan Root Drive. Click on the Start button.
  
• When it is complete a new window will appear to indicate that the scan is finished.
  
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
  

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 914BF000
Module End: 914CA000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 914CA000
Module End: 914D2000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAddBootEntry
Address: 90E13374
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEvent
Address: 90E15996
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEventPair
Address: 90E159EE
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateIoCompletion
Address: 90E15B04
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateMutant
Address: 90E158EC
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSection
Address: 90E15A3E
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSemaphore
Address: 90E15940
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateTimer
Address: 90E15AB2
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteBootEntry
Address: 90E13398
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwLoadDriver
Address: 90E13162
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwModifyBootEntry
Address: 90E133BC
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeKey
Address: 90E15EFC
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeMultipleKeys
Address: 90E13E54
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEvent
Address: 90E159C6
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEventPair
Address: 90E15A16
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenIoCompletion
Address: 90E15B2E
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenMutant
Address: 90E15918
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSection
Address: 90E15A7E
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSemaphore
Address: 90E1596E
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenTimer
Address: 90E15ADC
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryObject
Address: 90E13D1A
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootEntryOrder
Address: 90E133E0
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootOptions
Address: 90E13404
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemInformation
Address: 90E131BC
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemPowerState
Address: 90E132F8
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwShutdownSystem
Address: 90E132D4
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSystemDebugControl
Address: 90E1331C
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwTerminateProcess
Address: 807E7640
Driver Base: 807DD000
Driver End: 807FF000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

Function Name: ZwVdmControl
Address: 90E13428
Driver Base: 90E00000
Driver End: 90E70000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwCreateProcessEx
At Address: 83299DCA
Jump To: 914849AA
Module Name: C:\Windows\System32\Drivers\aswSP.SYS

Hooked Function: ObMakeTemporaryObject
At Address: 831DF62F
Jump To: 914803DE
Module Name: C:\Windows\System32\Drivers\aswSP.SYS

Hooked Function: ObInsertObject
At Address: 83238543
Jump To: 91481E84
Module Name: C:\Windows\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\Users\Nick F\Music\Darker than Black Ryusei no Gemini
Status: Hidden

Object: C:\Users\Nick F\Music\Dissidia Final Fantasy\202 One Winged Angel-orchestra version-?from FINAL FANTASY ?.mp3
Status: Hidden

Object: C:\Users\Nick F\Music\Dissidia Final Fantasy\202 One Winged Angel-orchestra version-?from FINAL FANTASY ?.mp3.sfk
Status: Hidden

Object: C:\Users\Nick F\Pictures\Ryusei_no_Gemini_DVD_cover.jpg
Status: Hidden

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

here

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5d509933f5efd04e8f96c92a0cfa33b2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-17 03:49:01
# local_time=2011-11-16 07:49:01 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 36703469 36703469 0 0
# compatibility_mode=1024 16777215 100 0 59633424 59633424 0 0
# compatibility_mode=5892 16776574 100 100 0 158087422 0 0
# compatibility_mode=8192 67108863 100 0 38977076 38977076 0 0
# scanned=244088
# found=5
# cleaned=5
# scan_time=21847
C:\Users\Nick F\AppData\Local\temp\{B3121411-7B4C-BDC0-5F2B-336E68F136E7}\zugo.exe a variant of Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Nick F\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-71313c85 Java/TrojanDownloader.OpenStream.NCM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Nick F\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\4b6dd006-651085da Java/TrojanDownloader.OpenStream.NCA trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Nick F\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\7788bc6-76153424 Java/TrojanDownloader.OpenStream.NCA trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Nick F\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\5c684afc-70c2d594 Java/TrojanDownloader.OpenStream.NCA trojan (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5d509933f5efd04e8f96c92a0cfa33b2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-17 10:53:03
# local_time=2011-12-17 02:53:03 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 39370950 39370950 0 0
# compatibility_mode=1024 16777215 100 0 62300905 62300905 0 0
# compatibility_mode=5892 16776574 100 100 2584835 160754903 0 0
# compatibility_mode=8192 67108863 100 0 41644557 41644557 0 0
# scanned=194244
# found=8
# cleaned=8
# scan_time=15007
C:\ProgramData\YouTube Downloader\ytd_installer.exe a variant of Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Nick F\AppData\Local\temp\ICReinstall\cnet2_FreeSoundRecorder_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Nick F\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\1a767440-32d97653 a variant of Win32/Kryptik.WQZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Nick F\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\28c00235-2f25f01c multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Nick F\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\1855393c-4fb6a4e7 a variant of Java/Exploit.CVE-2011-3544.B trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Nick F\Downloads\cnet2_FreeSoundRecorder_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Nick F\Downloads\YouTubeDownloaderSetup33.exe a variant of Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\temp\szmdrorhwo a variant of Win32/Kryptik.XMW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

That looks good. Are there any other issues?

yes, it keeps coming back. It came back twice, and twice I got rid of it the same way. I noticed several things that happen when it does:

My control panel says it needs my permission and won't go away till I hit "yes", and Adobe keeps wanting to a download an update JUST as the virus hits and even now it keeps wanting to come back.

Let's run a few more scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

here

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-18 09:02:10
-----------------------------
09:02:10.205 OS Version: Windows 6.0.6002 Service Pack 2
09:02:10.221 Number of processors: 2 586 0x301
09:02:10.221 ComputerName: NICKF-PC UserName: Nick F
09:02:13.481 Initialize success
09:02:13.668 AVAST engine defs: 11121800
09:03:52.809 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
09:03:52.809 Disk 0 Vendor: TOSHIBA_MK1652GSX LV011C Size: 152627MB BusType: 3
09:03:54.837 Disk 0 MBR read successfully
09:03:54.853 Disk 0 MBR scan
09:03:54.853 Disk 0 unknown MBR code
09:03:54.869 Disk 0 scanning sectors +312578048
09:03:54.993 Disk 0 scanning C:\Windows\system32\drivers
09:04:31.857 Service scanning
09:04:34.493 Modules scanning
09:04:58.907 Disk 0 trace - called modules:
09:04:58.969 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
09:04:58.985 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f7b660]
09:04:58.985 3 CLASSPNP.SYS[807a78b3] -> nt!IofCallDriver -> [0x86934870]
09:04:59.515 5 acpi.sys[806156bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x85fe2b98]
09:05:01.512 AVAST engine scan C:\Windows
09:05:06.270 AVAST engine scan C:\Windows\system32
09:07:25.988 AVAST engine scan C:\Windows\system32\drivers
09:07:47.720 AVAST engine scan C:\Users\Nick F
09:33:46.496 AVAST engine scan C:\ProgramData
09:40:19.082 Scan finished successfully
09:51:17.786 Disk 0 MBR has been saved successfully to "C:\Users\Nick F\Desktop\MBR.dat"
09:51:17.801 The log file has been saved successfully to "C:\Users\Nick F\Desktop\aswMBR.txt"

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
  
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  
• Double click the setup file to run it.
  
• Click Next to continue.
  
• Accept the License agreement and click on next.
  
• It will, by default, install it to your desktop folder. Click Next.
  
• It will then open a box There will be a tab that says Automatic scan.
  
• Under Automatic scan make sure these are checked.
  
  
• Hidden Startup Objects
  
• System Memory
  
• Disk Boot Sectors.
  
• My Computer.
  
• Also any other drives (Removable that you may have)
  

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

While you're in Safe Mode, please update and run MBAM and post the log.

My computer crashed twice after trying to scan, I ran the scan twice. Crashed twice. It wouldn't boot up the whole night and now it finally boots up this morning, the Kapersky scan keeps crashing during it's run while my comp is on safe mode. Is there another alternative?

Download MBRCheck to your desktop.

• Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  
• It will show a black screen with some data on it.
  
• A report called MBRcheckxxxx.txt will be on your desktop
  
• Open this report and post its content in your next reply.
  

.

here

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ50 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 198):
0x8304B000 \SystemRoot\system32\ntkrnlpa.exe
0x83018000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\PSHED.dll
0x8041C000 \SystemRoot\system32\BOOTVID.dll
0x80424000 \SystemRoot\system32\CLFS.SYS
0x80465000 \SystemRoot\system32\CI.dll
0x80545000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80602000 \SystemRoot\system32\drivers\acpi.sys
0x80648000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80651000 \SystemRoot\system32\drivers\msisadrv.sys
0x80659000 \SystemRoot\system32\drivers\pci.sys
0x80680000 \SystemRoot\system32\drivers\isapnp.sys
0x8068F000 \SystemRoot\system32\drivers\mpio.sys
0x806AB000 \SystemRoot\System32\drivers\partmgr.sys
0x806BA000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x806BD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x806C7000 \SystemRoot\system32\drivers\volmgr.sys
0x806D6000 \SystemRoot\System32\drivers\volmgrx.sys
0x80720000 \SystemRoot\system32\drivers\intelide.sys
0x80727000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80735000 \SystemRoot\system32\drivers\pciide.sys
0x8073C000 \SystemRoot\system32\drivers\aliide.sys
0x80743000 \SystemRoot\system32\drivers\amdide.sys
0x8074A000 \SystemRoot\system32\drivers\cmdide.sys
0x80752000 \SystemRoot\System32\drivers\mountmgr.sys
0x80762000 \SystemRoot\system32\drivers\msdsm.sys
0x8077C000 \SystemRoot\system32\drivers\nvraid.sys
0x80797000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x807B8000 \SystemRoot\system32\drivers\viaide.sys
0x83606000 \SystemRoot\system32\drivers\iastorv.sys
0x836A7000 \SystemRoot\system32\drivers\atapi.sys
0x836AF000 \SystemRoot\system32\drivers\ataport.SYS
0x836CD000 \SystemRoot\system32\drivers\lsi_scsi.sys
0x836E7000 \SystemRoot\system32\drivers\storport.sys
0x83728000 \SystemRoot\system32\drivers\nvstor.sys
0x83735000 \SystemRoot\system32\drivers\hpcisss.sys
0x83740000 \SystemRoot\system32\drivers\adp94xx.sys
0x837AA000 \SystemRoot\system32\drivers\adpahci.sys
0x807C0000 \SystemRoot\system32\drivers\adpu160m.sys
0x805CE000 \SystemRoot\system32\drivers\SCSIPORT.SYS
0x8AE06000 \SystemRoot\system32\drivers\adpu320.sys
0x8AE2C000 \SystemRoot\system32\drivers\djsvs.sys
0x8AE40000 \SystemRoot\system32\drivers\arc.sys
0x8AE56000 \SystemRoot\system32\drivers\arcsas.sys
0x8AE6C000 \SystemRoot\system32\drivers\elxstor.sys
0x8AF00000 \SystemRoot\system32\drivers\i2omp.sys
0x8AF0A000 \SystemRoot\system32\drivers\iirsp.sys
0x8AF1A000 \SystemRoot\system32\drivers\iteatapi.sys
0x8AF26000 \SystemRoot\system32\drivers\iteraid.sys
0x8AF32000 \SystemRoot\system32\drivers\lsi_fc.sys
0x8AF4C000 \SystemRoot\system32\drivers\lsi_sas.sys
0x8AF64000 \SystemRoot\system32\drivers\megasas.sys
0x8B009000 \SystemRoot\system32\drivers\megasr.sys
0x8B0C0000 \SystemRoot\system32\drivers\mraid35x.sys
0x8B0CB000 \SystemRoot\system32\drivers\msahci.sys
0x8B0D5000 \SystemRoot\system32\drivers\nfrd960.sys
0x8B207000 \SystemRoot\system32\drivers\ql2300.sys
0x8B33F000 \SystemRoot\system32\drivers\ql40xx.sys
0x8B394000 \SystemRoot\system32\drivers\sisraid2.sys
0x8B3A1000 \SystemRoot\system32\drivers\sisraid4.sys
0x8B3B6000 \SystemRoot\system32\drivers\symc8xx.sys
0x8B3C2000 \SystemRoot\system32\drivers\sym_hi.sys
0x8B3CD000 \SystemRoot\system32\drivers\sym_u3.sys
0x8B0E3000 \SystemRoot\system32\drivers\uliahci.sys
0x8B3D8000 \SystemRoot\system32\drivers\ulsata.sys
0x8B11F000 \SystemRoot\system32\drivers\ulsata2.sys
0x8B14B000 \SystemRoot\system32\drivers\vsmraid.sys
0x8B16C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B19E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8AF6E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B40B000 \SystemRoot\system32\drivers\ndis.sys
0x8B516000 \SystemRoot\system32\drivers\msrpc.sys
0x8B541000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B606000 \SystemRoot\System32\drivers\tcpip.sys
0x8B6F3000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B806000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B916000 \SystemRoot\system32\drivers\wd.sys
0x8B91E000 \SystemRoot\system32\drivers\volsnap.sys
0x8B957000 \SystemRoot\System32\Drivers\spldr.sys
0x8B95F000 \SystemRoot\system32\drivers\sbp2port.sys
0x8B974000 \SystemRoot\System32\Drivers\mup.sys
0x8B983000 \SystemRoot\System32\drivers\ecache.sys
0x8B9AA000 \SystemRoot\system32\drivers\disk.sys
0x8B9BB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B9E4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B9EF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B70E000 \SystemRoot\system32\DRIVERS\processr.sys
0x8B71D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B726000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B9F8000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8B739000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B744000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8B9FD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8B774000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B800000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8B77F000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8B787000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B791000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B7CF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F404000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F491000 \SystemRoot\system32\drivers\Afc.sys
0x8F499000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8F4B1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F4B7000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8F803000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x9015A000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x9015C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F4FD000 \SystemRoot\System32\drivers\watchdog.sys
0x8F509000 \SystemRoot\system32\DRIVERS\athr.sys
0x8F5ED000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8B57C000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8F5F5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B7DE000 \SystemRoot\system32\DRIVERS\vcsvad.sys
0x8B5AB000 \SystemRoot\system32\DRIVERS\portcls.sys
0x8B5D8000 \SystemRoot\system32\DRIVERS\drmk.sys
0x8B1AE000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B7E3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B400000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B1D8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AFDF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x807DB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x9020B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90220000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90230000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90232000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9023C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90249000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9027E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9028F000 \SystemRoot\system32\drivers\CHDRT32.sys
0x902CA000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x9080C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x9090F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x909C4000 \SystemRoot\system32\drivers\modem.sys
0x909D1000 \SystemRoot\system32\drivers\nvhda32v.sys
0x90308000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x909DF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x909E8000 \SystemRoot\System32\Drivers\Null.SYS
0x909EF000 \SystemRoot\System32\Drivers\Beep.SYS
0x90800000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x90375000 \SystemRoot\System32\drivers\vga.sys
0x90381000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x909F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x903A2000 \SystemRoot\system32\drivers\rdpencdd.sys
0x903AA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x903B5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x903C3000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x903CC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x903E2000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x90E0C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90E3E000 \SystemRoot\system32\DRIVERS\smb.sys
0x90E52000 \SystemRoot\system32\drivers\afd.sys
0x90E9A000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x90EA1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90EB7000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90EC5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90ED8000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x90EFA000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x90F00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90F3C000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90F46000 \SystemRoot\System32\Drivers\dfsc.sys
0x90F5D000 \SystemRoot\System32\Drivers\aswSP.SYS
0x90FA8000 \SystemRoot\System32\Drivers\crashdmp.sys
0x90FB5000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x90FC0000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9A480000 \SystemRoot\System32\win32k.sys
0x90FC8000 \SystemRoot\System32\drivers\Dxapi.sys
0x90FD2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A6A0000 \SystemRoot\System32\TSDDD.dll
0x9A6C0000 \SystemRoot\System32\cdd.dll
0x9A6D0000 \SystemRoot\System32\ATMFD.DLL
0x90FE1000 \SystemRoot\system32\drivers\luafv.sys
0x81A03000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x81A3B000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x81A3E000 \SystemRoot\system32\drivers\spsys.sys
0x81AEE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x81AFE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x81B28000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x81B32000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x81B45000 \SystemRoot\system32\drivers\HTTP.sys
0x81BB2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x81BCF000 \SystemRoot\system32\DRIVERS\bowser.sys
0x81BE8000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA5A00000 \SystemRoot\system32\drivers\mrxdav.sys
0xA5A21000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA5A40000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA5A79000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA5A91000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA5AB9000 \SystemRoot\System32\DRIVERS\srv.sys
0xA5B20000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA6A0F000 \SystemRoot\system32\drivers\peauth.sys
0xA6AED000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA6AF7000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA6B03000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA6B0B000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA6B44000 \SystemRoot\System32\Drivers\fastfat.SYS
0x77150000 \WINDOWS\System32\ntdll.dll

Processes (total 71):
0 System Idle Process
4 System
1148 C:\WINDOWS\System32\smss.exe
2184 csrss.exe
2392 C:\WINDOWS\System32\wininit.exe
2424 csrss.exe
1564 C:\WINDOWS\System32\services.exe
1612 C:\WINDOWS\System32\lsass.exe
1644 C:\WINDOWS\System32\lsm.exe
612 C:\WINDOWS\System32\svchost.exe
1188 C:\WINDOWS\System32\winlogon.exe
1252 C:\WINDOWS\System32\nvvsvc.exe
2132 C:\WINDOWS\System32\svchost.exe
2644 C:\WINDOWS\System32\svchost.exe
2788 C:\WINDOWS\System32\svchost.exe
2836 C:\WINDOWS\System32\svchost.exe
3268 C:\WINDOWS\System32\audiodg.exe
3348 C:\WINDOWS\System32\SLsvc.exe
3572 C:\WINDOWS\System32\svchost.exe
3748 C:\WINDOWS\System32\nvvsvc.exe
736 C:\WINDOWS\System32\svchost.exe
1632 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1792 C:\WINDOWS\System32\wlanext.exe
3232 C:\WINDOWS\System32\spoolsv.exe
3288 C:\WINDOWS\System32\svchost.exe
912 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1008 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1136 C:\WINDOWS\System32\svchost.exe
3584 C:\Program Files\Bonjour\mDNSResponder.exe
3872 C:\WINDOWS\System32\lxdmcoms.exe
3936 C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
4056 C:\WINDOWS\System32\svchost.exe
4088 C:\WINDOWS\SMINST\BLService.exe
472 C:\WINDOWS\System32\svchost.exe
1096 C:\Program Files\Viewpoint\Common\ViewpointService.exe
1192 C:\WINDOWS\System32\svchost.exe
1368 C:\WINDOWS\System32\SearchIndexer.exe
1464 C:\WINDOWS\System32\drivers\XAudio.exe
1688 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
2844 C:\WINDOWS\System32\taskeng.exe
2884 C:\WINDOWS\System32\taskeng.exe
4008 C:\WINDOWS\System32\dwm.exe
1176 C:\WINDOWS\explorer.exe
380 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
372 C:\WINDOWS\System32\svchost.exe
2576 C:\Program Files\HP\QuickPlay\QPService.exe
2412 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
724 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2572 C:\WINDOWS\Philips\SPC230NC\Monitor.exe
1620 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2716 C:\Program Files\Lexmark 5000 Series\lxdmmon.exe
1300 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
3308 C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
2236 WmiPrvSE.exe
1680 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
3500 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2372 C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
2228 C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
1888 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
2968 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
2156 C:\Users\Nick F\AppData\Local\Akamai\netsession_win.exe
2416 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
688 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
1748 C:\Users\Nick F\AppData\Local\Akamai\netsession_win.exe
4320 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4556 C:\WINDOWS\System32\wuauclt.exe
5660 C:\Program Files\iPod\bin\iPodService.exe
4244 C:\Program Files\iTunes\iTunesHelper.exe
5836 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
5248 C:\WINDOWS\System32\mobsync.exe
1248 C:\Users\Nick F\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000022`cf100000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1652GSX, Rev: LV011C

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Please update and run SuperAntiSpyware and post the log.

here

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/19/2011 at 07:09 PM

Application Version : 5.0.1142

Core Rules Database Version : 8068
Trace Rules Database Version: 5880

Scan type : Quick Scan
Total Scan Time : 00:14:39

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 747
Memory threats detected : 0
Registry items scanned : 30214
Registry threats detected : 0
File items scanned : 17923
File threats detected : 121

Adware.Tracking Cookie
C:\Users\Nick F\AppData\Roaming\Microsoft\Windows\Cookies\VIAWPW37.txt [ /atdmt.combing.com ]
C:\Users\Nick F\AppData\Roaming\Microsoft\Windows\Cookies\B3AY3AOK.txt [ /adxpose.com ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.eyewonder.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
pfa.rotator.hadj7.adjuggler.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
pfa.rotator.hadj7.adjuggler.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
pfa.rotator.hadj7.adjuggler.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.purebluemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.artcitymedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
fidelity.rotator.hadj7.adjuggler.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
www.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
www.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
www.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
www.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
www.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.network.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\NICK F\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\L4FJKKX4.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-RogueAV
C:\WINDOWS\TEMP\XNMWVIYNZQ

Bumped

Sorry for the delay.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
***************************************************
Please download Stealth MBR Rootkit Detector by GMER from GMER.net, and save to your Desktop.

• Double-click mbr.exe to start the program.
  
• When done scanning, it will save a log on the Desktop called mbr.log.
  
• Please post the contents of that log in your next reply.
  

Here is the first set of logs, the mbr log is next:

Results of screen317's Security Check version 0.99.30
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.1)
Mozilla Firefox 8.0. Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: TOSHIBA_MK1652GSX rev.LV011C -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**********************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

here

C:\Users\Nick F\AppData\Local\lyj.exe a variant of Win32/Kryptik.XOD trojan cleaned by deleting - quarantined
C:\Users\Nick F\AppData\Local\uwg.exe a variant of Win32/Kryptik.XNX trojan cleaned by deleting - quarantined
C:\Users\Nick F\AppData\Local\temp\slp2218294091415020101.tmp a variant of Win32/Kryptik.XTY trojan deleted - quarantined
C:\Users\Nick F\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\9d5c39e-1cfc5bad a variant of Win32/Kryptik.XNX trojan cleaned by deleting - quarantined

That looks good. How's the computer running now?

It's running fine, no attacks, no signs of it returning.

It's running fine, no attacks, no signs of it returning..

Good. We can do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

***********************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
**************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing and Happy Holidays !