Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Virus preventing internet access  (Read 10132 times)

0 Members and 1 Guest are viewing this topic.

carlosgee

    Topic Starter


    Rookie

    • Experience: Beginner
    • OS: Unknown
    Virus preventing internet access
    « on: January 17, 2011, 03:21:41 PM »
    Hi guys can you please help me, I think i have malware in my laptop running Vista. Basically my net connecton shows but coming up with unidentified network etc tried renew in dos etc, but programs that use the internet like itunes wont connect at all, can you help me please? Thanks, Carl

    Shannon123

    • Guest
    Re: Virus preventing internet access
    « Reply #1 on: January 18, 2011, 01:47:55 AM »
    I am having a similar problem. I can connect to the internet and even perform a google search, but cannot open any pages. The error msg is 'web page not available'.

    I down loaded a rar file yesterday but it requested a password to open so i deleted it. Could it have installed a virus?

    Please help. Thanks!

    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Virus preventing internet access
    « Reply #2 on: January 18, 2011, 01:01:00 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

    Shannon123. Please do not hijack someone else's thread. Start your own and someone will help you.

    Carlosgee, please run these scans. If you cannot access the internet to download these programs please follow the directions above.

    SUPERAntiSpyware

    If you already have SUPERAntiSpyware be sure to check for updates before scanning!


    Download SuperAntispyware Free Edition (SAS)
    * Double-click the icon on your desktop to run the installer.
    * When asked to Update the program definitions, click Yes
    * If you encounter any problems while downloading the updates, manually download and unzip them from here
    * Next click the Preferences button.

    •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
    * Click the Scanning Control tab.
    * Under Scanner Options make sure only the following are checked:

    •Close browsers before scanning
    •Scan for tracking cookies
    •Terminate memory threats before quarantining
    Please leave the others unchecked

    •Click the Close button to leave the control center screen.

    * On the main screen click Scan your computer
    * On the left check the box for the drive you are scanning.
    * On the right choose Perform Complete Scan
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete a summary box will appear. Click OK
    * Make sure everything in the white box has a check next to it, then click Next
    * It will quarantine what it found and if it asks if you want to reboot, click Yes

    •To retrieve the removal information please do the following:
    •After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    •Click Preferences. Click the Statistics/Logs tab.

    •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

    •It will open in your default text editor (preferably Notepad).
    •Save the notepad file to your desktop by clicking (in notepad) File > Save As...

    * Save the log somewhere you can easily find it. (normally the desktop)
    * Click close and close again to exit the program.
    *Copy and Paste the log in your post.
    *****************************************
    Please download Malwarebytes Anti-Malware from here.
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
    ************************************************
    Download DDS from HERE or HERE and save it to your desktop.

    Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

    * XP users Double click on dds to run it.
    * If your antivirus or firewall try to block DDS then please allow it to run.
    * When finished DDS will open two (2) logs.

    1) DDS.txt
    2) Attach.txt

    * Save both logs to your desktop.
    * Please copy and paste the entire contents of both logs in your next reply.

    Note: DDS will instruct you to post the Attach.txt log as an attachment.
    Please just post it as you would any other log by copy and pasting it into the reply.
    Windows 8 and Windows 10 dual boot with two SSD's

    carlosgee

      Topic Starter


      Rookie

      • Experience: Beginner
      • OS: Unknown
      Re: Virus preventing internet access
      « Reply #3 on: January 22, 2011, 08:56:30 AM »
      Thanks for the reply, this is the log for the SuperAntiSpware program:

      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 01/22/2011 at 03:02 PM

      Application Version : 4.48.1000

      Core Rules Database Version : 6247
      Trace Rules Database Version: 4059

      Scan type       : Complete Scan
      Total Scan Time : 02:59:10

      Memory items scanned      : 686
      Memory threats detected   : 0
      Registry items scanned    : 9126
      Registry threats detected : 1
      File items scanned        : 282996
      File threats detected     : 653

      Adware.Tracking Cookie
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@doubleclick[2].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@advertise[1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@babecamsex[1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@mediaplex[2].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@apmebf[1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@admarketplace[1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@revsci[1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@atdmt[1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@keygens[2].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@imrworldwide[2].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@bizzclick[1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@adtech[1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@serving-sys[1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@n-traffic[1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@virginmedia[1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@babblesex[1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@warezguru[1].txt
         api.firestormmedia.tv [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         atdmt.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         bc.youporn.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         broadcast.piximedia.fr [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         cdn5.specificclick.net [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         ec.atdmt.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         files.youporn.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         googleads.g.doubleclick.net [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         gw.callingbanners.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         interclick.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         m.uk.2mdn.net [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         m1.2mdn.net [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         m1.au.2mdn.net [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         m1.emea.2mdn.net [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         media.jambocast.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         media.kyte.tv [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         media.scanscout.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         media.tattomedia.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         media01.kyte.tv [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         naiadsystems.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         objects.tremormedia.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         piximedia.fr [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         s0.2mdn.net [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         serving-sys.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         spe.atdmt.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         stat.easydate.biz [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         static.youporn.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         tracking.onefeed.co.uk [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         virginmedia.a.mms.mavenapps.net [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         www.babblesex.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         www.babecamsex.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         www.lollybadcock.*adult URL* [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         www.naiadsystems.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         www.pornhub.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         www.pornotube.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         www.webpornsex.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         wwwstatic.megaporn.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\angela@adultwork[1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\angela@clicktorrent[1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\angela@sexstationtv[1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
         C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\angela@youporn[1].txt
         .api.firestormmedia.tv [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .api.firestormmedia.tv [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .api.firestormmedia.tv [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .at.atwola.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .at.atwola.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .atdmt.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .atdmt.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .atdmt.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .azjmp.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .barclaysbankaccountapply.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .bluestreak.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .bravenet.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .bravenet.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .bravenet.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .bs.serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .bs.serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .burstnet.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .canoe.112.2o7.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .casalemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .cdn4.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .cdn4.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .cdn4.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .cdn5.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .cdn5.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .chitika.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .clicksor.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .clicksor.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .cltomedia.info [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .cltomedia.info [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .collective-media.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .computersexy.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .computersexy.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .counter.hitslink.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .crackdevil.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .crackserialkeygen.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .d2.advertserve.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .dc.tremormedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .dmtracker.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .doubleclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .e-2dj6wfl4cldpofp.stats.esomniture.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .e-2dj6wmligjazmeo.stats.esomniture.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .e.i.i.cltomedia.info [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .eas.apm.emediate.eu [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .eas.apm.emediate.eu [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .eas.apm.emediate.eu [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .ero-advertising.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .euroclick.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .eyewonder.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .fastclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .fastclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .fastclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .femalefirst.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .femalefirst.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .findanewhome.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .findarticles.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .findarticles.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .fls.doubleclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .fr.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .fr.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .himedia.individuad.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .i.g.i.cltomedia.info [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .imgx.latestdiscountvouchers.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .imrworldwide.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .imrworldwide.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .in.getclicky.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .int.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .int.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .interclick.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .interclick.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .interclick.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .jibjab.112.2o7.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .keygens.nl [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .kontera.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .kontera.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .kontera.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .kronos.bravenetmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .latestdiscountvouchers.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .mars.112.2o7.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .media.photobucket.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .media6degrees.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .media6degrees.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .media6degrees.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .media6degrees.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .media6degrees.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .media6degrees.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .media6degrees.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .media6degrees.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .mediaplex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .mediaplex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .mediaplex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .mid.mediatoon.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .msnportal.112.2o7.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .naiadsystems.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .nextstat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .nextstat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .nextstat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .nobsxxxhost.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .partypoker.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .partypoker.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .popcapgames.122.2o7.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .pornaccess.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .pornhub.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .pornotube.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .publishers.w00tmedia.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .questionmarket.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .realmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .revsci.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .rm.piximedia.fr [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .rogersmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .roiservice.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .rts.pgmediaserve.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .server.cpmstar.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .server.iad.liveperson.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .server.lon.liveperson.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .server.lon.liveperson.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .sexbot.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .sexintheuk.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .sexintheuk.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .sexintheuk.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .smartadserver.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .smartadserver.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .smartadserver.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .socialmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .socialmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .stat.onestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .stat.onestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .statcounter.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .statcounter.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .statcounter.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .static.freewebs.getclicky.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .stats.tda.gov.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .stats.webs.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .stats.webs.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .statse.webtrendslive.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tacoda.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tacoda.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tacoda.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .test.coremetrics.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .track.omguk.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .track.webtrekk.de [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tracking.summitmedia.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tradedoubler.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tradedoubler.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tradedoubler.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tradedoubler.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tradedoubler.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .trafficrevenue.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tribalfusion.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tribalfusion.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tribalfusion.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tribalfusion.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tribalfusion.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tripod.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tripod.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tsleducation.112.2o7.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .versiontracker.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .versiontracker.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .web-stat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .web-stat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .webstats.wthosting.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .winzip.122.2o7.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.3pintracking.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.addfreestats.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.babecamsex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.babecamsex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.barclaysbankaccountapply.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.barclaysbankaccountapply.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.barclaysbankaccountapply.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.findanewhome.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.grapeshot-media.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.latestdiscountvouchers.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.stats.tso.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.versiontracker.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.xxxblackbook.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.youraccount.orange.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.youraccount.orange.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www6.addfreestats.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www8.addfreestats.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .xiti.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .xm.xtendmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .xxxblackbook.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .xxxblackbook.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .xxxblackbook.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         *Blocked Russian URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .yieldmanager.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .youporn.videobox.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .youporn.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .youporn.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .youporn.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .youporn.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .zedo.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .zedo.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         ad.youporn.videobox.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         ad.yieldmanager.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         ad.yieldmanager.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         ad.yieldmanager.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         ad.yieldmanager.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         ad.yieldmanager.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         www.babecamsex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tradedoubler.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         ads.youporn.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         www.adultwork.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .adultwork.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .adultwork.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         www.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .adviva.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         cdn5.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         cdn5.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         api.firestormmedia.tv [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         api.firestormmedia.tv [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .lollybadcock.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .lollybadcock.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.lollybadcock.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .www.lollybadcock.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         www.lollybadcock.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         statse.webtrendslive.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .adviva.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .advertising.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .advertising.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         advancedsearch.virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         advancedsearch.virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         tracking.dc-storm.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         server.lon.liveperson.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         eas.apm.emediate.eu [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .advertising.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .advertising.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .advertising.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .adserver.adtechus.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .videoegg.adbureau.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .adbrite.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .adtech.de [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .weborama.fr [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .ru4.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .ru4.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .advertising.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         adserve.podaddies.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .adxpose.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .web-stat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .atdmt.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .questionmarket.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .matalan.122.2o7.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .revsci.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         www.youraccount.orange.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .revsci.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .web-stat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .web-stat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .web-stat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .kantarmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .revsci.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .revsci.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .eyewonder.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tribalfusion.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .atdmt.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         rts.pgmediaserve.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         rts.pgmediaserve.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         rts.pgmediaserve.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .advertise.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .webpornsex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .webpornsex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .webpornsex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tacoda.at.atwola.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .tacoda.at.atwola.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .at.atwola.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         .247realmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         n-traffic.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
         delivery.staging.trafficjunky.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]

      Disabled.FolderOption
         HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED\FOLDER\HIDDEN\SHOWALL#CHECKEDVALUE

      Trojan.Unknown Origin
         C:\WINDOWS\SYSTEM32\0163E.TMP
         C:\WINDOWS\SYSTEM32\018F.TMP
         C:\WINDOWS\SYSTEM32\05F1F.TMP
         C:\WINDOWS\SYSTEM32\06D3.TMP
         C:\WINDOWS\SYSTEM32\07CFB.TMP
         C:\WINDOWS\SYSTEM32\07D49.TMP
         C:\WINDOWS\SYSTEM32\080D2.TMP
         C:\WINDOWS\SYSTEM32\081EB.TMP
         C:\WINDOWS\SYSTEM32\083CF.TMP
         C:\WINDOWS\SYSTEM32\084F7.TMP
         C:\WINDOWS\SYSTEM32\085B2.TMP
         C:\WINDOWS\SYSTEM32\085F1.TMP
         C:\WINDOWS\SYSTEM32\0861F.TMP
         C:\WINDOWS\SYSTEM32\0862F.TMP
         C:\WINDOWS\SYSTEM32\0863F.TMP
         C:\WINDOWS\SYSTEM32\0865E.TMP
         C:\WINDOWS\SYSTEM32\0867D.TMP
         C:\WINDOWS\SYSTEM32\0868D.TMP
         C:\WINDOWS\SYSTEM32\086AC.TMP
         C:\WINDOWS\SYSTEM32\086CB.TMP
         C:\WINDOWS\SYSTEM32\086DB.TMP
         C:\WINDOWS\SYSTEM32\087C5.TMP
         C:\WINDOWS\SYSTEM32\087F3.TMP
         C:\WINDOWS\SYSTEM32\0888F.TMP
         C:\WINDOWS\SYSTEM32\088AF.TMP
         C:\WINDOWS\SYSTEM32\088B0.TMP
         C:\WINDOWS\SYSTEM32\088BE.TMP
         C:\WINDOWS\SYSTEM32\088ED.TMP
         C:\WINDOWS\SYSTEM32\0890C.TMP
         C:\WINDOWS\SYSTEM32\0896A.TMP
         C:\WINDOWS\SYSTEM32\0899A.TMP
         C:\WINDOWS\SYSTEM32\089A8.TMP
         C:\WINDOWS\SYSTEM32\089A9.TMP
         C:\WINDOWS\SYSTEM32\089B8.TMP
         C:\WINDOWS\SYSTEM32\089E7.TMP
         C:\WINDOWS\SYSTEM32\089F6.TMP
         C:\WINDOWS\SYSTEM32\08A15.TMP
         C:\WINDOWS\SYSTEM32\08A44.TMP
         C:\WINDOWS\SYSTEM32\08A92.TMP
         C:\WINDOWS\SYSTEM32\08A93.TMP
         C:\WINDOWS\SYSTEM32\08AB1.TMP
         C:\WINDOWS\SYSTEM32\08AD1.TMP
         C:\WINDOWS\SYSTEM32\08AF0.TMP
         C:\WINDOWS\SYSTEM32\08AF1.TMP
         C:\WINDOWS\SYSTEM32\08AFF.TMP
         C:\WINDOWS\SYSTEM32\08B1F.TMP
         C:\WINDOWS\SYSTEM32\08B2E.TMP
         C:\WINDOWS\SYSTEM32\08B3E.TMP
         C:\WINDOWS\SYSTEM32\08B8C.TMP
         C:\WINDOWS\SYSTEM32\08BAB.TMP
         C:\WINDOWS\SYSTEM32\08BBB.TMP
         C:\WINDOWS\SYSTEM32\08BBC.TMP
         C:\WINDOWS\SYSTEM32\08BCA.TMP
         C:\WINDOWS\SYSTEM32\08BE9.TMP
         C:\WINDOWS\SYSTEM32\08BF9.TMP
         C:\WINDOWS\SYSTEM32\08C18.TMP
         C:\WINDOWS\SYSTEM32\08C66.TMP
         C:\WINDOWS\SYSTEM32\08C67.TMP
         C:\WINDOWS\SYSTEM32\08C95.TMP
         C:\WINDOWS\SYSTEM32\08C96.TMP
         C:\WINDOWS\SYSTEM32\08CA5.TMP
         C:\WINDOWS\SYSTEM32\08CA6.TMP
         C:\WINDOWS\SYSTEM32\08CD3.TMP
         C:\WINDOWS\SYSTEM32\08D02.TMP
         C:\WINDOWS\SYSTEM32\08D21.TMP
         C:\WINDOWS\SYSTEM32\08D41.TMP
         C:\WINDOWS\SYSTEM32\08D60.TMP
         C:\WINDOWS\SYSTEM32\08D6F.TMP
         C:\WINDOWS\SYSTEM32\08D7F.TMP
         C:\WINDOWS\SYSTEM32\08D9E.TMP
         C:\WINDOWS\SYSTEM32\08DBD.TMP
         C:\WINDOWS\SYSTEM32\08DBE.TMP
         C:\WINDOWS\SYSTEM32\08E0B.TMP
         C:\WINDOWS\SYSTEM32\08E1B.TMP
         C:\WINDOWS\SYSTEM32\08E2B.TMP
         C:\WINDOWS\SYSTEM32\08E2C.TMP
         C:\WINDOWS\SYSTEM32\08E3A.TMP
         C:\WINDOWS\SYSTEM32\08E59.TMP
         C:\WINDOWS\SYSTEM32\08E5A.TMP
         C:\WINDOWS\SYSTEM32\08E69.TMP
         C:\WINDOWS\SYSTEM32\08E88.TMP
         C:\WINDOWS\SYSTEM32\08EB7.TMP
         C:\WINDOWS\SYSTEM32\08EE6.TMP
         C:\WINDOWS\SYSTEM32\08EF5.TMP
         C:\WINDOWS\SYSTEM32\08F15.TMP
         C:\WINDOWS\SYSTEM32\08F24.TMP
         C:\WINDOWS\SYSTEM32\08F43.TMP
         C:\WINDOWS\SYSTEM32\08F63.TMP
         C:\WINDOWS\SYSTEM32\08F72.TMP
         C:\WINDOWS\SYSTEM32\08F91.TMP
         C:\WINDOWS\SYSTEM32\08F92.TMP
         C:\WINDOWS\SYSTEM32\08FA1.TMP
         C:\WINDOWS\SYSTEM32\08FB1.TMP
         C:\WINDOWS\SYSTEM32\08FDF.TMP
         C:\WINDOWS\SYSTEM32\08FEF.TMP
         C:\WINDOWS\SYSTEM32\08FF0.TMP
         C:\WINDOWS\SYSTEM32\0900E.TMP
         C:\WINDOWS\SYSTEM32\0905C.TMP
         C:\WINDOWS\SYSTEM32\0909B.TMP
         C:\WINDOWS\SYSTEM32\0909C.TMP
         C:\WINDOWS\SYSTEM32\090D9.TMP
         C:\WINDOWS\SYSTEM32\090E9.TMP
         C:\WINDOWS\SYSTEM32\091E2.TMP
         C:\WINDOWS\SYSTEM32\0924F.TMP
         C:\WINDOWS\SYSTEM32\0926F.TMP
         C:\WINDOWS\SYSTEM32\092AD.TMP
         C:\WINDOWS\SYSTEM32\092EB.TMP
         C:\WINDOWS\SYSTEM32\092EC.TMP
         C:\WINDOWS\SYSTEM32\092FB.TMP
         C:\WINDOWS\SYSTEM32\0932A.TMP
         C:\WINDOWS\SYSTEM32\0933A.TMP
         C:\WINDOWS\SYSTEM32\0935A.TMP
         C:\WINDOWS\SYSTEM32\093D5.TMP
         C:\WINDOWS\SYSTEM32\094B0.TMP
         C:\WINDOWS\SYSTEM32\094BF.TMP
         C:\WINDOWS\SYSTEM32\0951D.TMP
         C:\WINDOWS\SYSTEM32\0955B.TMP
         C:\WINDOWS\SYSTEM32\0956B.TMP
         C:\WINDOWS\SYSTEM32\0957B.TMP
         C:\WINDOWS\SYSTEM32\0959A.TMP
         C:\WINDOWS\SYSTEM32\095A9.TMP
         C:\WINDOWS\SYSTEM32\095B9.TMP
         C:\WINDOWS\SYSTEM32\095C9.TMP
         C:\WINDOWS\SYSTEM32\095F7.TMP
         C:\WINDOWS\SYSTEM32\096D2.TMP
         C:\WINDOWS\SYSTEM32\096D3.TMP
         C:\WINDOWS\SYSTEM32\0972F.TMP
         C:\WINDOWS\SYSTEM32\0975E.TMP
         C:\WINDOWS\SYSTEM32\0978D.TMP
         C:\WINDOWS\SYSTEM32\097BC.TMP
         C:\WINDOWS\SYSTEM32\097CB.TMP
         C:\WINDOWS\SYSTEM32\098B5.TMP
         C:\WINDOWS\SYSTEM32\098D5.TMP
         C:\WINDOWS\SYSTEM32\0999F.TMP
         C:\WINDOWS\SYSTEM32\099AF.TMP
         C:\WINDOWS\SYSTEM32\09A3B.TMP
         C:\WINDOWS\SYSTEM32\09A3C.TMP
         C:\WINDOWS\SYSTEM32\09A7A.TMP
         C:\WINDOWS\SYSTEM32\09A99.TMP
         C:\WINDOWS\SYSTEM32\09AB8.TMP
         C:\WINDOWS\SYSTEM32\09B93.TMP
         C:\WINDOWS\SYSTEM32\09BF0.TMP
         C:\WINDOWS\SYSTEM32\09C4E.TMP
         C:\WINDOWS\SYSTEM32\09CDA.TMP
         C:\WINDOWS\SYSTEM32\09E7F.TMP
         C:\WINDOWS\SYSTEM32\09E9F.TMP
         C:\WINDOWS\SYSTEM32\09F0C.TMP
         C:\WINDOWS\SYSTEM32\09F98.TMP
         C:\WINDOWS\SYSTEM32\09FF6.TMP
         C:\WINDOWS\SYSTEM32\0A034.TMP
         C:\WINDOWS\SYSTEM32\0A0A1.TMP
         C:\WINDOWS\SYSTEM32\0A17C.TMP
         C:\WINDOWS\SYSTEM32\0A17D.TMP
         C:\WINDOWS\SYSTEM32\0A256.TMP
         C:\WINDOWS\SYSTEM32\0A35F.TMP
         C:\WINDOWS\SYSTEM32\0A9B6.TMP
         C:\WINDOWS\SYSTEM32\0AFBE.TMP
         C:\WINDOWS\SYSTEM32\0C4E3.TMP
         C:\WINDOWS\SYSTEM32\0F6EB.TMP

      Trojan.Agent/Gen-NumTemp
         C:\WINDOWS\SYSTEM32\08075.TMP
         C:\WINDOWS\SYSTEM32\08258.TMP
         C:\WINDOWS\SYSTEM32\08304.TMP
         C:\WINDOWS\SYSTEM32\08709.TMP
         C:\WINDOWS\SYSTEM32\08757.TMP
         C:\WINDOWS\SYSTEM32\08786.TMP
         C:\WINDOWS\SYSTEM32\08841.TMP
         C:\WINDOWS\SYSTEM32\08851.TMP
         C:\WINDOWS\SYSTEM32\08870.TMP
         C:\WINDOWS\SYSTEM32\08880.TMP
         C:\WINDOWS\SYSTEM32\08890.TMP
         C:\WINDOWS\SYSTEM32\08891.TMP
         C:\WINDOWS\SYSTEM32\08999.TMP
         C:\WINDOWS\SYSTEM32\09137.TMP
         C:\WINDOWS\SYSTEM32\09138.TMP
         C:\WINDOWS\SYSTEM32\09146.TMP
         C:\WINDOWS\SYSTEM32\09165.TMP
         C:\WINDOWS\SYSTEM32\09194.TMP
         C:\WINDOWS\SYSTEM32\09221.TMP
         C:\WINDOWS\SYSTEM32\09222.TMP
         C:\WINDOWS\SYSTEM32\09240.TMP
         C:\WINDOWS\SYSTEM32\09250.TMP
         C:\WINDOWS\SYSTEM32\09251.TMP
         C:\WINDOWS\SYSTEM32\09270.TMP
         C:\WINDOWS\SYSTEM32\09339.TMP
         C:\WINDOWS\SYSTEM32\09359.TMP
         C:\WINDOWS\SYSTEM32\09368.TMP
         C:\WINDOWS\SYSTEM32\09369.TMP
         C:\WINDOWS\SYSTEM32\09378.TMP
         C:\WINDOWS\SYSTEM32\09404.TMP
         C:\WINDOWS\SYSTEM32\09443.TMP
         C:\WINDOWS\SYSTEM32\09471.TMP
         C:\WINDOWS\SYSTEM32\09481.TMP
         C:\WINDOWS\SYSTEM32\09491.TMP
         C:\WINDOWS\SYSTEM32\09607.TMP
         C:\WINDOWS\SYSTEM32\09617.TMP
         C:\WINDOWS\SYSTEM32\09645.TMP
         C:\WINDOWS\SYSTEM32\09655.TMP
         C:\WINDOWS\SYSTEM32\09656.TMP
         C:\WINDOWS\SYSTEM32\09665.TMP
         C:\WINDOWS\SYSTEM32\09684.TMP
         C:\WINDOWS\SYSTEM32\09685.TMP
         C:\WINDOWS\SYSTEM32\09858.TMP
         C:\WINDOWS\SYSTEM32\09867.TMP
         C:\WINDOWS\SYSTEM32\09896.TMP
         C:\WINDOWS\SYSTEM32\09971.TMP
         C:\WINDOWS\SYSTEM32\09972.TMP


      next scan will be posted asap

      carlosgee

        Topic Starter


        Rookie

        • Experience: Beginner
        • OS: Unknown
        Re: Virus preventing internet access
        « Reply #4 on: January 22, 2011, 10:04:49 AM »
        This is the result of malwarebytes

        Malwarebytes' Anti-Malware 1.50.1.1100
        www.malwarebytes.org

        Database version: 5363

        Windows 6.0.6001 Service Pack 1
        Internet Explorer 7.0.6001.18000

        22/01/2011 17:03:12
        mbam-log-2011-01-22 (17-03-12).txt

        Scan type: Full scan (C:\|D:\|)
        Objects scanned: 436526
        Time elapsed: 1 hour(s), 51 minute(s), 30 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 1
        Registry Values Infected: 0
        Registry Data Items Infected: 0
        Folders Infected: 0
        Files Infected: 14

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\khnkqhnpc (Worm.Conficker) -> Quarantined and deleted successfully.

        Registry Values Infected:
        (No malicious items detected)

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        (No malicious items detected)

        Files Infected:
        c:\Windows\System32\09444.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
        c:\Users\Angela\Desktop\downloads\windows xp new\windows xp home sp2 [oem edition]\windows xp home sp2 [oem edition]\windows xp home sp2 [oem edition]\CRACK\WPA Kill.exe (Hacktool.Wpakill) -> Quarantined and deleted successfully.
        c:\Windows\System32\07D3A.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
        c:\Windows\System32\084F8.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
        c:\Windows\System32\08ED6.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
        c:\Windows\System32\kpnvab.dll (Worm.Conficker) -> Delete on reboot.
        c:\Windows\System32\08E6A.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
        c:\Windows\System32\0AB0D.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
        c:\Windows\System32\0476B.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
        c:\Windows\System32\06798.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
        c:\Windows\System32\0690E.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
        c:\Windows\System32\073C8.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
        c:\Windows\System32\07972.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
        c:\Windows\System32\0816E.tmp (Worm.Conficker) -> Quarantined and deleted successfully.

        SuperDave

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Virus preventing internet access
        « Reply #5 on: January 22, 2011, 12:24:09 PM »
        Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

        link # 1
        Link # 2

        Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

        Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

        Right-click combofix.exe and select Run as Administrator and follow the prompts.
        When finished, ComboFix will produce a log for you.
        Post the ComboFix log and a new HijackThis log in your next reply.

        NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

        Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
        Windows 8 and Windows 10 dual boot with two SSD's

        carlosgee

          Topic Starter


          Rookie

          • Experience: Beginner
          • OS: Unknown
          Re: Virus preventing internet access
          « Reply #6 on: January 23, 2011, 04:58:23 AM »
          This is the result of combofix, it did say norton is running but i tried to uninstall as dont use that anymore and said invalid path,

          combofix.txt say:

          ComboFix 11-01-22.03 - Angela 23/01/2011  11:29:38.1.2 - x86
          Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.44.1033.18.2814.1931 [GMT 0:00]
          Running from: c:\users\Angela\Desktop\ComboFix.exe
          AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
          FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
          SP: Norton Internet Security *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
          SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
          .

          (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          c:\windows\system32\twunk_32.exe

          .
          (((((((((((((((((((((((((   Files Created from 2010-12-23 to 2011-01-23  )))))))))))))))))))))))))))))))
          .

          2011-01-23 11:53 . 2011-01-23 11:53   --------   d-----w-   c:\users\Default\AppData\Local\temp
          2011-01-22 15:10 . 2010-12-20 18:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
          2011-01-22 15:10 . 2011-01-22 15:10   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
          2011-01-22 15:10 . 2010-12-20 18:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
          2011-01-22 15:09 . 2011-01-22 15:09   --------   d-----w-   c:\users\Angela\AppData\Roaming\Malwarebytes
          2011-01-22 15:09 . 2011-01-22 15:09   --------   d-----w-   c:\programdata\Malwarebytes
          2011-01-22 11:59 . 2011-01-22 11:59   --------   d-----w-   c:\users\Angela\AppData\Roaming\SUPERAntiSpyware.com
          2011-01-22 11:59 . 2011-01-22 11:59   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
          2011-01-22 11:58 . 2011-01-22 11:59   --------   d-----w-   c:\program files\SUPERAntiSpyware
          2011-01-09 16:52 . 2011-01-16 16:40   --------   d-----w-   c:\program files\PC Tools Security
          2011-01-09 16:52 . 2011-01-16 16:40   --------   d-----w-   c:\program files\Common Files\PC Tools
          2011-01-09 16:52 . 2011-01-09 16:52   --------   d-----w-   c:\users\Angela\AppData\Roaming\PC Tools
          2011-01-09 16:49 . 2011-01-09 16:53   --------   d-----w-   c:\programdata\PC Tools
          2010-12-30 10:05 . 2010-12-30 10:05   --------   d-----w-   c:\users\Angela\AppData\Local\Sunbelt Software
          2010-12-30 10:04 . 2010-12-30 10:04   --------   dc-h--w-   c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
          2010-12-30 10:03 . 2010-12-30 10:06   --------   d-----w-   c:\programdata\Lavasoft
          2010-12-30 10:03 . 2010-12-30 10:03   --------   d-----w-   c:\program files\Lavasoft
          2010-12-26 16:22 . 2010-12-26 16:22   --------   d-----w-   c:\programdata\Alwil Software
          2010-12-26 16:22 . 2010-12-26 16:22   --------   d-----w-   c:\program files\Alwil Software
          2010-12-26 16:12 . 2010-12-26 16:19   --------   d-----w-   c:\programdata\MFAData

          .
          ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .

          (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
          2010-09-28 21:44   1400712   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
          "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

          [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
          [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
          [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
          [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
          "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

          [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
          [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
          [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
          [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
          "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
          "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
          "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
          "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
          "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
          "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
          "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
          "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
          "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
          "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
          "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
          "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-07 149280]
          "YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
          "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
          "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
          "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
          "YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe" [2010-01-25 136488]
          "YouCam Tray"="c:\program files\CyberLink\YouCam\YouCam.exe" [2010-01-25 224352]
          "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
          "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

          c:\users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
          OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
          SAM.lnk - c:\program files\SAM\SAM.exe [N/A]

          c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
          Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-2-9 295606]
          Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
          WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
          "EnableLUA"= 0 (0x0)
          "EnableUIADesktopToggle"= 0 (0x0)
          "HideFastUserSwitching"= 0 (0x0)

          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
          "aux"=wdmaud.drv

          [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
          @="Driver"

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
          "DisableMonitoring"=dword:00000001

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
          "DisableMonitoring"=dword:00000001

          [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
          "DisableMonitoring"=dword:00000001

          R2 gupdate1c98f741269b95d;Google Update Service (gupdate1c98f741269b95d);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
          R2 pfkip;Driver Security;c:\windows\system32\svchost.exe [2008-01-21 21504]
          R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
          R3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
          S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090310.005\IDSvix86.sys [2009-01-02 270384]
          S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
          S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
          S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
          S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
          S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
          S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
          S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-01-25 27504]
          S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
          S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
          S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]


          --- Other Services/Drivers In Memory ---

          *NewlyCreated* - COMHOST

          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
          ezSharedSvc
          pfkip

          [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
          2008-02-26 22:06   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
          .
          Contents of the 'Scheduled Tasks' folder

          2011-01-23 c:\windows\Tasks\Google Software Updater.job
          - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-15 18:59]

          2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
          - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 13:48]

          2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
          - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 13:48]

          2010-10-18 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Angela.job
          - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 12:05]

          2011-01-22 c:\windows\Tasks\User_Feed_Synchronization-{D88E9CC1-8948-4D37-BED4-8A5CF8D09381}.job
          - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
          .
          .
          ------- Supplementary Scan -------
          .
          uStart Page = hxxp://www.google.co.uk/
          mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
          uInternet Settings,ProxyOverride = *.local
          IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
          IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
          IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
          IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
          IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
          IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
          DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
          FF - ProfilePath - c:\users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\
          FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
          FF - prefs.js: network.proxy.type - 0
          FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
          FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
          FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
          .
          - - - - ORPHANS REMOVED - - - -

          HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
          AddRemove-SHOUTcastDSP - c:\program files\Winamp\uninst-dsp.exe



          **************************************************************************

          catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2011-01-23 11:54
          Windows 6.0.6001 Service Pack 1 NTFS

          scanning hidden processes ... 

          scanning hidden autostart entries ...

          scanning hidden files ... 

          scan completed successfully
          hidden files: 0

          **************************************************************************

          [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pfkip]
          "ServiceDll"="c:\windows\system32\kpnvab.dll"
          .
          --------------------- LOCKED REGISTRY KEYS ---------------------

          [HKEY_USERS\S-1-5-21-3156348021-291964185-1888875797-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{531017BD-D58A-8826-66CF-4F9FAFCB6877}*]
          "haaimgoaahnadfbg"=hex:6a,61,67,69,69,70,6a,64,65,62,64,70,66,69,6b,70,6b,6c,
             6a,69,00,00
          "iaggknbmpegidafmfo"=hex:63,61,6a,69,69,70,00,7f
          "iachcldkkadgfnbfbg"=hex:6a,61,67,69,69,70,6a,64,65,62,64,70,66,69,6b,70,6b,6c,
             6a,69,00,00
          "dbngjjoehhlendlncehdjiohjjhdmenaoanhbac m"=hex:68,61,66,66,6f,70,70,62,6c,6d,
             62,6a,6d,6d,67,6f,00,00
          "jbngjjoehhlendlncehdklieikldjlddneddice pmljhigpopele"=hex:68,61,66,66,6f,70,
             70,62,6c,6d,62,6a,6d,6d,67,6f,00,00
          "dbngjjoehhlendlncehdellnkbipchihnkdkflg o"=hex:62,61,61,6b,00,94

          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
          @Denied: (A 2) (Everyone)
          @="FlashBroker"
          "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
          "Enabled"=dword:00000001

          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
          @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

          [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
          @Denied: (A 2) (Everyone)
          @="IFlashBroker4"

          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
          @="{00020424-0000-0000-C000-000000000046}"

          [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
          @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
          "Version"="1.0"

          [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
          @Denied: (A) (Users)
          @Denied: (A) (Everyone)
          @Allowed: (B 1 2 3 4 5) (S-1-5-20)
          "BlindDial"=dword:00000000
          .
          Completion time: 2011-01-23  11:56:26
          ComboFix-quarantined-files.txt  2011-01-23 11:56

          Pre-Run: 63,502,815,232 bytes free
          Post-Run: 64,692,588,544 bytes free

          - - End Of File - - 667319A75384194D68211D5F886F69CE

          carlosgee

            Topic Starter


            Rookie

            • Experience: Beginner
            • OS: Unknown
            Re: Virus preventing internet access
            « Reply #7 on: January 23, 2011, 12:34:09 PM »
            HijackThis log is as follows:

            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 19:32:29, on 23/01/2011
            Platform: Windows Vista SP1 (WinNT 6.00.1905)
            MSIE: Internet Explorer v7.00 (7.00.6001.18444)
            Boot mode: Normal

            Running processes:
            C:\Windows\system32\Dwm.exe
            C:\Windows\Explorer.EXE
            C:\Windows\system32\taskeng.exe
            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            C:\Program Files\HP\QuickPlay\QPService.exe
            C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
            c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
            C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
            C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
            C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
            C:\Program Files\Java\jre6\bin\jusched.exe
            C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
            C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
            C:\Program Files\CyberLink\YouCam\YCMMirage.exe
            C:\Program Files\CyberLink\YouCam\YouCam.exe
            C:\Program Files\iTunes\iTunesHelper.exe
            C:\Program Files\Windows Sidebar\sidebar.exe
            C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
            C:\Program Files\Windows Media Player\wmpnscfg.exe
            C:\Program Files\Windows Live\Messenger\msnmsgr.exe
            C:\Windows\ehome\ehtray.exe
            C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
            C:\Program Files\WinZip\WZQKPICK.EXE
            C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
            C:\Windows\ehome\ehmsas.exe
            C:\Windows\system32\wbem\unsecapp.exe
            C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
            C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
            C:\Windows\system32\SearchFilterHost.exe
            C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
            R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
            R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
            R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
            R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
            O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
            O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
            O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
            O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
            O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
            O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
            O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
            O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
            O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
            O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
            O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
            O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
            O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
            O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
            O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
            O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
            O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
            O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
            O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
            O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
            O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
            O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
            O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
            O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
            O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
            O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
            O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
            O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
            O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
            O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
            O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files\CyberLink\YouCam\YCMMirage.exe"
            O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files\CyberLink\YouCam\YouCam.exe" /s
            O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
            O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
            O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
            O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
            O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
            O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
            O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
            O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
            O4 - Startup: SAM.lnk = C:\Program Files\SAM\SAM.exe
            O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
            O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
            O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
            O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
            O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
            O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
            O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
            O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
            O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
            O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
            O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
            O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
            O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
            O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
            O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
            O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
            O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
            O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
            O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
            O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
            O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
            O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
            O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
            O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
            O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
            O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
            O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
            O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
            O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
            O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
            O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
            O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
            O23 - Service: Google Update Service (gupdate1c98f741269b95d) (gupdate1c98f741269b95d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
            O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
            O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
            O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
            O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
            O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
            O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
            O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
            O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
            O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
            O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
            O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
            O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
            O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

            --
            End of file - 14363 bytes

            SuperDave

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Virus preventing internet access
            « Reply #8 on: January 23, 2011, 12:51:22 PM »
            Quote
            it did say norton is running but i tried to uninstall as dont use that anymore and said invalid path,
            Hi Angela. If you don't use it anymore, you evidently don't have any AV on your computer. Please select a free AV program from the list below, download and install it then use this tool to remove Norton.
            Norton/Symantec Removal Tool - Norton Removal Tool
            *********************************************

            Remember to only install one antivirus!
             I prefer MicroSoft Security Essentials because of its high efficiency, no hassles and not a resource hog.

            1) Avast! Home Edition
            2) AVG Free Edition
            3) Avira AntiVir Personal
            4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
            4-a) Microsoft Security Essentials for Windows XP
            5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
            6) PC Tools AntiVirus Free Edition

            It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
            **********************************************
            I strongly recommend that you remove Ask from your computer because it;

            •Promotes its toolbars on sites targeted to kids.

            •Promotes its toolbars through ads that appear to be part of other companies' sites.

            •Promotes its toolbars through other companies' spyware.

            •Installs without any disclosure whatsoever and without any consent whatsoever.

            •Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

            •Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

            See Here for more info.

            If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

            AskBarDis or anything related to Ask

            Then please find and delete this folder in bold (if present):
            C:\Program Files\AskBarDis. or anything related to Ask.
            *****************************************************
            Re-running ComboFix to remove infections:

            • Close any open browsers.
            • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
            • Open notepad and copy/paste the text in the quotebox below into it:
              Quote
              KillAll::
              RegLockDel::
              [HKEY_USERS\S-1-5-21-3156348021-291964185-1888875797-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{531017BD-D58A-8826-66CF-4F9FAFCB6877}*]
              "haaimgoaahnadfbg"=hex:6a,61,67,69,69,70,6a,64,65,62,64,70,66,69,6b,70,6b,6c,
                 6a,69,00,00
              "iaggknbmpegidafmfo"=hex:63,61,6a,69,69,70,00,7f
              "iachcldkkadgfnbfbg"=hex:6a,61,67,69,69,70,6a,64,65,62,64,70,66,69,6b,70,6b,6c,
                 6a,69,00,00
              "dbngjjoehhlendlncehdjiohjjhdmenaoanhbac m"=hex:68,61,66,66,6f,70,70,62,6c,6d,
                 62,6a,6d,6d,67,6f,00,00
              "jbngjjoehhlendlncehdklieikldjlddneddice pmljhigpopele"=hex:68,61,66,66,6f,70,
                 70,62,6c,6d,62,6a,6d,6d,67,6f,00,00
              "dbngjjoehhlendlncehdellnkbipchihnkdkflg o"=hex:62,61,61,6b,00,94

              MBR::

            • Save this as CFScript.txt, in the same location as ComboFix.exe



            • Referring to the picture above, drag CFScript into ComboFix.exe
            • When finished, it shall produce a log for you at C:\ComboFix.txt
            • Please post the contents of the log in your next reply.
            *************************************************
            SysProt Antirootkit

            Download
            SysProt Antirootkit from the link below (you will find it at the bottom
            of the page under attachments, or you can get it from one of the
            mirrors).

            http://sites.google.com/site/sysprotantirootkit/

            Unzip it into a folder on your desktop.
            • Double click Sysprot.exe to start the program.
            • Click on the Log tab.
            • In the Write to log box select the following items.
              • Process << Selected
              • Kernel Modules << Selected
              • SSDT << Selected
              • Kernel Hooks << Selected
              • IRP Hooks << NOT Selected
              • Ports << NOT Selected
              • Hidden Files << Selected
            • At the bottom of the page
              • Hidden Objects Only << Selected
            • Click on the Create Log button on the bottom right.
            • After a few seconds a new window should appear.
            • Select Scan Root Drive. Click on the Start button.
            • When it is complete a new window will appear to indicate that the scan is finished.
            • The

            log will be saved automatically in the same folder Sysprot.exe was
            extracted to. Open the text file and copy/paste the log here.
            [/list].
            Windows 8 and Windows 10 dual boot with two SSD's

            carlosgee

              Topic Starter


              Rookie

              • Experience: Beginner
              • OS: Unknown
              Re: Virus preventing internet access
              « Reply #9 on: January 31, 2011, 03:03:59 AM »
              Result of Combofix.txt

              ComboFix 11-01-30.02 - Angela 31/01/2011   9:36.2.2 - x86
              Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.44.1033.18.2814.1778 [GMT 0:00]
              Running from: c:\users\Angela\Desktop\ComboFix.exe
              Command switches used :: F:\CFScript.txt
              SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              .

              (((((((((((((((((((((((((   Files Created from 2010-12-28 to 2011-01-31  )))))))))))))))))))))))))))))))
              .

              2011-01-31 09:45 . 2011-01-31 09:45   --------   d-----w-   c:\users\Default\AppData\Local\temp
              2011-01-23 19:31 . 2011-01-23 19:31   --------   d-----w-   c:\program files\Trend Micro
              2011-01-22 15:10 . 2010-12-20 18:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
              2011-01-22 15:10 . 2011-01-22 15:10   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
              2011-01-22 15:10 . 2010-12-20 18:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
              2011-01-22 15:09 . 2011-01-22 15:09   --------   d-----w-   c:\users\Angela\AppData\Roaming\Malwarebytes
              2011-01-22 15:09 . 2011-01-22 15:09   --------   d-----w-   c:\programdata\Malwarebytes
              2011-01-22 11:59 . 2011-01-22 11:59   --------   d-----w-   c:\users\Angela\AppData\Roaming\SUPERAntiSpyware.com
              2011-01-22 11:59 . 2011-01-22 11:59   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
              2011-01-22 11:58 . 2011-01-22 11:59   --------   d-----w-   c:\program files\SUPERAntiSpyware
              2011-01-09 16:52 . 2011-01-16 16:40   --------   d-----w-   c:\program files\PC Tools Security
              2011-01-09 16:52 . 2011-01-16 16:40   --------   d-----w-   c:\program files\Common Files\PC Tools
              2011-01-09 16:52 . 2011-01-09 16:52   --------   d-----w-   c:\users\Angela\AppData\Roaming\PC Tools
              2011-01-09 16:49 . 2011-01-09 16:53   --------   d-----w-   c:\programdata\PC Tools

              .
              ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .

              (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Note* empty entries & legit default entries are not shown
              REGEDIT4

              [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
              2010-09-28 21:44   1400712   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
              "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

              [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
              [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
              [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
              [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

              [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
              "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

              [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
              [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
              [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
              [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
              "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
              "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
              "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
              "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
              "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
              "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
              "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
              "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
              "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
              "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
              "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-07 149280]
              "YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
              "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
              "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
              "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
              "YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe" [2010-01-25 136488]
              "YouCam Tray"="c:\program files\CyberLink\YouCam\YouCam.exe" [2010-01-25 224352]
              "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
              "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

              c:\users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
              OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
              SAM.lnk - c:\program files\SAM\SAM.exe [N/A]

              c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
              Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-2-9 295606]
              Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
              WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
              "EnableLUA"= 0 (0x0)
              "EnableUIADesktopToggle"= 0 (0x0)
              "HideFastUserSwitching"= 0 (0x0)

              [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
              "aux"=wdmaud.drv

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
              @="Driver"

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
              "DisableMonitoring"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
              "DisableMonitoring"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
              "DisableMonitoring"=dword:00000001

              R2 gupdate1c98f741269b95d;Google Update Service (gupdate1c98f741269b95d);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
              R2 pfkip;Driver Security;c:\windows\system32\svchost.exe [2008-01-21 21504]
              S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
              S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
              S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
              S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
              S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
              S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-01-25 27504]
              S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
              S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
              S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]


              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
              ezSharedSvc
              pfkip

              [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
              2008-02-26 22:06   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
              .
              Contents of the 'Scheduled Tasks' folder

              2011-01-31 c:\windows\Tasks\Google Software Updater.job
              - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-15 18:59]

              2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
              - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 13:48]

              2011-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
              - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 13:48]

              2011-01-31 c:\windows\Tasks\User_Feed_Synchronization-{D88E9CC1-8948-4D37-BED4-8A5CF8D09381}.job
              - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
              .
              .
              ------- Supplementary Scan -------
              .
              uStart Page = hxxp://www.google.co.uk/
              mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
              uInternet Settings,ProxyOverride = *.local
              IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
              IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
              IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
              IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
              IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
              IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
              IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
              IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
              IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
              IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
              DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
              FF - ProfilePath - c:\users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\
              FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
              FF - prefs.js: network.proxy.type - 0
              FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
              FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
              FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
              .

              **************************************************************************

              catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2011-01-31 09:45
              Windows 6.0.6001 Service Pack 1 NTFS

              scanning hidden processes ... 

              scanning hidden autostart entries ...

              scanning hidden files ... 

              scan completed successfully
              hidden files: 0

              **************************************************************************

              [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pfkip]
              "ServiceDll"="c:\windows\system32\kpnvab.dll"
              .
              --------------------- LOCKED REGISTRY KEYS ---------------------

              [HKEY_USERS\S-1-5-21-3156348021-291964185-1888875797-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{531017BD-D58A-8826-66CF-4F9FAFCB6877}*]
              "haaimgoaahnadfbg"=hex:6a,61,67,69,69,70,6a,64,65,62,64,70,66,69,6b,70,6b,6c,
                 6a,69,00,00
              "iaggknbmpegidafmfo"=hex:63,61,6a,69,69,70,00,7f
              "iachcldkkadgfnbfbg"=hex:6a,61,67,69,69,70,6a,64,65,62,64,70,66,69,6b,70,6b,6c,
                 6a,69,00,00
              "dbngjjoehhlendlncehdjiohjjhdmenaoanhbac m"=hex:68,61,66,66,6f,70,70,62,6c,6d,
                 62,6a,6d,6d,67,6f,00,00
              "jbngjjoehhlendlncehdklieikldjlddneddice pmljhigpopele"=hex:68,61,66,66,6f,70,
                 70,62,6c,6d,62,6a,6d,6d,67,6f,00,00
              "dbngjjoehhlendlncehdellnkbipchihnkdkflg o"=hex:62,61,61,6b,00,94

              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
              @Denied: (A 2) (Everyone)
              @="FlashBroker"
              "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
              "Enabled"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
              @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
              @Denied: (A 2) (Everyone)
              @="IFlashBroker4"

              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
              @="{00020424-0000-0000-C000-000000000046}"

              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
              "Version"="1.0"

              [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
              @Denied: (A) (Users)
              @Denied: (A) (Everyone)
              @Allowed: (B 1 2 3 4 5) (S-1-5-20)
              "BlindDial"=dword:00000000
              .
              Completion time: 2011-01-31  09:48:23
              ComboFix-quarantined-files.txt  2011-01-31 09:48
              ComboFix2.txt  2011-01-23 11:56

              Pre-Run: 64,223,965,184 bytes free
              Post-Run: 64,217,415,680 bytes free

              - - End Of File - - 702DC91084A2FD04BD788ACB6FF0B0F7


              Result of SysProt AntiRootKit

              SysProt AntiRootkit v1.0.1.0
              by swatkat

              ******************************************************************************************
              ******************************************************************************************

              No Hidden Processes found

              ******************************************************************************************
              ******************************************************************************************
              Kernel Modules:
              Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
              Service Name: ---
              Module Base: 8FF4B000
              Module End: 8FF56000
              Hidden: Yes

              Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
              Service Name: ---
              Module Base: 8FF56000
              Module End: 8FF5E000
              Hidden: Yes

              ******************************************************************************************
              ******************************************************************************************
              No SSDT Hooks found

              ******************************************************************************************
              ******************************************************************************************
              No Kernel Hooks found

              ******************************************************************************************
              ******************************************************************************************
              Hidden files/folders:
              Object: C:\Qoobox\BackEnv\AppData.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\Cache.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\Cookies.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\Desktop.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\Favorites.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\History.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\Music.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\NetHood.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\Personal.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\Pictures.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\Programs.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\Recent.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\SendTo.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\SetPath.bat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\StartUp.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\SysPath.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\Templates.folder.dat
              Status: Access denied

              Object: C:\Qoobox\BackEnv\VikPev00
              Status: Access denied

              Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
              Status: Access denied

              Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
              Status: Access denied

              Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
              Status: Access denied

              Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
              Status: Access denied


              carlosgee

                Topic Starter


                Rookie

                • Experience: Beginner
                • OS: Unknown
                Re: Virus preventing internet access
                « Reply #10 on: January 31, 2011, 03:59:43 AM »
                my internet access has now been restored, if this is now complete, i thank you so much for your help in this i would never have fixed this in a million years

                SuperDave

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Virus preventing internet access
                « Reply #11 on: January 31, 2011, 12:25:01 PM »
                Let's run another scan and, if it comes out clean, we'll do some cleanup.

                I'd like to scan your machine with ESET OnlineScan

                •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
                ESET OnlineScan
                •Click the button.
                •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                • Click on to download the ESET Smart Installer. Save it to your desktop.
                • Double click on the icon on your desktop.
                •Check
                •Click the button.
                •Accept any security warnings from your browser.
                •Check
                •Push the Start button.
                •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
                •When the scan completes, push
                •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
                •Push the button.
                •Push
                A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
                Windows 8 and Windows 10 dual boot with two SSD's