Computer Hope
Software => Computer viruses and spyware => Topic started by: carlosgee on January 17, 2011, 03:21:41 PM
-
Hi guys can you please help me, I think i have malware in my laptop running Vista. Basically my net connecton shows but coming up with unidentified network etc tried renew in dos etc, but programs that use the internet like itunes wont connect at all, can you help me please? Thanks, Carl
-
I am having a similar problem. I can connect to the internet and even perform a google search, but cannot open any pages. The error msg is 'web page not available'.
I down loaded a rar file yesterday but it requested a password to open so i deleted it. Could it have installed a virus?
Please help. Thanks!
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
Shannon123. Please do not hijack someone else's thread. Start your own and someone will help you.
Carlosgee, please run these scans. If you cannot access the internet to download these programs please follow the directions above.
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*****************************************
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
************************************************
Download DDS from HERE (http://download.bleepingcomputer.com/sUBs/dds.scr) or HERE (http://www.forospyware.com/sUBs/dds) and save it to your desktop.
Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)
* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
1) DDS.txt
2) Attach.txt
* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.
Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.
-
Thanks for the reply, this is the log for the SuperAntiSpware program:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 01/22/2011 at 03:02 PM
Application Version : 4.48.1000
Core Rules Database Version : 6247
Trace Rules Database Version: 4059
Scan type : Complete Scan
Total Scan Time : 02:59:10
Memory items scanned : 686
Memory threats detected : 0
Registry items scanned : 9126
Registry threats detected : 1
File items scanned : 282996
File threats detected : 653
Adware.Tracking Cookie
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@doubleclick[2].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@advertise[1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@babecamsex[1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@mediaplex[2].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@apmebf[1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@admarketplace[1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@revsci[1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@atdmt[1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@keygens[2].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@imrworldwide[2].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@bizzclick[1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@adtech[1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@serving-sys[1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@n-traffic[1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@virginmedia[1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@babblesex[1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\angela@warezguru[1].txt
api.firestormmedia.tv [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
atdmt.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
bc.youporn.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
broadcast.piximedia.fr [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
cdn5.specificclick.net [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
ec.atdmt.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
files.youporn.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
googleads.g.doubleclick.net [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
gw.callingbanners.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
interclick.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
m.uk.2mdn.net [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
m1.2mdn.net [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
m1.au.2mdn.net [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
m1.emea.2mdn.net [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
media.jambocast.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
media.kyte.tv [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
media.scanscout.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
media.tattomedia.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
media01.kyte.tv [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
naiadsystems.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
objects.tremormedia.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
piximedia.fr [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
s0.2mdn.net [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
serving-sys.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
spe.atdmt.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
stat.easydate.biz [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
static.youporn.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
tracking.onefeed.co.uk [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
virginmedia.a.mms.mavenapps.net [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
www.babblesex.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
www.babecamsex.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
www.lollybadcock.*adult URL* [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
www.naiadsystems.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
www.pornhub.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
www.pornotube.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
www.webpornsex.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
wwwstatic.megaporn.com [ C:\Users\Angela\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\A3YQGB2J ]
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\angela@adultwork[1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\angela@clicktorrent[1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\angela@sexstationtv[1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
C:\Users\Angela\AppData\Roaming\Microsoft\Windows\Cookies\Low\angela@youporn[1].txt
.api.firestormmedia.tv [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.api.firestormmedia.tv [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.api.firestormmedia.tv [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.azjmp.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.barclaysbankaccountapply.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.bluestreak.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.bravenet.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.bravenet.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.bravenet.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.burstnet.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.canoe.112.2o7.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.casalemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.cdn4.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.cdn4.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.cdn4.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.cdn5.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.cdn5.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.chitika.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.clicksor.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.cltomedia.info [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.cltomedia.info [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.computersexy.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.computersexy.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.counter.hitslink.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.crackdevil.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.crackserialkeygen.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.d2.advertserve.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.dc.tremormedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.dmtracker.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.e-2dj6wfl4cldpofp.stats.esomniture.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.e-2dj6wmligjazmeo.stats.esomniture.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.e.i.i.cltomedia.info [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.eas.apm.emediate.eu [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.eas.apm.emediate.eu [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.eas.apm.emediate.eu [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.ero-advertising.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.euroclick.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.eyewonder.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.fastclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.femalefirst.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.femalefirst.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.findanewhome.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.findarticles.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.findarticles.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.fls.doubleclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.fr.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.fr.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.himedia.individuad.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.i.g.i.cltomedia.info [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.imgx.latestdiscountvouchers.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.imrworldwide.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.in.getclicky.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.insightexpressai.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.int.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.int.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.interclick.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.interclick.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.interclick.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.jibjab.112.2o7.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.keygens.nl [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.kontera.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.kontera.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.kontera.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.kronos.bravenetmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.latestdiscountvouchers.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.mars.112.2o7.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.media.photobucket.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.media6degrees.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.mediaplex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.mid.mediatoon.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.msnportal.112.2o7.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.naiadsystems.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.nextstat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.nextstat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.nextstat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.nobsxxxhost.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.partypoker.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.popcapgames.122.2o7.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.pornaccess.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.pornhub.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.pornotube.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.publishers.w00tmedia.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.realmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.revsci.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.rm.piximedia.fr [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.rogersmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.roiservice.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.rts.pgmediaserve.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.server.cpmstar.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.server.iad.liveperson.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.server.lon.liveperson.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.server.lon.liveperson.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.serving-sys.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.sexbot.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.sexintheuk.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.sexintheuk.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.sexintheuk.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.smartadserver.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.socialmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.socialmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.stat.onestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.stat.onestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.static.freewebs.getclicky.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.stats.tda.gov.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.stats.webs.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.stats.webs.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.statse.webtrendslive.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tacoda.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.test.coremetrics.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.track.omguk.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.track.webtrekk.de [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tracking.summitmedia.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.trafficrevenue.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tripod.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tripod.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tsleducation.112.2o7.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.versiontracker.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.versiontracker.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.vod.sexstationtv.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.web-stat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.web-stat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.webstats.wthosting.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.winzip.122.2o7.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.3pintracking.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.addfreestats.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.babecamsex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.babecamsex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.barclaysbankaccountapply.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.barclaysbankaccountapply.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.barclaysbankaccountapply.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.findanewhome.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.grapeshot-media.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.latestdiscountvouchers.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.stats.tso.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.versiontracker.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.xxxblackbook.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.youraccount.orange.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.youraccount.orange.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www6.addfreestats.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www8.addfreestats.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.xiti.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.xm.xtendmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.xxxblackbook.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.xxxblackbook.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.xxxblackbook.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
*Blocked Russian URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.yieldmanager.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.youporn.videobox.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.youporn.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.youporn.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.youporn.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.youporn.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.zedo.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.zedo.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
ad.youporn.videobox.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
www.babecamsex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tradedoubler.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
ads.youporn.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
www.adultwork.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.adultwork.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.adultwork.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
www.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.adviva.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
cdn5.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
cdn5.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
api.firestormmedia.tv [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
api.firestormmedia.tv [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.lollybadcock.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.lollybadcock.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.lollybadcock.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.www.lollybadcock.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
www.lollybadcock.*adult URL* [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.adviva.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.advertising.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.advertising.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
advancedsearch.virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
advancedsearch.virginmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
tracking.dc-storm.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
server.lon.liveperson.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
eas.apm.emediate.eu [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.advertising.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.advertising.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.advertising.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.videoegg.adbureau.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.adbrite.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.adtech.de [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.weborama.fr [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.ru4.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.ru4.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.advertising.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
adserve.podaddies.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.specificclick.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.adxpose.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.web-stat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.questionmarket.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.matalan.122.2o7.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.revsci.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
www.youraccount.orange.co.uk [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.revsci.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.web-stat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.web-stat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.web-stat.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.kantarmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.revsci.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.revsci.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.eyewonder.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tribalfusion.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.invitemedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
rts.pgmediaserve.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.advertise.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.webpornsex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.webpornsex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.webpornsex.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.at.atwola.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
.247realmedia.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
n-traffic.com [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
delivery.staging.trafficjunky.net [ C:\Users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\cookies.sqlite ]
Disabled.FolderOption
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED\FOLDER\HIDDEN\SHOWALL#CHECKEDVALUE
Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\0163E.TMP
C:\WINDOWS\SYSTEM32\018F.TMP
C:\WINDOWS\SYSTEM32\05F1F.TMP
C:\WINDOWS\SYSTEM32\06D3.TMP
C:\WINDOWS\SYSTEM32\07CFB.TMP
C:\WINDOWS\SYSTEM32\07D49.TMP
C:\WINDOWS\SYSTEM32\080D2.TMP
C:\WINDOWS\SYSTEM32\081EB.TMP
C:\WINDOWS\SYSTEM32\083CF.TMP
C:\WINDOWS\SYSTEM32\084F7.TMP
C:\WINDOWS\SYSTEM32\085B2.TMP
C:\WINDOWS\SYSTEM32\085F1.TMP
C:\WINDOWS\SYSTEM32\0861F.TMP
C:\WINDOWS\SYSTEM32\0862F.TMP
C:\WINDOWS\SYSTEM32\0863F.TMP
C:\WINDOWS\SYSTEM32\0865E.TMP
C:\WINDOWS\SYSTEM32\0867D.TMP
C:\WINDOWS\SYSTEM32\0868D.TMP
C:\WINDOWS\SYSTEM32\086AC.TMP
C:\WINDOWS\SYSTEM32\086CB.TMP
C:\WINDOWS\SYSTEM32\086DB.TMP
C:\WINDOWS\SYSTEM32\087C5.TMP
C:\WINDOWS\SYSTEM32\087F3.TMP
C:\WINDOWS\SYSTEM32\0888F.TMP
C:\WINDOWS\SYSTEM32\088AF.TMP
C:\WINDOWS\SYSTEM32\088B0.TMP
C:\WINDOWS\SYSTEM32\088BE.TMP
C:\WINDOWS\SYSTEM32\088ED.TMP
C:\WINDOWS\SYSTEM32\0890C.TMP
C:\WINDOWS\SYSTEM32\0896A.TMP
C:\WINDOWS\SYSTEM32\0899A.TMP
C:\WINDOWS\SYSTEM32\089A8.TMP
C:\WINDOWS\SYSTEM32\089A9.TMP
C:\WINDOWS\SYSTEM32\089B8.TMP
C:\WINDOWS\SYSTEM32\089E7.TMP
C:\WINDOWS\SYSTEM32\089F6.TMP
C:\WINDOWS\SYSTEM32\08A15.TMP
C:\WINDOWS\SYSTEM32\08A44.TMP
C:\WINDOWS\SYSTEM32\08A92.TMP
C:\WINDOWS\SYSTEM32\08A93.TMP
C:\WINDOWS\SYSTEM32\08AB1.TMP
C:\WINDOWS\SYSTEM32\08AD1.TMP
C:\WINDOWS\SYSTEM32\08AF0.TMP
C:\WINDOWS\SYSTEM32\08AF1.TMP
C:\WINDOWS\SYSTEM32\08AFF.TMP
C:\WINDOWS\SYSTEM32\08B1F.TMP
C:\WINDOWS\SYSTEM32\08B2E.TMP
C:\WINDOWS\SYSTEM32\08B3E.TMP
C:\WINDOWS\SYSTEM32\08B8C.TMP
C:\WINDOWS\SYSTEM32\08BAB.TMP
C:\WINDOWS\SYSTEM32\08BBB.TMP
C:\WINDOWS\SYSTEM32\08BBC.TMP
C:\WINDOWS\SYSTEM32\08BCA.TMP
C:\WINDOWS\SYSTEM32\08BE9.TMP
C:\WINDOWS\SYSTEM32\08BF9.TMP
C:\WINDOWS\SYSTEM32\08C18.TMP
C:\WINDOWS\SYSTEM32\08C66.TMP
C:\WINDOWS\SYSTEM32\08C67.TMP
C:\WINDOWS\SYSTEM32\08C95.TMP
C:\WINDOWS\SYSTEM32\08C96.TMP
C:\WINDOWS\SYSTEM32\08CA5.TMP
C:\WINDOWS\SYSTEM32\08CA6.TMP
C:\WINDOWS\SYSTEM32\08CD3.TMP
C:\WINDOWS\SYSTEM32\08D02.TMP
C:\WINDOWS\SYSTEM32\08D21.TMP
C:\WINDOWS\SYSTEM32\08D41.TMP
C:\WINDOWS\SYSTEM32\08D60.TMP
C:\WINDOWS\SYSTEM32\08D6F.TMP
C:\WINDOWS\SYSTEM32\08D7F.TMP
C:\WINDOWS\SYSTEM32\08D9E.TMP
C:\WINDOWS\SYSTEM32\08DBD.TMP
C:\WINDOWS\SYSTEM32\08DBE.TMP
C:\WINDOWS\SYSTEM32\08E0B.TMP
C:\WINDOWS\SYSTEM32\08E1B.TMP
C:\WINDOWS\SYSTEM32\08E2B.TMP
C:\WINDOWS\SYSTEM32\08E2C.TMP
C:\WINDOWS\SYSTEM32\08E3A.TMP
C:\WINDOWS\SYSTEM32\08E59.TMP
C:\WINDOWS\SYSTEM32\08E5A.TMP
C:\WINDOWS\SYSTEM32\08E69.TMP
C:\WINDOWS\SYSTEM32\08E88.TMP
C:\WINDOWS\SYSTEM32\08EB7.TMP
C:\WINDOWS\SYSTEM32\08EE6.TMP
C:\WINDOWS\SYSTEM32\08EF5.TMP
C:\WINDOWS\SYSTEM32\08F15.TMP
C:\WINDOWS\SYSTEM32\08F24.TMP
C:\WINDOWS\SYSTEM32\08F43.TMP
C:\WINDOWS\SYSTEM32\08F63.TMP
C:\WINDOWS\SYSTEM32\08F72.TMP
C:\WINDOWS\SYSTEM32\08F91.TMP
C:\WINDOWS\SYSTEM32\08F92.TMP
C:\WINDOWS\SYSTEM32\08FA1.TMP
C:\WINDOWS\SYSTEM32\08FB1.TMP
C:\WINDOWS\SYSTEM32\08FDF.TMP
C:\WINDOWS\SYSTEM32\08FEF.TMP
C:\WINDOWS\SYSTEM32\08FF0.TMP
C:\WINDOWS\SYSTEM32\0900E.TMP
C:\WINDOWS\SYSTEM32\0905C.TMP
C:\WINDOWS\SYSTEM32\0909B.TMP
C:\WINDOWS\SYSTEM32\0909C.TMP
C:\WINDOWS\SYSTEM32\090D9.TMP
C:\WINDOWS\SYSTEM32\090E9.TMP
C:\WINDOWS\SYSTEM32\091E2.TMP
C:\WINDOWS\SYSTEM32\0924F.TMP
C:\WINDOWS\SYSTEM32\0926F.TMP
C:\WINDOWS\SYSTEM32\092AD.TMP
C:\WINDOWS\SYSTEM32\092EB.TMP
C:\WINDOWS\SYSTEM32\092EC.TMP
C:\WINDOWS\SYSTEM32\092FB.TMP
C:\WINDOWS\SYSTEM32\0932A.TMP
C:\WINDOWS\SYSTEM32\0933A.TMP
C:\WINDOWS\SYSTEM32\0935A.TMP
C:\WINDOWS\SYSTEM32\093D5.TMP
C:\WINDOWS\SYSTEM32\094B0.TMP
C:\WINDOWS\SYSTEM32\094BF.TMP
C:\WINDOWS\SYSTEM32\0951D.TMP
C:\WINDOWS\SYSTEM32\0955B.TMP
C:\WINDOWS\SYSTEM32\0956B.TMP
C:\WINDOWS\SYSTEM32\0957B.TMP
C:\WINDOWS\SYSTEM32\0959A.TMP
C:\WINDOWS\SYSTEM32\095A9.TMP
C:\WINDOWS\SYSTEM32\095B9.TMP
C:\WINDOWS\SYSTEM32\095C9.TMP
C:\WINDOWS\SYSTEM32\095F7.TMP
C:\WINDOWS\SYSTEM32\096D2.TMP
C:\WINDOWS\SYSTEM32\096D3.TMP
C:\WINDOWS\SYSTEM32\0972F.TMP
C:\WINDOWS\SYSTEM32\0975E.TMP
C:\WINDOWS\SYSTEM32\0978D.TMP
C:\WINDOWS\SYSTEM32\097BC.TMP
C:\WINDOWS\SYSTEM32\097CB.TMP
C:\WINDOWS\SYSTEM32\098B5.TMP
C:\WINDOWS\SYSTEM32\098D5.TMP
C:\WINDOWS\SYSTEM32\0999F.TMP
C:\WINDOWS\SYSTEM32\099AF.TMP
C:\WINDOWS\SYSTEM32\09A3B.TMP
C:\WINDOWS\SYSTEM32\09A3C.TMP
C:\WINDOWS\SYSTEM32\09A7A.TMP
C:\WINDOWS\SYSTEM32\09A99.TMP
C:\WINDOWS\SYSTEM32\09AB8.TMP
C:\WINDOWS\SYSTEM32\09B93.TMP
C:\WINDOWS\SYSTEM32\09BF0.TMP
C:\WINDOWS\SYSTEM32\09C4E.TMP
C:\WINDOWS\SYSTEM32\09CDA.TMP
C:\WINDOWS\SYSTEM32\09E7F.TMP
C:\WINDOWS\SYSTEM32\09E9F.TMP
C:\WINDOWS\SYSTEM32\09F0C.TMP
C:\WINDOWS\SYSTEM32\09F98.TMP
C:\WINDOWS\SYSTEM32\09FF6.TMP
C:\WINDOWS\SYSTEM32\0A034.TMP
C:\WINDOWS\SYSTEM32\0A0A1.TMP
C:\WINDOWS\SYSTEM32\0A17C.TMP
C:\WINDOWS\SYSTEM32\0A17D.TMP
C:\WINDOWS\SYSTEM32\0A256.TMP
C:\WINDOWS\SYSTEM32\0A35F.TMP
C:\WINDOWS\SYSTEM32\0A9B6.TMP
C:\WINDOWS\SYSTEM32\0AFBE.TMP
C:\WINDOWS\SYSTEM32\0C4E3.TMP
C:\WINDOWS\SYSTEM32\0F6EB.TMP
Trojan.Agent/Gen-NumTemp
C:\WINDOWS\SYSTEM32\08075.TMP
C:\WINDOWS\SYSTEM32\08258.TMP
C:\WINDOWS\SYSTEM32\08304.TMP
C:\WINDOWS\SYSTEM32\08709.TMP
C:\WINDOWS\SYSTEM32\08757.TMP
C:\WINDOWS\SYSTEM32\08786.TMP
C:\WINDOWS\SYSTEM32\08841.TMP
C:\WINDOWS\SYSTEM32\08851.TMP
C:\WINDOWS\SYSTEM32\08870.TMP
C:\WINDOWS\SYSTEM32\08880.TMP
C:\WINDOWS\SYSTEM32\08890.TMP
C:\WINDOWS\SYSTEM32\08891.TMP
C:\WINDOWS\SYSTEM32\08999.TMP
C:\WINDOWS\SYSTEM32\09137.TMP
C:\WINDOWS\SYSTEM32\09138.TMP
C:\WINDOWS\SYSTEM32\09146.TMP
C:\WINDOWS\SYSTEM32\09165.TMP
C:\WINDOWS\SYSTEM32\09194.TMP
C:\WINDOWS\SYSTEM32\09221.TMP
C:\WINDOWS\SYSTEM32\09222.TMP
C:\WINDOWS\SYSTEM32\09240.TMP
C:\WINDOWS\SYSTEM32\09250.TMP
C:\WINDOWS\SYSTEM32\09251.TMP
C:\WINDOWS\SYSTEM32\09270.TMP
C:\WINDOWS\SYSTEM32\09339.TMP
C:\WINDOWS\SYSTEM32\09359.TMP
C:\WINDOWS\SYSTEM32\09368.TMP
C:\WINDOWS\SYSTEM32\09369.TMP
C:\WINDOWS\SYSTEM32\09378.TMP
C:\WINDOWS\SYSTEM32\09404.TMP
C:\WINDOWS\SYSTEM32\09443.TMP
C:\WINDOWS\SYSTEM32\09471.TMP
C:\WINDOWS\SYSTEM32\09481.TMP
C:\WINDOWS\SYSTEM32\09491.TMP
C:\WINDOWS\SYSTEM32\09607.TMP
C:\WINDOWS\SYSTEM32\09617.TMP
C:\WINDOWS\SYSTEM32\09645.TMP
C:\WINDOWS\SYSTEM32\09655.TMP
C:\WINDOWS\SYSTEM32\09656.TMP
C:\WINDOWS\SYSTEM32\09665.TMP
C:\WINDOWS\SYSTEM32\09684.TMP
C:\WINDOWS\SYSTEM32\09685.TMP
C:\WINDOWS\SYSTEM32\09858.TMP
C:\WINDOWS\SYSTEM32\09867.TMP
C:\WINDOWS\SYSTEM32\09896.TMP
C:\WINDOWS\SYSTEM32\09971.TMP
C:\WINDOWS\SYSTEM32\09972.TMP
next scan will be posted asap
-
This is the result of malwarebytes
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5363
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
22/01/2011 17:03:12
mbam-log-2011-01-22 (17-03-12).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 436526
Time elapsed: 1 hour(s), 51 minute(s), 30 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\khnkqhnpc (Worm.Conficker) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\System32\09444.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
c:\Users\Angela\Desktop\downloads\windows xp new\windows xp home sp2 [oem edition]\windows xp home sp2 [oem edition]\windows xp home sp2 [oem edition]\CRACK\WPA Kill.exe (Hacktool.Wpakill) -> Quarantined and deleted successfully.
c:\Windows\System32\07D3A.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
c:\Windows\System32\084F8.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
c:\Windows\System32\08ED6.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
c:\Windows\System32\kpnvab.dll (Worm.Conficker) -> Delete on reboot.
c:\Windows\System32\08E6A.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
c:\Windows\System32\0AB0D.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
c:\Windows\System32\0476B.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
c:\Windows\System32\06798.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
c:\Windows\System32\0690E.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
c:\Windows\System32\073C8.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
c:\Windows\System32\07972.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
c:\Windows\System32\0816E.tmp (Worm.Conficker) -> Quarantined and deleted successfully.
-
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.
link # 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link # 2 (http://subs.geekstogo.com/ComboFix.exe)
Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.
Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of security programs that should be disabled and how to disable them.
Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.
NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.
Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
-
This is the result of combofix, it did say norton is running but i tried to uninstall as dont use that anymore and said invalid path,
combofix.txt say:
ComboFix 11-01-22.03 - Angela 23/01/2011 11:29:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2814.1931 [GMT 0:00]
Running from: c:\users\Angela\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\twunk_32.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
.
2011-01-23 11:53 . 2011-01-23 11:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-22 15:10 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-22 15:10 . 2011-01-22 15:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-22 15:10 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-22 15:09 . 2011-01-22 15:09 -------- d-----w- c:\users\Angela\AppData\Roaming\Malwarebytes
2011-01-22 15:09 . 2011-01-22 15:09 -------- d-----w- c:\programdata\Malwarebytes
2011-01-22 11:59 . 2011-01-22 11:59 -------- d-----w- c:\users\Angela\AppData\Roaming\SUPERAntiSpyware.com
2011-01-22 11:59 . 2011-01-22 11:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-01-22 11:58 . 2011-01-22 11:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-09 16:52 . 2011-01-16 16:40 -------- d-----w- c:\program files\PC Tools Security
2011-01-09 16:52 . 2011-01-16 16:40 -------- d-----w- c:\program files\Common Files\PC Tools
2011-01-09 16:52 . 2011-01-09 16:52 -------- d-----w- c:\users\Angela\AppData\Roaming\PC Tools
2011-01-09 16:49 . 2011-01-09 16:53 -------- d-----w- c:\programdata\PC Tools
2010-12-30 10:05 . 2010-12-30 10:05 -------- d-----w- c:\users\Angela\AppData\Local\Sunbelt Software
2010-12-30 10:04 . 2010-12-30 10:04 -------- dc-h--w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-30 10:03 . 2010-12-30 10:06 -------- d-----w- c:\programdata\Lavasoft
2010-12-30 10:03 . 2010-12-30 10:03 -------- d-----w- c:\program files\Lavasoft
2010-12-26 16:22 . 2010-12-26 16:22 -------- d-----w- c:\programdata\Alwil Software
2010-12-26 16:22 . 2010-12-26 16:22 -------- d-----w- c:\program files\Alwil Software
2010-12-26 16:12 . 2010-12-26 16:19 -------- d-----w- c:\programdata\MFAData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-07 149280]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe" [2010-01-25 136488]
"YouCam Tray"="c:\program files\CyberLink\YouCam\YouCam.exe" [2010-01-25 224352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
c:\users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
SAM.lnk - c:\program files\SAM\SAM.exe [N/A]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-2-9 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 gupdate1c98f741269b95d;Google Update Service (gupdate1c98f741269b95d);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
R2 pfkip;Driver Security;c:\windows\system32\svchost.exe [2008-01-21 21504]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090310.005\IDSvix86.sys [2009-01-02 270384]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-01-25 27504]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
pfkip
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2011-01-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-15 18:59]
2011-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 13:48]
2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 13:48]
2010-10-18 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Angela.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 12:05]
2011-01-22 c:\windows\Tasks\User_Feed_Synchronization-{D88E9CC1-8948-4D37-BED4-8A5CF8D09381}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
FF - ProfilePath - c:\users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-SHOUTcastDSP - c:\program files\Winamp\uninst-dsp.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-23 11:54
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pfkip]
"ServiceDll"="c:\windows\system32\kpnvab.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3156348021-291964185-1888875797-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{531017BD-D58A-8826-66CF-4F9FAFCB6877}*]
"haaimgoaahnadfbg"=hex:6a,61,67,69,69,70,6a,64,65,62,64,70,66,69,6b,70,6b,6c,
6a,69,00,00
"iaggknbmpegidafmfo"=hex:63,61,6a,69,69,70,00,7f
"iachcldkkadgfnbfbg"=hex:6a,61,67,69,69,70,6a,64,65,62,64,70,66,69,6b,70,6b,6c,
6a,69,00,00
"dbngjjoehhlendlncehdjiohjjhdmenaoanhbac m"=hex:68,61,66,66,6f,70,70,62,6c,6d,
62,6a,6d,6d,67,6f,00,00
"jbngjjoehhlendlncehdklieikldjlddneddice pmljhigpopele"=hex:68,61,66,66,6f,70,
70,62,6c,6d,62,6a,6d,6d,67,6f,00,00
"dbngjjoehhlendlncehdellnkbipchihnkdkflg o"=hex:62,61,61,6b,00,94
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-23 11:56:26
ComboFix-quarantined-files.txt 2011-01-23 11:56
Pre-Run: 63,502,815,232 bytes free
Post-Run: 64,692,588,544 bytes free
- - End Of File - - 667319A75384194D68211D5F886F69CE
-
HijackThis log is as follows:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:29, on 23/01/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18444)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\CyberLink\YouCam\YouCam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files\CyberLink\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: SAM.lnk = C:\Program Files\SAM\SAM.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c98f741269b95d) (gupdate1c98f741269b95d) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 14363 bytes
-
it did say norton is running but i tried to uninstall as dont use that anymore and said invalid path,
Hi Angela. If you don't use it anymore, you evidently don't have any AV on your computer. Please select a free AV program from the list below, download and install it then use this tool to remove Norton.
Norton/Symantec Removal Tool - Norton Removal Tool (http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039/)
*********************************************
Remember to only install one antivirus!
I prefer MicroSoft Security Essentials because of its high efficiency, no hassles and not a resource hog.
1) Avast! Home Edition (http://www.majorgeeks.com/Avast_Home_Edition_d1968.html)
2) AVG Free Edition (http://www.majorgeeks.com/download.php?det=886)
3) Avira AntiVir Personal (http://www.majorgeeks.com/AntiVir_Personal_Edition_7_d955.html)
4) Microsoft Security Essentials for Windows Vista\Windows 7 (http://majorgeeks.com/Microsoft_Security_Essentials_for_Windows_VistaWindows_7_d6242.html) - 64 bit Download (http://majorgeeks.com/downloadget.php?id=6242&file=5&evp=9112d44b71f157fc5d7fcd7724b088ca)
4-a) Microsoft Security Essentials for Windows XP (http://www.microsoft.com/security_essentials/)
5) Comodo Antivirus (http://www.majorgeeks.com/Comodo_AntiVirus_d5109.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition (http://www.majorgeeks.com/PC_Tools_AntiVirus_Free_Edition_d5469.html)
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
**********************************************
I strongly recommend that you remove Ask from your computer because it;
•Promotes its toolbars on sites targeted to kids.
•Promotes its toolbars through ads that appear to be part of other companies' sites.
•Promotes its toolbars through other companies' spyware.
•Installs without any disclosure whatsoever and without any consent whatsoever.
•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
See Here (http://www.benedelman.org/spyware/ask-toolbars/) for more info.
If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.
•AskBarDis or anything related to Ask
Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
*****************************************************
Re-running ComboFix to remove infections:
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:
KillAll::
RegLockDel::
[HKEY_USERS\S-1-5-21-3156348021-291964185-1888875797-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{531017BD-D58A-8826-66CF-4F9FAFCB6877}*]
"haaimgoaahnadfbg"=hex:6a,61,67,69,69,70,6a,64,65,62,64,70,66,69,6b,70,6b,6c,
6a,69,00,00
"iaggknbmpegidafmfo"=hex:63,61,6a,69,69,70,00,7f
"iachcldkkadgfnbfbg"=hex:6a,61,67,69,69,70,6a,64,65,62,64,70,66,69,6b,70,6b,6c,
6a,69,00,00
"dbngjjoehhlendlncehdjiohjjhdmenaoanhbac m"=hex:68,61,66,66,6f,70,70,62,6c,6d,
62,6a,6d,6d,67,6f,00,00
"jbngjjoehhlendlncehdklieikldjlddneddice pmljhigpopele"=hex:68,61,66,66,6f,70,
70,62,6c,6d,62,6a,6d,6d,67,6f,00,00
"dbngjjoehhlendlncehdellnkbipchihnkdkflg o"=hex:62,61,61,6b,00,94
MBR::
- Save this as CFScript.txt, in the same location as ComboFix.exe
(http://img19.imageshack.us/img19/5660/cfscriptb4.gif)
- Referring to the picture above, drag CFScript into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt
- Please post the contents of the log in your next reply.
*************************************************
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The
log will be saved automatically in the same folder Sysprot.exe was
extracted to. Open the text file and copy/paste the log here.
[/list].
-
Result of Combofix.txt
ComboFix 11-01-30.02 - Angela 31/01/2011 9:36.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2814.1778 [GMT 0:00]
Running from: c:\users\Angela\Desktop\ComboFix.exe
Command switches used :: F:\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-31 )))))))))))))))))))))))))))))))
.
2011-01-31 09:45 . 2011-01-31 09:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-23 19:31 . 2011-01-23 19:31 -------- d-----w- c:\program files\Trend Micro
2011-01-22 15:10 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-22 15:10 . 2011-01-22 15:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-22 15:10 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-22 15:09 . 2011-01-22 15:09 -------- d-----w- c:\users\Angela\AppData\Roaming\Malwarebytes
2011-01-22 15:09 . 2011-01-22 15:09 -------- d-----w- c:\programdata\Malwarebytes
2011-01-22 11:59 . 2011-01-22 11:59 -------- d-----w- c:\users\Angela\AppData\Roaming\SUPERAntiSpyware.com
2011-01-22 11:59 . 2011-01-22 11:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-01-22 11:58 . 2011-01-22 11:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-09 16:52 . 2011-01-16 16:40 -------- d-----w- c:\program files\PC Tools Security
2011-01-09 16:52 . 2011-01-16 16:40 -------- d-----w- c:\program files\Common Files\PC Tools
2011-01-09 16:52 . 2011-01-09 16:52 -------- d-----w- c:\users\Angela\AppData\Roaming\PC Tools
2011-01-09 16:49 . 2011-01-09 16:53 -------- d-----w- c:\programdata\PC Tools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-07 149280]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe" [2010-01-25 136488]
"YouCam Tray"="c:\program files\CyberLink\YouCam\YouCam.exe" [2010-01-25 224352]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
c:\users\Angela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
SAM.lnk - c:\program files\SAM\SAM.exe [N/A]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-2-9 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 gupdate1c98f741269b95d;Google Update Service (gupdate1c98f741269b95d);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 133104]
R2 pfkip;Driver Security;c:\windows\system32\svchost.exe [2008-01-21 21504]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2009-07-22 81920]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-01-25 27504]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2009-07-22 2736128]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
pfkip
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2011-01-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-15 18:59]
2011-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 13:48]
2011-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-15 13:48]
2011-01-31 c:\windows\Tasks\User_Feed_Synchronization-{D88E9CC1-8948-4D37-BED4-8A5CF8D09381}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
FF - ProfilePath - c:\users\Angela\AppData\Roaming\Mozilla\Firefox\Profiles\hns4fls0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-31 09:45
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pfkip]
"ServiceDll"="c:\windows\system32\kpnvab.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3156348021-291964185-1888875797-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{531017BD-D58A-8826-66CF-4F9FAFCB6877}*]
"haaimgoaahnadfbg"=hex:6a,61,67,69,69,70,6a,64,65,62,64,70,66,69,6b,70,6b,6c,
6a,69,00,00
"iaggknbmpegidafmfo"=hex:63,61,6a,69,69,70,00,7f
"iachcldkkadgfnbfbg"=hex:6a,61,67,69,69,70,6a,64,65,62,64,70,66,69,6b,70,6b,6c,
6a,69,00,00
"dbngjjoehhlendlncehdjiohjjhdmenaoanhbac m"=hex:68,61,66,66,6f,70,70,62,6c,6d,
62,6a,6d,6d,67,6f,00,00
"jbngjjoehhlendlncehdklieikldjlddneddice pmljhigpopele"=hex:68,61,66,66,6f,70,
70,62,6c,6d,62,6a,6d,6d,67,6f,00,00
"dbngjjoehhlendlncehdellnkbipchihnkdkflg o"=hex:62,61,61,6b,00,94
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-01-31 09:48:23
ComboFix-quarantined-files.txt 2011-01-31 09:48
ComboFix2.txt 2011-01-23 11:56
Pre-Run: 64,223,965,184 bytes free
Post-Run: 64,217,415,680 bytes free
- - End Of File - - 702DC91084A2FD04BD788ACB6FF0B0F7
Result of SysProt AntiRootKit
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 8FF4B000
Module End: 8FF56000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 8FF56000
Module End: 8FF5E000
Hidden: Yes
******************************************************************************************
******************************************************************************************
No SSDT Hooks found
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
-
my internet access has now been restored, if this is now complete, i thank you so much for your help in this i would never have fixed this in a million years
-
Let's run another scan and, if it comes out clean, we'll do some cleanup.
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png) button.
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt