Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1] 2 3  All   Go Down

Author Topic: Trojan Horse Agent_r.ATS  (Read 33123 times)

0 Members and 1 Guest are viewing this topic.

paulf

    Topic Starter


    Rookie

    Trojan Horse Agent_r.ATS
    « on: December 26, 2011, 08:30:03 AM »
    I have this virus, Trojan Horse Agent_r.ATS, that AVG says that it can't remove because it is white listed.  Is this dangerous and if it is, how can I remove it? 
    Thanks in advance for advice.
    Logged

    harry 48



      Egghead

    • lay back , relax and chill out
      • Thanked: 129
      • Yes
      • Yes
      • Yes
      • Dribbling Pensioner
    • Certifications: List
    • Experience: Familiar
    • OS: Windows 7
    Re: Trojan Horse Agent_r.ATS
    « Reply #1 on: December 26, 2011, 08:57:16 AM »
    Go here and complete and post the 3 logs. More help later.

    http://www.computerhope.com/forum/index.php/topic,46313.0.html
    Logged

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Trojan Horse Agent_r.ATS
    « Reply #2 on: December 26, 2011, 10:07:45 AM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    SUPERAntiSpyware

    If you already have SUPERAntiSpyware be sure to check for updates before scanning!

    Download SuperAntispyware Free Edition (SAS)
    * Double-click the icon on your desktop to run the installer.
    * When asked to Update the program definitions, click Yes
    * If you encounter any problems while downloading the updates, manually download and unzip them from here
    * Next click the Preferences button.

    •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
    * Click the Scanning Control tab.
    * Under Scanner Options make sure only the following are checked:

    •Close browsers before scanning
    •Scan for tracking cookies
    •Terminate memory threats before quarantining
    Please leave the others unchecked

    •Click the Close button to leave the control center screen.

    * On the main screen click Scan your computer
    * On the left check the box for the drive you are scanning.
    * On the right choose Perform Complete Scan
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete a summary box will appear. Click OK
    * Make sure everything in the white box has a check next to it, then click Next
    * It will quarantine what it found and if it asks if you want to reboot, click Yes

    •To retrieve the removal information please do the following:
    •After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    •Click Preferences. Click the Statistics/Logs tab.

    •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

    •It will open in your default text editor (preferably Notepad).
    •Save the notepad file to your desktop by clicking (in notepad) File > Save As...

    * Save the log somewhere you can easily find it. (normally the desktop)
    * Click close and close again to exit the program.
    *Copy and Paste the log in your post.
    ***********************************************
    Please download Malwarebytes Anti-Malware from here.
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
    ***************************************************
    Download DDS from HERE or HERE and save it to your desktop.

    Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

    * XP users Double click on dds to run it.
    * If your antivirus or firewall try to block DDS then please allow it to run.
    * When finished DDS will open two (2) logs.
    * Save both reports to your desktop.
    * The instructions here ask you to attach the Attach.txt.



    1) DDS.txt
    2) Attach.txt
    Instead of attaching, please copy/past both logs into your Thread

    Note: DDS will instruct you to post the Attach.txt log as an attachment.
    Please just post it as you would any other log by copying and pasting it into the reply.

    •Close the program window, and delete the program from your desktop.

    Please note: You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.
    Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    paulf

      Topic Starter


      Rookie

      Re: Trojan Horse Agent_r.ATS
      « Reply #3 on: December 27, 2011, 06:34:44 PM »
      Super Dave:

      I hope that I have done everything correctly.  Herewith the posts that you requested----

      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 12/27/2011 at 12:58 PM

      Application Version : 5.0.1142

      Core Rules Database Version : 7113
      Trace Rules Database Version: 4925

      Scan type       : Complete Scan
      Total Scan Time : 00:56:35

      Operating System Information
      Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
      UAC On - Limited User (Administrator User)

      Memory items scanned      : 678
      Memory threats detected   : 0
      Registry items scanned    : 36211
      Registry threats detected : 1
      File items scanned        : 162711
      File threats detected     : 293

      Malware.Trace
         HKU\S-1-5-21-1526413439-2465844862-3869205431-1000\SOFTWARE\AVSUITE

      Adware.Tracking Cookie
         .atdmt.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         uk.sitestat.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         uk.sitestat.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .revsci.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .imrworldwide.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .imrworldwide.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .apmebf.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         ad.yieldmanager.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .advertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .adxpose.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .activenetwork.122.2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .advertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .traveladvertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .traveladvertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .trafficmp.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .trafficmp.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .specificclick.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         inside.rotator.hadj1.adjuggler.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         inside.rotator.hadj1.adjuggler.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .serving-sys.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .serving-sys.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .viewablemedia.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .synacor.112.2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .amazon-adsystem.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .amazon-adsystem.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .avgtechnologies.112.2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ru4.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .eyewonder.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .eyewonder.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .statcounter.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ehg-verizon.hitbox.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .media2.legacy.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ru4.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ru4.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .realmedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .realmedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .realmedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .trafficmp.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .trafficmp.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .doubleclick.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .r1-ads.ace.advertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .revsci.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .adserver.adtechus.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .smartadserver.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .smartadserver.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .smartadserver.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .smartadserver.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .smartadserver.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .apmebf.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .mediaplex.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ru4.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .2mdn.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         stats.townnews.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .journalregistercompany.122.2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .adxvalue.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .media.adfrontiers.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         stats.townnews.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         stats.townnews.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         stats.townnews.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         stats.townnews.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         www.seeclickfix.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .seeclickfix.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .seeclickfix.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .atdmt.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .c1.atdmt.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .atdmt.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .atdmt.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .akamai.interclickproxy.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         www.googleadservices.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         ads.saymedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .media6degrees.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         accounts.google.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         www.googleadservices.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .choicemediainc.112.2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .trafficmp.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .trafficmp.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .gemoneysallstateghr.112.2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .at.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         bridge1.admarketplace.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .admarketplace.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .s.clickability.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .s.clickability.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ru4.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .legolas-media.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .googleads.g.doubleclick.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .legolas-media.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .legolas-media.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         ad.yieldmanager.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         ad.yieldmanager.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .legolas-media.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .tacoda.at.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ar.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .technoratimedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .technoratimedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         www.googleadservices.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .at.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .tacoda.at.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .tacoda.at.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .tacoda.at.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .tacoda.at.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .at.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .doubleclick.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .advertise.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .getclicky.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .static.getclicky.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         figmediapa.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .figmediapa.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         in.getclicky.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .mediatheatre.org [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .mediatheatre.org [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .mediatheatre.org [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .burstnet.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .www.burstnet.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         www.burstnet.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         ad.yieldmanager.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ru4.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ru4.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .questionmarket.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .questionmarket.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .revsci.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .doubleclick.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .media6degrees.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .eyewonder.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .eyewonder.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         inside.rotator.hadj1.adjuggler.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .media6degrees.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .media6degrees.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .media6degrees.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .media6degrees.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .media6degrees.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .media6degrees.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         statse.webtrendslive.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         www.burstnet.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .fastclick.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         ad.yieldmanager.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         ad.yieldmanager.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .media.adfrontiers.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .lucidmedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .pro-market.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ru4.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         mediaservices-d.openxenterprise.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .serving-sys.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .serving-sys.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .advertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .overture.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .overture.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         stats-newyork1.bloxcms.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         stats-newyork1.bloxcms.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         stats-newyork1.bloxcms.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         stats-newyork1.bloxcms.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .c5.zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .mediaplex.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .mediaplex.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .foxinteractivemedia.122.2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         d.gravityadnetwork.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .advertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .advertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .advertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         stats.townnews.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         stats.townnews.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         stats.townnews.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .seeclickfix.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .seeclickfix.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .seeclickfix.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .yieldmanager.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .revsci.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .revsci.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .revsci.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .revsci.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         dc.tremormedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .tribalfusion.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         ad.yieldmanager.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         ad.yieldmanager.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ehg-verizon.hitbox.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ehg-verizon.hitbox.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ehg-verizon.hitbox.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .hitbox.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .hitbox.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
         .ehg-verizon.hitbox.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]

      Trojan.Agent/Gen-Frauder
         C:\WINDOWS\INSTALLER\MSIBD76.TMP
         C:\WINDOWS\INSTALLER\MSIEC4C.TMP


      lwarebytes' Anti-Malware 1.51.2.1300
      www.malwarebytes.org

      Database version: 911122704

      Windows 6.0.6002 Service Pack 2
      Internet Explorer 9.0.8112.16421

      12/27/2011 4:08:38 PM
      mbam-log-2011-12-27 (16-08-38).txt

      Scan type: Full scan (C:\|)
      Objects scanned: 319092
      Time elapsed: 1 hour(s), 2 minute(s), 16 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 1
      Registry Values Infected: 0
      Registry Data Items Infected: 1
      Folders Infected: 0
      Files Infected: 2

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\PaulF\AppData\Local\nlg.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      c:\Users\PaulF\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
      c:\Users\PaulF\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\winupd.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.



      DDS (Ver_2011-08-26.01) - NTFSx86
      Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_22
      Run by PaulF at 20:21:20 on 2011-12-27
      Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.3036.2006 [GMT -5:00]
      .
      AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
      SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
      SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
      FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
      .
      ============== Running Processes ===============
      .
      C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
      C:\Program Files\AVG\AVG2012\avgcsrvx.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch
      C:\Windows\system32\svchost.exe -k rpcss
      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
      C:\Windows\system32\svchost.exe -k netsvcs
      C:\Windows\system32\svchost.exe -k GPSvcGroup
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\svchost.exe -k LocalService
      C:\Windows\system32\svchost.exe -k NetworkService
      C:\Windows\System32\WLTRYSVC.EXE
      C:\Windows\System32\bcmwltry.exe
      C:\Windows\system32\WLANExt.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
      C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
      C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
      C:\Windows\system32\AERTSrv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      C:\Program Files\AVG\AVG2012\avgfws.exe
      C:\Program Files\AVG\AVG2012\avgwdsvc.exe
      C:\Windows\system32\svchost.exe -k hpdevmgmt
      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\Program Files\Dell Support Center\bin\sprtsvc.exe
      C:\Windows\system32\svchost.exe -k imgsvc
      C:\Windows\System32\svchost.exe -k WerSvcGroup
      C:\Windows\system32\SearchIndexer.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\AVG\AVG2012\avgnsx.exe
      C:\Program Files\AVG\AVG2012\avgcsrvx.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Program Files\Dell Support Center\bin\sprtcmd.exe
      C:\Windows\System32\WLTRAY.EXE



      NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
      IF REQUESTED, ZIP IT UP & ATTACH IT
      .
      DDS (Ver_2011-08-26.01)
      .
      Microsoft® Windows Vista™ Home Basic
      Boot Device: \Device\HarddiskVolume3
      Install Date: 6/18/2009 6:44:11 PM
      System Uptime: 12/27/2011 4:21:21 PM (4 hours ago)
      .
      Motherboard: Dell Inc. |  | 0P301D
      Processor: Intel(R) Core(TM)2 Duo CPU     E7400  @ 2.80GHz | Socket 775 | 2795/266mhz
      .
      ==== Disk Partitions =========================
      .
      C: is FIXED (NTFS) - 218 GiB total, 149.281 GiB free.
      D: is FIXED (NTFS) - 15 GiB total, 10.244 GiB free.
      E: is CDROM ()
      .
      ==== Disabled Device Manager Items =============
      .
      Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
      Description: Communications Port
      Device ID: ACPI\PNP0501\1
      Manufacturer: (Standard port types)
      Name: Communications Port (COM1)
      PNP Device ID: ACPI\PNP0501\1
      Service: Serial
      .
      ==== System Restore Points ===================
      .
      RP946: 12/23/2011 2:09:05 PM - Scheduled Checkpoint
      RP947: 12/24/2011 11:05:14 AM - Scheduled Checkpoint
      RP948: 12/26/2011 9:29:16 AM - Windows Update
      RP949: 12/27/2011 6:30:25 AM - Scheduled Checkpoint
      .
      ==== Installed Programs ======================
      .
      .
       Update for Microsoft Office 2007 (KB2508958)
      32 Bit HP CIO Components Installer
      7-Zip 4.57
      Acrobat.com
      Adobe AIR
      Adobe Flash Player 10 ActiveX
      Adobe Flash Player 10 Plugin
      Adobe Reader X (10.1.1)
      Apple Application Support
      Apple Mobile Device Support
      Apple Software Update
      AVG 2012
      BufferChm
      Business Tools Launcher
      Cisco EAP-FAST Module
      Cisco LEAP Module
      Cisco PEAP Module
      Copy
      Dell Edoc Viewer
      Dell Getting Started Guide
      Dell Support Center (Support Software)
      Dell Wireless WLAN Card Utility
      Destinations
      DeviceDiscovery
      DivX Converter
      DivX Plus DirectShow Filters
      DivX Setup
      DivX Version Checker
      DJ_AIO_05_F4400_Software_Min
      F4400
      Google Chrome
      Google Update Helper
      GPBaseService2
      HijackThis 2.0.2
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
      HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
      HP Imaging Device Functions 13.0
      HP Smart Web Printing 4.5
      HP Solution Center 13.0
      HP Update
      HPPhotoGadget
      HPProductAssistant
      hpWLPGInstaller
      Intel(R) Graphics Media Accelerator Driver
      Intel® Matrix Storage Manager
      iTunes
      Java Auto Updater
      Java(TM) 6 Update 22
      Malwarebytes' Anti-Malware version 1.51.2.1300
      MathType 6
      Microsoft .NET Framework 3.5 SP1
      Microsoft .NET Framework 4 Client Profile
      Microsoft Application Error Reporting
      Microsoft Office 2007 Service Pack 2 (SP2)
      Microsoft Office Access MUI (English) 2007
      Microsoft Office Access Setup Metadata MUI (English) 2007
      Microsoft Office Excel MUI (English) 2007
      Microsoft Office File Validation Add-In
      Microsoft Office InfoPath MUI (English) 2007
      Microsoft Office Outlook MUI (English) 2007
      Microsoft Office PowerPoint MUI (English) 2007
      Microsoft Office Professional Plus 2007
      Microsoft Office Proof (English) 2007
      Microsoft Office Proof (French) 2007
      Microsoft Office Proof (Spanish) 2007
      Microsoft Office Proofing (English) 2007
      Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
      Microsoft Office Publisher MUI (English) 2007
      Microsoft Office Shared MUI (English) 2007
      Microsoft Office Shared Setup Metadata MUI (English) 2007
      Microsoft Office Word MUI (English) 2007
      Microsoft Search Enhancement Pack
      Microsoft Silverlight
      Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
      Microsoft Visual C++ 2005 Redistributable
      Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
      Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
      Mozilla Firefox 8.0.1 (x86 en-US)
      MSXML 4.0 SP2 (KB954430)
      MSXML 4.0 SP2 (KB973688)
      NetAssistant
      NetAssistant for Firefox
      OGA Notifier 2.0.0048.0
      Personal Entertainment Launcher
      PowerDVD DX
      Product Support Launcher
      QuickTime
      Realtek Ethernet Network Card Diagnostic tool for Windows Vista
      Realtek High Definition Audio Driver
      Roxio Activation Module
      Roxio Creator Audio
      Roxio Creator BDAV Plugin
      Roxio Creator Copy
      Roxio Creator Data
      Roxio Creator DE
      Roxio Creator Tools
      Roxio Express Labeler 3
      Roxio Update Manager
      Scan
      Security Update for 2007 Microsoft Office System (KB2288621)
      Security Update for 2007 Microsoft Office System (KB2288931)
      Security Update for 2007 Microsoft Office System (KB2345043)
      Security Update for 2007 Microsoft Office System (KB2553089)
      Security Update for 2007 Microsoft Office System (KB2553090)
      Security Update for 2007 Microsoft Office System (KB2584063)
      Security Update for 2007 Microsoft Office System (KB969559)
      Security Update for 2007 Microsoft Office System (KB976321)
      Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
      Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
      Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
      Security Update for Microsoft Office Access 2007 (KB979440)
      Security Update for Microsoft Office InfoPath 2007 (KB2510061)
      Security Update for Microsoft Office InfoPath 2007 (KB979441)
      Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
      Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
      Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
      Security Update for Microsoft Office system 2007 (972581)
      Security Update for Microsoft Office system 2007 (KB974234)
      Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
      Security Update for Microsoft Office Word 2007 (KB2344993)
      SmartWebPrinting
      SolutionCenter
      Sonic CinePlayer Decoder Pack
      Status
      SUPERAntiSpyware
      TinkerPlots Instructor's Evaluation Edition
      Toolbox
      TrayApp
      Update for 2007 Microsoft Office System (KB967642)
      Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
      Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
      Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
      Update for Microsoft Office 2007 Help for Common Features (KB963673)
      Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
      Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
      Update for Microsoft Office 2007 System (KB2539530)
      Update for Microsoft Office Access 2007 Help (KB963663)
      Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
      Update for Microsoft Office Excel 2007 Help (KB963678)
      Update for Microsoft Office Infopath 2007 Help (KB963662)
      Update for Microsoft Office Outlook 2007 (KB2583910)
      Update for Microsoft Office Outlook 2007 Help (KB963677)
      Update for Microsoft Office Powerpoint 2007 Help (KB963669)
      Update for Microsoft Office Publisher 2007 Help (KB963667)
      Update for Microsoft Office Script Editor Help (KB963671)
      Update for Microsoft Office Word 2007 Help (KB963665)
      Update for Outlook 2007 Junk Email Filter (KB2596560)
      VC80CRTRedist - 8.0.50727.4053
      Vz In Home Agent
      WebReg
      Windows Live Sign-in Assistant
      Windows Live Sync
      Windows Live Upload Tool
      .
      ==== Event Viewer Messages From Past Week ========
      .
      12/27/2011 6:35:10 AM, Error: Service Control Manager [7000]  - The SASDIFSV service failed to start due to the following error:  Cannot create a file when that file already exists.
      12/27/2011 4:12:46 PM, Error: Service Control Manager [7023]  - The SQL Server EXPRESS service terminated with the following error:  The specified module could not be found.
      12/20/2011 4:35:48 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
      12/20/2011 4:35:48 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
      12/20/2011 4:35:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
      .
      ==== End Of File ===========================



      Logged

      SuperDave

      • Malware Removal Specialist
      • Moderator


        • Genius
        • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Trojan Horse Agent_r.ATS
      « Reply #4 on: December 28, 2011, 11:46:06 AM »
      Update Your Java (JRE)

      Old versions of Java have vulnerabilities that malware can use to infect your system.

      First Verify your Java Version

      If there are any other version(s) installed then update now.

      Get the new version (if needed)

      If your version is out of date install the newest version of the Sun Java Runtime Environment.

      Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

      Be sure to close ALL open web browsers before starting the installation.

      Remove any old versions

      1. Download JavaRa and unzip the file to your Desktop.
      2. Open JavaRA.exe and choose Remove Older Versions
      3. Once complete exit JavaRA.

      Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
      ********************************************
      Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

      link # 1
      Link # 2
      If you are using Firefox, make sure that your download settings are as follows:

      * Tools->Options->Main tab
      * Set to "Always ask me where to Save the files".

      Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

      Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

      Right-click combofix.exe and select Run as Administrator and follow the prompts.
      When finished, ComboFix will produce a log for you.
      Post the ComboFix login your next reply.

      NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

      Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.
      Logged
      Windows 8 and Windows 10 dual boot with two SSD's

      paulf

        Topic Starter


        Rookie

        Re: Trojan Horse Agent_r.ATS
        « Reply #5 on: December 29, 2011, 03:29:43 PM »
        Output folder: C:\32788R22FWJFW
        Delete file: C:\32788R22FWJFW\023.dat
        Delete file: C:\32788R22FWJFW\023v.dat
        Delete file: C:\32788R22FWJFW\023w7.dat
        Delete file: C:\32788R22FWJFW\AppDataFile.cfx
        Delete file: C:\32788R22FWJFW\AppDataFolder.cfx
        Delete file: C:\32788R22FWJFW\appinit.bad
        Delete file: C:\32788R22FWJFW\asp.str
        Delete file: C:\32788R22FWJFW\Assoc.cmd
        Delete file: C:\32788R22FWJFW\ATTRIB.3XE
        Delete file: C:\32788R22FWJFW\Auto-RC.cmd
        Delete file: C:\32788R22FWJFW\av.cmd
        Delete file: C:\32788R22FWJFW\AvBlack
        Delete file: C:\32788R22FWJFW\AvBlack00
        Delete file: C:\32788R22FWJFW\AVChk
        Delete file: C:\32788R22FWJFW\AVChkB
        Delete file: C:\32788R22FWJFW\AvWhite
        Delete file: C:\32788R22FWJFW\AWF.cmd
        Delete file: C:\32788R22FWJFW\badclsid.c
        Delete file: C:\32788R22FWJFW\Boot-Rk.cmd
        Delete file: C:\32788R22FWJFW\Catch-sub.cmd
        Delete file: C:\32788R22FWJFW\catchme.3XE
        Delete file: C:\32788R22FWJFW\CF-Script.cmd
        Delete file: C:\32788R22FWJFW\clsid.c
        Delete file: C:\32788R22FWJFW\cmd.3XE
        Delete file: C:\32788R22FWJFW\Create.cmd
        Delete file: C:\32788R22FWJFW\Creg.dat
        Delete file: C:\32788R22FWJFW\CregC.cmd
        Delete file: C:\32788R22FWJFW\CregC.dat
        Delete file: C:\32788R22FWJFW\CSCRIPT.3XE
        Delete file: C:\32788R22FWJFW\ddsDo.sed
        Delete file: C:\32788R22FWJFW\desktop.ini
        Delete file: C:\32788R22FWJFW\DesktopFile.cfx
        Delete file: C:\32788R22FWJFW\DisclaimED.dat
        Delete file: C:\32788R22FWJFW\DPF.str
        Delete file: C:\32788R22FWJFW\embedded.sed
        Delete file: C:\32788R22FWJFW\EN-US\ATTRIB.3XE.mui
        Delete file: C:\32788R22FWJFW\EN-US\CF30500.3XE.mui
        Delete file: C:\32788R22FWJFW\EN-US\cmd.3XE.mui
        Delete file: C:\32788R22FWJFW\EN-US\CSCRIPT.3XE.mui
        Delete file: C:\32788R22FWJFW\EN-US\iexplore.exe
        Delete file: C:\32788R22FWJFW\EN-US\PING.3XE.mui
        Delete file: C:\32788R22FWJFW\EN-US\REGT.3XE.mui
        Delete file: C:\32788R22FWJFW\EN-US\ROUTE.3XE.mui
        Remove folder: C:\32788R22FWJFW\EN-US\
        Delete file: C:\32788R22FWJFW\ERDNT.e_e
        Delete file: C:\32788R22FWJFW\ERDNTDOS.LOC
        Delete file: C:\32788R22FWJFW\ERDNTWIN.LOC
        Delete file: C:\32788R22FWJFW\ERUNT.LOC
        Delete file: C:\32788R22FWJFW\FavoriteFolder.cfx
        Delete file: C:\32788R22FWJFW\FavoritesFile.cfx
        Delete file: C:\32788R22FWJFW\FD-SV.cmd
        Delete file: C:\32788R22FWJFW\FileKill.3XE
        Delete file: C:\32788R22FWJFW\Fin.dat
        Delete file: C:\32788R22FWJFW\FKMGen.cmd
        Delete file: C:\32788R22FWJFW\GetHive.cmd
        Delete file: C:\32788R22FWJFW\grep.3XE
        Delete file: C:\32788R22FWJFW\gsar.3XE
        Delete file: C:\32788R22FWJFW\hidec.3XE
        Delete file: C:\32788R22FWJFW\image001.gif
        Delete file: C:\32788R22FWJFW\Imefile.dat
        Delete file: C:\32788R22FWJFW\Install-RC.cmd
        Delete file: C:\32788R22FWJFW\katch.cmd
        Delete file: C:\32788R22FWJFW\Kill-All.cmd
        Delete file: C:\32788R22FWJFW\License\Curl - license.txt
        Delete file: C:\32788R22FWJFW\License\dumphive-license.txt
        Delete file: C:\32788R22FWJFW\License\EXTRACT.TXT
        Delete file: C:\32788R22FWJFW\License\FI - license.txt
        Delete file: C:\32788R22FWJFW\License\mtee.txt
        Delete file: C:\32788R22FWJFW\License\ncmd.cfxxe
        Delete file: C:\32788R22FWJFW\License\pv_5_2_2.zip
        Delete file: C:\32788R22FWJFW\License\streamtools.zip
        Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.html
        Delete file: C:\32788R22FWJFW\License\Zip - license.txt
        Remove folder: C:\32788R22FWJFW\License\
        Delete file: C:\32788R22FWJFW\LocalAppDataFile.cfx
        Delete file: C:\32788R22FWJFW\LocalAppDataFolder.cfx
        Delete file: C:\32788R22FWJFW\LocalService.dat
        Delete file: C:\32788R22FWJFW\LocalServiceNetworkRestricted.dat
        Delete file: C:\32788R22FWJFW\LocalSettingsFile.cfx
        Delete file: C:\32788R22FWJFW\LocalSystemNetworkRestricted.dat
        Delete file: C:\32788R22FWJFW\mbr.chk
        Delete file: C:\32788R22FWJFW\MUI
        Delete file: C:\32788R22FWJFW\mynul.dat
        Delete file: C:\32788R22FWJFW\ndis_combofix.dat
        Delete file: C:\32788R22FWJFW\netsvc.bad.dat
        Delete file: C:\32788R22FWJFW\netsvc.dat
        Delete file: C:\32788R22FWJFW\netsvc.vista.dat
        Delete file: C:\32788R22FWJFW\netsvc.xp.dat
        Delete file: C:\32788R22FWJFW\NetworkService.dat
        Delete file: C:\32788R22FWJFW\NIRKMD.3XE
        Delete file: C:\32788R22FWJFW\NlsLanguageDefault
        Delete file: C:\32788R22FWJFW\NT-OS.cmd
        Delete file: C:\32788R22FWJFW\N_\1826
        Delete file: C:\32788R22FWJFW\N_\187
        Remove folder: C:\32788R22FWJFW\N_\
        Delete file: C:\32788R22FWJFW\Oldsfxname00
        Delete file: C:\32788R22FWJFW\P.cmd
        Delete file: C:\32788R22FWJFW\PersonalFile.cfx
        Delete file: C:\32788R22FWJFW\PersonalFolder.cfx
        Delete file: C:\32788R22FWJFW\pev.3XE
        Delete file: C:\32788R22FWJFW\PING.3XE
        Delete file: C:\32788R22FWJFW\Policies.dat
        Delete file: C:\32788R22FWJFW\powp.dat
        Delete file: C:\32788R22FWJFW\prep.done
        Delete file: C:\32788R22FWJFW\ProfilesFile.cfx
        Delete file: C:\32788R22FWJFW\ProfilesFolder.cfx
        Delete file: C:\32788R22FWJFW\ProgramsFile.cfx
        Delete file: C:\32788R22FWJFW\ProgramsFolder.cfx
        Delete file: C:\32788R22FWJFW\Purity.dat
        Delete file: C:\32788R22FWJFW\PV.3XE
        Delete file: C:\32788R22FWJFW\rar_sfx.cmd
        Delete file: C:\32788R22FWJFW\RCLink.dat
        Delete file: C:\32788R22FWJFW\REGDACL.sed
        Delete file: C:\32788R22FWJFW\RegDo.sed
        Delete file: C:\32788R22FWJFW\region.dat
        Delete file: C:\32788R22FWJFW\RegScan.cmd
        Delete file: C:\32788R22FWJFW\RegScan64.cmd
        Delete file: C:\32788R22FWJFW\Resident.txt
        Delete file: C:\32788R22FWJFW\Rkey.cmd
        Delete file: C:\32788R22FWJFW\rogues.dat
        Delete file: C:\32788R22FWJFW\ROUTE.3XE
        Delete file: C:\32788R22FWJFW\run2.sed
        Delete file: C:\32788R22FWJFW\Rust.str
        Delete file: C:\32788R22FWJFW\s0rt.3XE
        Delete file: C:\32788R22FWJFW\safeboot.dat
        Delete file: C:\32788R22FWJFW\safeboot.def.dat
        Delete file: C:\32788R22FWJFW\safeboot.def.vista.dat
        Delete file: C:\32788R22FWJFW\Safeboot.def.w7.dat
        Delete file: C:\32788R22FWJFW\setpath_N.cmd
        Delete file: C:\32788R22FWJFW\sfx.cmd
        Delete file: C:\32788R22FWJFW\SnapShot.cmd
        Delete file: C:\32788R22FWJFW\SRestore.cmd
        Delete file: C:\32788R22FWJFW\srizbi.md5
        Delete file: C:\32788R22FWJFW\StartMenuFile.cfx
        Delete file: C:\32788R22FWJFW\StartMenuFolder.cfx
        Delete file: C:\32788R22FWJFW\StartUpFile.cfx
        Delete file: C:\32788R22FWJFW\SuppScan.cmd
        Delete file: C:\32788R22FWJFW\svchost.dat
        Delete file: C:\32788R22FWJFW\svchost.vista.dat
        Delete file: C:\32788R22FWJFW\svchost.vista.x64.dat
        Delete file: C:\32788R22FWJFW\svchost.w7.dat
        Delete file: C:\32788R22FWJFW\svchost.w7.x64.dat
        Delete file: C:\32788R22FWJFW\svc_wht.dat
        Delete file: C:\32788R22FWJFW\swxcacls.3XE
        Delete file: C:\32788R22FWJFW\system_ini.dat
        Delete file: C:\32788R22FWJFW\tail.3XE
        Delete file: C:\32788R22FWJFW\TemplatesFile.cfx
        Delete file: C:\32788R22FWJFW\TemplatesFolder.cfx
        Delete file: C:\32788R22FWJFW\toolbar.sed
        Delete file: C:\32788R22FWJFW\Update-CF.cmd
        Delete file: C:\32788R22FWJFW\VInfo
        Delete file: C:\32788R22FWJFW\VInfo2
        Delete file: C:\32788R22FWJFW\VINFO3
        Delete file: C:\32788R22FWJFW\Vipev.dat
        Delete file: C:\32788R22FWJFW\Vista.krl
        Delete file: C:\32788R22FWJFW\Vista.mac
        Delete file: C:\32788R22FWJFW\vistaMcode.dat
        Delete file: C:\32788R22FWJFW\vistareg.dat
        Delete file: C:\32788R22FWJFW\vun.dat
        Delete file: C:\32788R22FWJFW\VwinTemp.dacl
        Delete file: C:\32788R22FWJFW\w7Mcode.dat
        Delete file: C:\32788R22FWJFW\w7reg.dat
        Delete file: C:\32788R22FWJFW\xpmcode.dat
        Delete file: C:\32788R22FWJFW\xpreg.dat
        Delete file: C:\32788R22FWJFW\zDomain.dat
        Delete file: C:\32788R22FWJFW\zhsvc.dat
        Delete file: C:\32788R22FWJFW\zip.3XE
        Extract: 023.dat
        Extract: 023v.dat
        Extract: 023w7.dat
        Extract: AWF.cmd
        Extract: AppDataFile.cfx
        Extract: AppDataFolder.cfx
        Extract: Assoc.cmd
        Extract: Auto-RC.cmd
        Extract: Boot-Rk.cmd
        Extract: CF-Script.cmd
        Extract: Catch-sub.cmd
        Extract: ComboFix-Download.3XE
        Can't write: C:\32788R22FWJFW\Combobatch.bat
        Logged

        SuperDave

        • Malware Removal Specialist
        • Moderator


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Trojan Horse Agent_r.ATS
        « Reply #6 on: December 29, 2011, 07:27:33 PM »
        That log is not complete. Please look in C:/ComboFix for the complete log and post it. If you can't find it, please run it again.
        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        paulf

          Topic Starter


          Rookie

          Re: Trojan Horse Agent_r.ATS
          « Reply #7 on: December 29, 2011, 08:47:47 PM »
          SuperDave:

          I tried running Combofix, but I got this message---

          Error opening file for writing:
          C:\32788R22FWJFW\Boot.bat

          It then gave me the option to ignore this, but when I did that I continued to get similar messages with different terms after the second backslash.
          e.g. DrvRun.vbs and Exe.reg
          Logged

          SuperDave

          • Malware Removal Specialist
          • Moderator


            • Genius
            • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Trojan Horse Agent_r.ATS
          « Reply #8 on: December 30, 2011, 11:54:51 AM »
          Please delete ComboFix from your desktop.

          Download ComboFix by sUBs from one of the below links.  You must rename it before saving it!

          Important! You MUST save ComboFix to your desktop

          link # 1
          Link # 2
          If you are using Firefox, make sure that your download settings are as follows:

          * Tools->Options->Main tab
          * Set to "Always ask me where to Save the files".

          Rename ComboFix to Combo-Fix before saving it to the desktop.





          Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

          Double click on Combo-Fix.exe & follow the prompts.

          Vista users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

          Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

          When the scan completes it will open a text window.
           
          Post the contents of that log in your next reply.

          Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.
          Logged
          Windows 8 and Windows 10 dual boot with two SSD's

          paulf

            Topic Starter


            Rookie

            Re: Trojan Horse Agent_r.ATS
            « Reply #9 on: January 01, 2012, 07:28:20 PM »
            Super Dave:

            I appreciate you staying with me here, but I am still running into problems with ComboFix.  It told me that it was scanning, but then I got the message------

                   Freeware implementation of XCACLS has stopped working.

            Am I doing something wrong?

            Thanks
            Logged

            SuperDave

            • Malware Removal Specialist
            • Moderator


              • Genius
              • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Trojan Horse Agent_r.ATS
            « Reply #10 on: January 02, 2012, 12:03:44 PM »
            We'll try to run it once more.

            Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

            Navigate to Start --> Run, and enter the following command exactly as shown:

            "%userprofile%\desktop\blackpudding.bat" /killall

            See if ComboFix will run now.
            Logged
            Windows 8 and Windows 10 dual boot with two SSD's

            paulf

              Topic Starter


              Rookie

              Re: Trojan Horse Agent_r.ATS
              « Reply #11 on: January 02, 2012, 05:54:20 PM »
              Super Dave:

              Same deal--stops after about 10 minutes with same message.  It finds a virus....I move to vault, restart, and then when I come back on it tells me that my recycle bin is corrupted and asks me to empty.  I do and we're back to where we started.
              Logged

              SuperDave

              • Malware Removal Specialist
              • Moderator


                • Genius
                • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Trojan Horse Agent_r.ATS
              « Reply #12 on: January 03, 2012, 12:18:11 PM »
              Please try running ComboFix in Safe mode.
              Safe Mode
              Logged
              Windows 8 and Windows 10 dual boot with two SSD's

              paulf

                Topic Starter


                Rookie

                Re: Trojan Horse Agent_r.ATS
                « Reply #13 on: January 08, 2012, 11:59:58 AM »
                Super dave:

                Tried many times over this weekend, but in safe mode I cannot get on the internet
                Logged

                SuperDave

                • Malware Removal Specialist
                • Moderator


                  • Genius
                  • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Trojan Horse Agent_r.ATS
                « Reply #14 on: January 09, 2012, 01:29:04 PM »
                Let's see if we can what's happening with the internet connection.

                Please download MiniToolBox to Desktop and run it.



                Checkmark the following boxes:

                  • Flush DNS
                  • Report IE Proxy Settings
                  • Reset IE Proxy Settings
                  • List content of Hosts
                  • List IP Configuration
                  • Lst Last 10 Event Viewer Errors
                  • List Users, Partitions and Memory Size
                    • [/b]
                  Click Go and copy/paste the log (Result.txt) into your next post. .
                  Logged
                  Windows 8 and Windows 10 dual boot with two SSD's
                  Pages: [1] 2 3  All   Go Up
                  « previous next »