Author Topic: Trojan Horse Agent_r.ATS (Read 33066 times)

paulf · « **on:** December 26, 2011, 08:30:03 AM »

I have this virus, Trojan Horse Agent_r.ATS, that AVG says that it can't remove because it is white listed. Is this dangerous and if it is, how can I remove it?
Thanks in advance for advice.

harry 48 · « **Reply #1 on:** December 26, 2011, 08:57:16 AM »

Go here and complete and post the 3 logs. More help later.

http://www.computerhope.com/forum/index.php/topic,46313.0.html

SuperDave · « **Reply #2 on:** December 26, 2011, 10:07:45 AM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***********************************************

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
***************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

paulf · « **Reply #3 on:** December 27, 2011, 06:34:44 PM »

Super Dave:

I hope that I have done everything correctly. Herewith the posts that you requested----

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/27/2011 at 12:58 PM

Application Version : 5.0.1142

Core Rules Database Version : 7113
Trace Rules Database Version: 4925

Scan type : Complete Scan
Total Scan Time : 00:56:35

Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned : 678
Memory threats detected : 0
Registry items scanned : 36211
Registry threats detected : 1
File items scanned : 162711
File threats detected : 293

Malware.Trace
   HKU\S-1-5-21-1526413439-2465844862-3869205431-1000\SOFTWARE\AVSUITE

Adware.Tracking Cookie
   .atdmt.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   uk.sitestat.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   uk.sitestat.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .imrworldwide.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .apmebf.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .adxpose.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .activenetwork.122.2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .traveladvertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .traveladvertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .specificclick.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   inside.rotator.hadj1.adjuggler.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   inside.rotator.hadj1.adjuggler.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .serving-sys.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .serving-sys.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .viewablemedia.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .synacor.112.2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .amazon-adsystem.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .amazon-adsystem.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .avgtechnologies.112.2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ru4.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .eyewonder.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .eyewonder.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .statcounter.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ehg-verizon.hitbox.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .media2.legacy.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ru4.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ru4.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .realmedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .realmedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .realmedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .doubleclick.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .r1-ads.ace.advertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .adserver.adtechus.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .smartadserver.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .smartadserver.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .smartadserver.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .smartadserver.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .smartadserver.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .apmebf.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .mediaplex.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ru4.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .2mdn.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   stats.townnews.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .journalregistercompany.122.2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .adxvalue.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .media.adfrontiers.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   stats.townnews.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   stats.townnews.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   stats.townnews.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   stats.townnews.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   www.seeclickfix.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .seeclickfix.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .seeclickfix.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .c1.atdmt.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .atdmt.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .akamai.interclickproxy.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   www.googleadservices.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   ads.saymedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   accounts.google.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   www.googleadservices.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .choicemediainc.112.2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .trafficmp.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .gemoneysallstateghr.112.2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   bridge1.admarketplace.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .admarketplace.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .s.clickability.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .s.clickability.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ru4.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .googleads.g.doubleclick.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .legolas-media.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ar.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .technoratimedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .technoratimedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .insightexpressai.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   www.googleadservices.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .tacoda.at.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .at.atwola.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .doubleclick.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .advertise.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .getclicky.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .static.getclicky.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   figmediapa.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .figmediapa.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   in.getclicky.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .mediatheatre.org [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .mediatheatre.org [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .mediatheatre.org [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .burstnet.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .www.burstnet.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   www.burstnet.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ru4.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ru4.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .questionmarket.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .questionmarket.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .doubleclick.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .eyewonder.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .eyewonder.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   inside.rotator.hadj1.adjuggler.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .media6degrees.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   statse.webtrendslive.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   www.burstnet.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .fastclick.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .media.adfrontiers.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .lucidmedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .pro-market.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ru4.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .collective-media.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   mediaservices-d.openxenterprise.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .serving-sys.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .serving-sys.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .overture.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .overture.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   stats-newyork1.bloxcms.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   stats-newyork1.bloxcms.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   stats-newyork1.bloxcms.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   stats-newyork1.bloxcms.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .c5.zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .mediaplex.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .mediaplex.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .foxinteractivemedia.122.2o7.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .invitemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .a1.interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .adbrite.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   d.gravityadnetwork.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .advertising.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   stats.townnews.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   stats.townnews.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   stats.townnews.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .seeclickfix.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .seeclickfix.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .seeclickfix.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ads.pointroll.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .yieldmanager.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .zedo.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .revsci.net [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   dc.tremormedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .casalemedia.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .interclick.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .tribalfusion.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   ad.yieldmanager.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ehg-verizon.hitbox.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ehg-verizon.hitbox.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ehg-verizon.hitbox.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .hitbox.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .hitbox.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]
   .ehg-verizon.hitbox.com [ C:\USERS\PAULF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HSM0BFT6.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Frauder
   C:\WINDOWS\INSTALLER\MSIBD76.TMP
   C:\WINDOWS\INSTALLER\MSIEC4C.TMP

lwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122704

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

12/27/2011 4:08:38 PM
mbam-log-2011-12-27 (16-08-38).txt

Scan type: Full scan (C:\|)
Objects scanned: 319092
Time elapsed: 1 hour(s), 2 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\PaulF\AppData\Local\nlg.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\PaulF\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\PaulF\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\winupd.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by PaulF at 20:21:20 on 2011-12-27
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3036.2006 [GMT -5:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\WLTRAY.EXE

NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 6/18/2009 6:44:11 PM
System Uptime: 12/27/2011 4:21:21 PM (4 hours ago)
.
Motherboard: Dell Inc. | | 0P301D
Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz | Socket 775 | 2795/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 149.281 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 10.244 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
Description: Communications Port
Device ID: ACPI\PNP0501\1
Manufacturer: (Standard port types)
Name: Communications Port (COM1)
PNP Device ID: ACPI\PNP0501\1
Service: Serial
.
==== System Restore Points ===================
.
RP946: 12/23/2011 2:09:05 PM - Scheduled Checkpoint
RP947: 12/24/2011 11:05:14 AM - Scheduled Checkpoint
RP948: 12/26/2011 9:29:16 AM - Windows Update
RP949: 12/27/2011 6:30:25 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
7-Zip 4.57
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
BufferChm
Business Tools Launcher
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Copy
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Wireless WLAN Card Utility
Destinations
DeviceDiscovery
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DJ_AIO_05_F4400_Software_Min
F4400
Google Chrome
Google Update Helper
GPBaseService2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
HP Imaging Device Functions 13.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
HPProductAssistant
hpWLPGInstaller
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware version 1.51.2.1300
MathType 6
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetAssistant
NetAssistant for Firefox
OGA Notifier 2.0.0048.0
Personal Entertainment Launcher
PowerDVD DX
Product Support Launcher
QuickTime
Realtek Ethernet Network Card Diagnostic tool for Windows Vista
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SmartWebPrinting
SolutionCenter
Sonic CinePlayer Decoder Pack
Status
SUPERAntiSpyware
TinkerPlots Instructor's Evaluation Edition
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VC80CRTRedist - 8.0.50727.4053
Vz In Home Agent
WebReg
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
.
==== Event Viewer Messages From Past Week ========
.
12/27/2011 6:35:10 AM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
12/27/2011 4:12:46 PM, Error: Service Control Manager [7023] - The SQL Server EXPRESS service terminated with the following error: The specified module could not be found.
12/20/2011 4:35:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/20/2011 4:35:48 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/20/2011 4:35:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================

SuperDave · « **Reply #4 on:** December 28, 2011, 11:46:06 AM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
********************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

paulf · « **Reply #5 on:** December 29, 2011, 03:29:43 PM »

Output folder: C:\32788R22FWJFW
Delete file: C:\32788R22FWJFW\023.dat
Delete file: C:\32788R22FWJFW\023v.dat
Delete file: C:\32788R22FWJFW\023w7.dat
Delete file: C:\32788R22FWJFW\AppDataFile.cfx
Delete file: C:\32788R22FWJFW\AppDataFolder.cfx
Delete file: C:\32788R22FWJFW\appinit.bad
Delete file: C:\32788R22FWJFW\asp.str
Delete file: C:\32788R22FWJFW\Assoc.cmd
Delete file: C:\32788R22FWJFW\ATTRIB.3XE
Delete file: C:\32788R22FWJFW\Auto-RC.cmd
Delete file: C:\32788R22FWJFW\av.cmd
Delete file: C:\32788R22FWJFW\AvBlack
Delete file: C:\32788R22FWJFW\AvBlack00
Delete file: C:\32788R22FWJFW\AVChk
Delete file: C:\32788R22FWJFW\AVChkB
Delete file: C:\32788R22FWJFW\AvWhite
Delete file: C:\32788R22FWJFW\AWF.cmd
Delete file: C:\32788R22FWJFW\badclsid.c
Delete file: C:\32788R22FWJFW\Boot-Rk.cmd
Delete file: C:\32788R22FWJFW\Catch-sub.cmd
Delete file: C:\32788R22FWJFW\catchme.3XE
Delete file: C:\32788R22FWJFW\CF-Script.cmd
Delete file: C:\32788R22FWJFW\clsid.c
Delete file: C:\32788R22FWJFW\cmd.3XE
Delete file: C:\32788R22FWJFW\Create.cmd
Delete file: C:\32788R22FWJFW\Creg.dat
Delete file: C:\32788R22FWJFW\CregC.cmd
Delete file: C:\32788R22FWJFW\CregC.dat
Delete file: C:\32788R22FWJFW\CSCRIPT.3XE
Delete file: C:\32788R22FWJFW\ddsDo.sed
Delete file: C:\32788R22FWJFW\desktop.ini
Delete file: C:\32788R22FWJFW\DesktopFile.cfx
Delete file: C:\32788R22FWJFW\DisclaimED.dat
Delete file: C:\32788R22FWJFW\DPF.str
Delete file: C:\32788R22FWJFW\embedded.sed
Delete file: C:\32788R22FWJFW\EN-US\ATTRIB.3XE.mui
Delete file: C:\32788R22FWJFW\EN-US\CF30500.3XE.mui
Delete file: C:\32788R22FWJFW\EN-US\cmd.3XE.mui
Delete file: C:\32788R22FWJFW\EN-US\CSCRIPT.3XE.mui
Delete file: C:\32788R22FWJFW\EN-US\iexplore.exe
Delete file: C:\32788R22FWJFW\EN-US\PING.3XE.mui
Delete file: C:\32788R22FWJFW\EN-US\REGT.3XE.mui
Delete file: C:\32788R22FWJFW\EN-US\ROUTE.3XE.mui
Remove folder: C:\32788R22FWJFW\EN-US\
Delete file: C:\32788R22FWJFW\ERDNT.e_e
Delete file: C:\32788R22FWJFW\ERDNTDOS.LOC
Delete file: C:\32788R22FWJFW\ERDNTWIN.LOC
Delete file: C:\32788R22FWJFW\ERUNT.LOC
Delete file: C:\32788R22FWJFW\FavoriteFolder.cfx
Delete file: C:\32788R22FWJFW\FavoritesFile.cfx
Delete file: C:\32788R22FWJFW\FD-SV.cmd
Delete file: C:\32788R22FWJFW\FileKill.3XE
Delete file: C:\32788R22FWJFW\Fin.dat
Delete file: C:\32788R22FWJFW\FKMGen.cmd
Delete file: C:\32788R22FWJFW\GetHive.cmd
Delete file: C:\32788R22FWJFW\grep.3XE
Delete file: C:\32788R22FWJFW\gsar.3XE
Delete file: C:\32788R22FWJFW\hidec.3XE
Delete file: C:\32788R22FWJFW\image001.gif
Delete file: C:\32788R22FWJFW\Imefile.dat
Delete file: C:\32788R22FWJFW\Install-RC.cmd
Delete file: C:\32788R22FWJFW\katch.cmd
Delete file: C:\32788R22FWJFW\Kill-All.cmd
Delete file: C:\32788R22FWJFW\License\Curl - license.txt
Delete file: C:\32788R22FWJFW\License\dumphive-license.txt
Delete file: C:\32788R22FWJFW\License\EXTRACT.TXT
Delete file: C:\32788R22FWJFW\License\FI - license.txt
Delete file: C:\32788R22FWJFW\License\mtee.txt
Delete file: C:\32788R22FWJFW\License\ncmd.cfxxe
Delete file: C:\32788R22FWJFW\License\pv_5_2_2.zip
Delete file: C:\32788R22FWJFW\License\streamtools.zip
Delete file: C:\32788R22FWJFW\License\UnxUtilsDist.html
Delete file: C:\32788R22FWJFW\License\Zip - license.txt
Remove folder: C:\32788R22FWJFW\License\
Delete file: C:\32788R22FWJFW\LocalAppDataFile.cfx
Delete file: C:\32788R22FWJFW\LocalAppDataFolder.cfx
Delete file: C:\32788R22FWJFW\LocalService.dat
Delete file: C:\32788R22FWJFW\LocalServiceNetworkRestricted.dat
Delete file: C:\32788R22FWJFW\LocalSettingsFile.cfx
Delete file: C:\32788R22FWJFW\LocalSystemNetworkRestricted.dat
Delete file: C:\32788R22FWJFW\mbr.chk
Delete file: C:\32788R22FWJFW\MUI
Delete file: C:\32788R22FWJFW\mynul.dat
Delete file: C:\32788R22FWJFW\ndis_combofix.dat
Delete file: C:\32788R22FWJFW\netsvc.bad.dat
Delete file: C:\32788R22FWJFW\netsvc.dat
Delete file: C:\32788R22FWJFW\netsvc.vista.dat
Delete file: C:\32788R22FWJFW\netsvc.xp.dat
Delete file: C:\32788R22FWJFW\NetworkService.dat
Delete file: C:\32788R22FWJFW\NIRKMD.3XE
Delete file: C:\32788R22FWJFW\NlsLanguageDefault
Delete file: C:\32788R22FWJFW\NT-OS.cmd
Delete file: C:\32788R22FWJFW\N_\1826
Delete file: C:\32788R22FWJFW\N_\187
Remove folder: C:\32788R22FWJFW\N_\
Delete file: C:\32788R22FWJFW\Oldsfxname00
Delete file: C:\32788R22FWJFW\P.cmd
Delete file: C:\32788R22FWJFW\PersonalFile.cfx
Delete file: C:\32788R22FWJFW\PersonalFolder.cfx
Delete file: C:\32788R22FWJFW\pev.3XE
Delete file: C:\32788R22FWJFW\PING.3XE
Delete file: C:\32788R22FWJFW\Policies.dat
Delete file: C:\32788R22FWJFW\powp.dat
Delete file: C:\32788R22FWJFW\prep.done
Delete file: C:\32788R22FWJFW\ProfilesFile.cfx
Delete file: C:\32788R22FWJFW\ProfilesFolder.cfx
Delete file: C:\32788R22FWJFW\ProgramsFile.cfx
Delete file: C:\32788R22FWJFW\ProgramsFolder.cfx
Delete file: C:\32788R22FWJFW\Purity.dat
Delete file: C:\32788R22FWJFW\PV.3XE
Delete file: C:\32788R22FWJFW\rar_sfx.cmd
Delete file: C:\32788R22FWJFW\RCLink.dat
Delete file: C:\32788R22FWJFW\REGDACL.sed
Delete file: C:\32788R22FWJFW\RegDo.sed
Delete file: C:\32788R22FWJFW\region.dat
Delete file: C:\32788R22FWJFW\RegScan.cmd
Delete file: C:\32788R22FWJFW\RegScan64.cmd
Delete file: C:\32788R22FWJFW\Resident.txt
Delete file: C:\32788R22FWJFW\Rkey.cmd
Delete file: C:\32788R22FWJFW\rogues.dat
Delete file: C:\32788R22FWJFW\ROUTE.3XE
Delete file: C:\32788R22FWJFW\run2.sed
Delete file: C:\32788R22FWJFW\Rust.str
Delete file: C:\32788R22FWJFW\s0rt.3XE
Delete file: C:\32788R22FWJFW\safeboot.dat
Delete file: C:\32788R22FWJFW\safeboot.def.dat
Delete file: C:\32788R22FWJFW\safeboot.def.vista.dat
Delete file: C:\32788R22FWJFW\Safeboot.def.w7.dat
Delete file: C:\32788R22FWJFW\setpath_N.cmd
Delete file: C:\32788R22FWJFW\sfx.cmd
Delete file: C:\32788R22FWJFW\SnapShot.cmd
Delete file: C:\32788R22FWJFW\SRestore.cmd
Delete file: C:\32788R22FWJFW\srizbi.md5
Delete file: C:\32788R22FWJFW\StartMenuFile.cfx
Delete file: C:\32788R22FWJFW\StartMenuFolder.cfx
Delete file: C:\32788R22FWJFW\StartUpFile.cfx
Delete file: C:\32788R22FWJFW\SuppScan.cmd
Delete file: C:\32788R22FWJFW\svchost.dat
Delete file: C:\32788R22FWJFW\svchost.vista.dat
Delete file: C:\32788R22FWJFW\svchost.vista.x64.dat
Delete file: C:\32788R22FWJFW\svchost.w7.dat
Delete file: C:\32788R22FWJFW\svchost.w7.x64.dat
Delete file: C:\32788R22FWJFW\svc_wht.dat
Delete file: C:\32788R22FWJFW\swxcacls.3XE
Delete file: C:\32788R22FWJFW\system_ini.dat
Delete file: C:\32788R22FWJFW\tail.3XE
Delete file: C:\32788R22FWJFW\TemplatesFile.cfx
Delete file: C:\32788R22FWJFW\TemplatesFolder.cfx
Delete file: C:\32788R22FWJFW\toolbar.sed
Delete file: C:\32788R22FWJFW\Update-CF.cmd
Delete file: C:\32788R22FWJFW\VInfo
Delete file: C:\32788R22FWJFW\VInfo2
Delete file: C:\32788R22FWJFW\VINFO3
Delete file: C:\32788R22FWJFW\Vipev.dat
Delete file: C:\32788R22FWJFW\Vista.krl
Delete file: C:\32788R22FWJFW\Vista.mac
Delete file: C:\32788R22FWJFW\vistaMcode.dat
Delete file: C:\32788R22FWJFW\vistareg.dat
Delete file: C:\32788R22FWJFW\vun.dat
Delete file: C:\32788R22FWJFW\VwinTemp.dacl
Delete file: C:\32788R22FWJFW\w7Mcode.dat
Delete file: C:\32788R22FWJFW\w7reg.dat
Delete file: C:\32788R22FWJFW\xpmcode.dat
Delete file: C:\32788R22FWJFW\xpreg.dat
Delete file: C:\32788R22FWJFW\zDomain.dat
Delete file: C:\32788R22FWJFW\zhsvc.dat
Delete file: C:\32788R22FWJFW\zip.3XE
Extract: 023.dat
Extract: 023v.dat
Extract: 023w7.dat
Extract: AWF.cmd
Extract: AppDataFile.cfx
Extract: AppDataFolder.cfx
Extract: Assoc.cmd
Extract: Auto-RC.cmd
Extract: Boot-Rk.cmd
Extract: CF-Script.cmd
Extract: Catch-sub.cmd
Extract: ComboFix-Download.3XE
Can't write: C:\32788R22FWJFW\Combobatch.bat

SuperDave · « **Reply #6 on:** December 29, 2011, 07:27:33 PM »

That log is not complete. Please look in C:/ComboFix for the complete log and post it. If you can't find it, please run it again.

paulf · « **Reply #7 on:** December 29, 2011, 08:47:47 PM »

SuperDave:

I tried running Combofix, but I got this message---

Error opening file for writing:
C:\32788R22FWJFW\Boot.bat

It then gave me the option to ignore this, but when I did that I continued to get similar messages with different terms after the second backslash.
e.g. DrvRun.vbs and Exe.reg

SuperDave · « **Reply #8 on:** December 30, 2011, 11:54:51 AM »

Please delete ComboFix from your desktop.

Download ComboFix by sUBs from one of the below links. You must rename it before saving it!

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Rename ComboFix to Combo-Fix before saving it to the desktop.

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on Combo-Fix.exe & follow the prompts.

Vista users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.

Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

paulf · « **Reply #9 on:** January 01, 2012, 07:28:20 PM »

Super Dave:

I appreciate you staying with me here, but I am still running into problems with ComboFix. It told me that it was scanning, but then I got the message------

Freeware implementation of XCACLS has stopped working.

Am I doing something wrong?

Thanks

SuperDave · « **Reply #10 on:** January 02, 2012, 12:03:44 PM »

We'll try to run it once more.

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now.

paulf · « **Reply #11 on:** January 02, 2012, 05:54:20 PM »

Super Dave:

Same deal--stops after about 10 minutes with same message. It finds a virus....I move to vault, restart, and then when I come back on it tells me that my recycle bin is corrupted and asks me to empty. I do and we're back to where we started.

SuperDave · « **Reply #12 on:** January 03, 2012, 12:18:11 PM »

Please try running ComboFix in Safe mode.
Safe Mode

paulf · « **Reply #13 on:** January 08, 2012, 11:59:58 AM »

Super dave:

Tried many times over this weekend, but in safe mode I cannot get on the internet

SuperDave · « **Reply #14 on:** January 09, 2012, 01:29:04 PM »

Let's see if we can what's happening with the internet connection.

Please download MiniToolBox to Desktop and run it.

Checkmark the following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
List content of Hosts
List IP Configuration
Lst Last 10 Event Viewer Errors
List Users, Partitions and Memory Size
[/b]
Click Go and copy/paste the log (Result.txt) into your next post. .

paulf · « **Reply #15 on:** January 18, 2012, 07:03:43 PM »

Super Dave:

Sorry for the delay--been out of town and this is my home computer. Here is the log-----------

MiniToolBox by Farbar Version: 18-01-2012
Ran by PaulF (administrator) on 18-01-2012 at 20:58:39
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: 127.0.0.1:64929

"Reset IE Proxy Settings": IE Proxy Settings were reset.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0) = Local Area Connection (Connected)
Dell Wireless 1505 Draft 802.11n WLAN Mini-Card = Wireless Network Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : FinleyPC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1505 Draft 802.11n WLAN Mini-Card
Physical Address. . . . . . . . . : 00-24-2C-24-69-D2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-24-E8-13-E9-C5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c81d:dd17:4644:a2d7%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, January 18, 2012 8:26:30 PM
Lease Expires . . . . . . . . . . : Thursday, January 19, 2012 8:26:15 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 251667688
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-CC-7B-62-00-24-E8-13-E9-C5
DNS Servers . . . . . . . . . . . : 192.168.1.1
71.242.0.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1401:2f4d:3f57:fefd(Preferred)
Link-local IPv6 Address . . . . . : fe80::1401:2f4d:3f57:fefd%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{02E1564F-777F-40F5-809E-D959E16B6318}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.115.99
74.125.115.103
74.125.115.104
74.125.115.105
74.125.115.147
74.125.115.106

Pinging google.com [74.125.115.103] with 32 bytes of data:

Request timed out.

Reply from 74.125.115.103: bytes=32 time=28ms TTL=252

Ping statistics for 74.125.115.103:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 28ms, Maximum = 28ms, Average = 28ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.180.149
209.191.122.70
72.30.2.43
98.137.149.56

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=60ms TTL=249

Reply from 209.191.122.70: bytes=32 time=59ms TTL=249

Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 59ms, Maximum = 60ms, Average = 59ms

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
12 ...00 24 2c 24 69 d2 ...... Dell Wireless 1505 Draft 802.11n WLAN Mini-Card
11 ...00 24 e8 13 e9 c5 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
1 ........................... Software Loopback Interface 1
14 ...00 00 00 00 00 00 00 e0 isatap.home
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
13 ...00 00 00 00 00 00 00 e0 isatap.{02E1564F-777F-40F5-809E-D959E16B6318}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:1401:2f4d:3f57:fefd/128
On-link
11 276 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::1401:2f4d:3f57:fefd/128
On-link
11 276 fe80::c81d:dd17:4644:a2d7/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/18/2012 08:27:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2012 00:33:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2012 08:29:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2012 11:24:15 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/15/2012 00:31:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/13/2012 10:30:50 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/13/2012 10:09:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2012 09:28:19 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/11/2012 08:22:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/09/2012 10:04:47 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

System errors:
=============
Error: (01/18/2012 08:27:51 PM) (Source: Service Control Manager) (User: )
Description: SQL Server EXPRESS%%126

Error: (01/16/2012 00:33:28 PM) (Source: Service Control Manager) (User: )
Description: SQL Server EXPRESS%%126

Error: (01/16/2012 08:29:46 AM) (Source: Service Control Manager) (User: )
Description: SQL Server EXPRESS%%126

Error: (01/15/2012 00:31:22 PM) (Source: Service Control Manager) (User: )
Description: SQL Server EXPRESS%%126

Error: (01/13/2012 10:09:24 PM) (Source: Service Control Manager) (User: )
Description: SQL Server EXPRESS%%126

Error: (01/11/2012 08:22:22 PM) (Source: Service Control Manager) (User: )
Description: SQL Server EXPRESS%%126

Error: (01/09/2012 08:37:36 PM) (Source: Service Control Manager) (User: )
Description: SQL Server EXPRESS%%126

Error: (01/08/2012 01:58:33 PM) (Source: Service Control Manager) (User: )
Description: SQL Server EXPRESS%%126

Error: (01/08/2012 01:53:18 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (01/08/2012 01:53:17 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Microsoft Office Sessions:
=========================

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 3036.07 MB
Available physical RAM: 1590.45 MB
Total Pagefile: 6293.17 MB
Available Pagefile: 4812.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.21 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:218.14 GB) (Free:152.96 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.24 GB) NTFS

========================= Users: ========================================

User accounts for \\FINLEYPC

Administrator Guest PaulF

**** End of log ****

SuperDave · « **Reply #16 on:** January 19, 2012, 11:31:41 AM »

Is this a laptop computer? If so, are you certain that the internet switch is not turned off. Did you reset the modem? Turn off the power supply to the modem for at least 30 secs. Did you try hardwiring the computer to the modem?

paulf · « **Reply #17 on:** January 23, 2012, 06:39:37 PM »

No, it's a desktop and the internet works fine, but you asked me to download something in safe mode. I couldn't get on the internet in safe mode. In regular mode I'm connected

SuperDave · « **Reply #18 on:** January 23, 2012, 07:03:22 PM »

Quote

I couldn't get on the internet in safe mode. In regular mode I'm connected

Sorry. I misunderstood.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.
Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

paulf · « **Reply #19 on:** January 30, 2012, 08:20:47 PM »

Super Dave:

I hope that I did this right---Here are the results:

tatus: Deleted (events: 1)
1/30/2012 8:17:44 PM   Deleted   Trojan program Exploit.Java.CVE-2010-4452.a   C:\Documents and Settings\PaulF\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\23e20f57-532988f6   High
Status: Disinfected (events: 3)
1/30/2012 8:15:17 PM   Disinfected   Trojan program Exploit.Java.CVE-2010-0840.en   C:\Documents and Settings\PaulF\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\77d810b7-41f56c4c   High
1/30/2012 8:15:17 PM   Disinfected   Trojan program Exploit.Java.CVE-2010-0840.en   C:\Documents and Settings\PaulF\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\77d810b7-41f56c4c/json/Parser.class   High
1/30/2012 10:10:44 PM   Disinfected   virus Virus.Win32.ZAccess.k   C:\Windows\System32\drivers\serial.sys   High
Status: Quarantined (events: 1)
1/30/2012 9:14:09 PM   Quarantined   virus HEUR:Trojan.Script.Iframer   C:\Windows\$NtUninstallKB32527$\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\36JG3ILT\afr[5].php   High
Status: Absent (events: 2)
1/30/2012 10:13:10 PM   Not found   virus HEUR:Trojan.Script.Iframer   C:\Windows\$NtUninstallKB32527$\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\36JG3ILT\afr[5].php   High
1/30/2012 10:13:10 PM   Not found   virus HEUR:Trojan.Script.Iframer   C:\Windows\$NtUninstallKB32527$\systemprofile\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\36JG3ILT\afr[5].php   High

SuperDave · « **Reply #20 on:** January 31, 2012, 11:54:21 AM »

AVENGER

Download The Avenger by Swandog46 from here.
Unzip/extract it to a folder on your desktop.
Double click on avenger.exe to run The Avenger.
Click OK.
Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
Click the Execute button.
You will be asked No script has been entered. Do you want to execute a rootkit scan only?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
Please post this log in your next reply.

paulf · « **Reply #21 on:** February 05, 2012, 06:03:00 PM »

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Super Dave:
Here is the Avenger result-----

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Completed script processing.

*******************

Finished! Terminate.

SuperDave · « **Reply #22 on:** February 05, 2012, 07:06:20 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

paulf · « **Reply #23 on:** February 06, 2012, 06:50:44 PM »

Super Dave:

I'm getting a little confused here. I really do appreciate your time and effort in helping me, but where are we going? I keep running all of these scans, but have we learned anything? Originally, my AVG showed the Trojan Horse Agent_r.ATS that is whitelisted. That's what I thought we were trying to eliminate. Are you looking for something else? or are you looking for a method of removing this? Again, I don't want to seem ungrateful, but can you tell me if we ar making progress?
I' going to run this last scan that you suggested....report to follow.

Thanks,
Paulf

paulf · « **Reply #24 on:** February 06, 2012, 07:45:04 PM »

Results of Esatscan---

C:\Documents and Settings\PaulF\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\79b13923-4acf727b   a variant of Java/Exploit.CVE-2011-3544.B trojan   deleted - quarantined
C:\Documents and Settings\PaulF\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\77d810b7-41f56c4c   multiple threats   deleted - quarantined
C:\Documents and Settings\PaulF\AppData\Roaming\Mozilla\Firefox\Profiles\hsm0bft6.default\extensions\{ae3aeb1f-5d7c-43c0-ac66-c6e3b8100bcb}\chrome.manifest   Win32/TrojanDownloader.Tracur.F trojan   cleaned by deleting - quarantined

SuperDave · « **Reply #25 on:** February 07, 2012, 11:10:43 AM »

Quote

I really do appreciate your time and effort in helping me, but where are we going? I keep running all of these scans, but have we learned anything?

I'm trying to make sure your computer is clean.

Quote

Originally, my AVG showed the Trojan Horse Agent_r.ATS that is whitelisted. That's what I thought we were trying to eliminate. Are you looking for something else? or are you looking for a method of removing this? Again, I don't want to seem ungrateful, but can you tell me if we ar making progress?

In all the scans we've run that Trojan didn't pop up. I'm quite sure it's a false-positive from AVG.
I asked you to run ComboFix from Safe Mode but you replied that you can't connect to the internet when in Safe Mode. ComboFix automatically disconnects your computer from the net when it's running. If you have the program on your desktop you should be able to run it.

SuperDave · « **Reply #26 on:** February 07, 2012, 11:17:00 AM »

I just thought of something else we can try. Please download, install and run a full scan with MicroSoft Security Essentials. Please let me know if anything was found.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
Microsoft Security Essentials for Windows XP

paulf · « **Reply #27 on:** February 08, 2012, 03:33:24 PM »

I tried to install msessentials, but I got this message----

Another windows installer is running

But I have nothing else open

SuperDave · « **Reply #28 on:** February 08, 2012, 04:31:58 PM »

Please wait a bit then try it again. One of your other MS programs is using it for updates.

paulf · « **Reply #29 on:** February 08, 2012, 07:11:13 PM »

Super Dave:

I tried several more times, but no luck. However, I did not uninstall my AVG. If I do that, can I get it back?

Thanks

SuperDave · « **Reply #30 on:** February 09, 2012, 12:04:56 PM »

Quote

I tried several more times, but no luck. However, I did not uninstall my AVG. If I do that, can I get it back?

AVG is a resource hog. Here are some other free AV's. I would recommend MSE

Avast! Home Edition

Avira AntiVir Personal
Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
Microsoft Security Essentials for Windows XP
Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Computer Hope Forum

News:

Author Topic: Trojan Horse Agent_r.ATS (Read 33066 times)

paulf

harry 48

SuperDave

paulf

SuperDave

paulf

SuperDave

paulf

SuperDave

paulf

SuperDave

paulf

SuperDave

paulf

SuperDave

paulf

SuperDave

paulf

SuperDave

paulf

SuperDave

paulf

SuperDave

paulf

paulf

SuperDave

SuperDave

paulf

SuperDave

paulf

SuperDave