Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Agent_r.XJ


  • This topic is locked This topic is locked
8 replies to this topic

#1 cflannagan

cflannagan

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 22 January 2011 - 10:37 PM

My wife informed me that AVG 2011 on her computer were reporting some files were infected and were "vaulted". I looked at the message, and it mentioned "Trojan Horse Agent_r.XJ".

My first instinct was to take computer offline - went into our wireless card properties to disable it, but for some reason I could NOT disable it. This was worrying.

I also noticed that I was unable to update AVG 2011 (blocked by the virus/trojan horse?)

I subsequently rebooted computer into safe mode (without networking), and was running MBAM (probably outdated db file by several months; it reported zero infections).

Run AVG in "command line" mode, and it is also reporting "Trojan Horse Agent_r.XJ"

Standing by for instructions.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:51 PM

Posted 22 January 2011 - 10:45 PM

Hello, If it is in the Vault it can no longer harm the PC.
Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
Close all open browsers before using, especially FireFox. <-Important!!!
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cflannagan

cflannagan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 23 January 2011 - 09:50 AM

MBAM (ran in normal Windows mode, not safe mode):

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5576

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/23/2011 9:28:50 AM
mbam-log-2011-01-23 (09-28-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 231187
Time elapsed: 1 hour(s), 0 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And SAS, ran in safe mode:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/23/2011 at 02:53 AM

Application Version : 4.42.1000

Core Rules Database Version : 5476
Trace Rules Database Version: 3288

Scan type       : Complete Scan
Total Scan Time : 03:43:22

Memory items scanned      : 214
Memory threats detected   : 0
Registry items scanned    : 6031
Registry threats detected : 0
File items scanned        : 72192
File threats detected     : 18

Adware.Tracking Cookie
	a.media.abcfamily.go.com [ C:\Documents and Settings\Anita Flannagan\Application Data\Macromedia\Flash Player\#SharedObjects\CN78DPWT ]
	cdn.eyewonder.com [ C:\Documents and Settings\Anita Flannagan\Application Data\Macromedia\Flash Player\#SharedObjects\CN78DPWT ]
	core.insightexpressai.com [ C:\Documents and Settings\Anita Flannagan\Application Data\Macromedia\Flash Player\#SharedObjects\CN78DPWT ]
	ia.media-imdb.com [ C:\Documents and Settings\Anita Flannagan\Application Data\Macromedia\Flash Player\#SharedObjects\CN78DPWT ]
	media.mtvnservices.com [ C:\Documents and Settings\Anita Flannagan\Application Data\Macromedia\Flash Player\#SharedObjects\CN78DPWT ]
	media.scanscout.com [ C:\Documents and Settings\Anita Flannagan\Application Data\Macromedia\Flash Player\#SharedObjects\CN78DPWT ]
	media1.break.com [ C:\Documents and Settings\Anita Flannagan\Application Data\Macromedia\Flash Player\#SharedObjects\CN78DPWT ]
	msnbcmedia.msn.com [ C:\Documents and Settings\Anita Flannagan\Application Data\Macromedia\Flash Player\#SharedObjects\CN78DPWT ]
	s0.2mdn.net [ C:\Documents and Settings\Anita Flannagan\Application Data\Macromedia\Flash Player\#SharedObjects\CN78DPWT ]
	secure-us.imrworldwide.com [ C:\Documents and Settings\Anita Flannagan\Application Data\Macromedia\Flash Player\#SharedObjects\CN78DPWT ]
	serving-sys.com [ C:\Documents and Settings\Anita Flannagan\Application Data\Macromedia\Flash Player\#SharedObjects\CN78DPWT ]
	.avgtechnologies.112.2o7.net [ C:\Documents and Settings\Anita Flannagan\Application Data\Mozilla\Firefox\Profiles\cdakvopw.default\cookies.sqlite ]
	convoad.technoratimedia.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\V3YU5R7K ]
	crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\V3YU5R7K ]
	media.heavy.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\V3YU5R7K ]
	media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\V3YU5R7K ]
	objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\V3YU5R7K ]
	secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\V3YU5R7K ]

I don't think I'm out of the woods yet - I'm getting random Generic Windows Host Process crashes (something that hadn't occured before the reports by AVG2011 of Trojan horse Agent_r.XJ).

Also, when I tried to start a new IE browser session, it created multiple IE browser sessions instead (2 or 3) and one of the browsers took me to a news page, something about whether or not Google is hiring workers (WTF? LOL) and when I tried to close the window, there's weird message, something to the effect of "Are you sure you want to do this? I know that you might want to close this " blah blah etc (not word for word, but you get the idea).

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:51 PM

Posted 23 January 2011 - 10:10 AM

Ok, If they pop up Press CTRL+SHIFT+ESC this brings up Task Manager and you should close them there. Then I suspect a rotkit here.



SysProt AntiRootkit

Please download SysProt.zip ... by swatkat. Save it to your desktop.
Alternate download sites include: Site 1, Site 2, Site 3 and Site 4
If you have a 3rd party "unzipping" program...use it to open the zipped file...then skip to Step 5. Otherwise...
In case you don't have an archive extracter installed already:
Please download 7zip and install the program on your computer

Right click on SysProt.zip and select Extract All....

Click Next on the "Welcome to the Compressed (zipped) Folders Extraction Wizard."

Click on the Browse...button, then click on Desktop, then click OK.

Once done, check (tick) the Show extracted files box and click Finish.

Open the SysProt folder... Double click Sysprot.exe to start the program.

Click on the Log tab.

In the Write to log box... check ALL items... then check Hidden Objects Only at the bottom of the window.

Click the Create Log button... (After a few seconds a new window should appear.)

Select Scan root drive only... then click the Start button, to begin scanning.
When completed, a window appears indicating the scan finished & a log file was successfully created.
The SysProt folder on your desktop, will contain the scan results file named SysProtLog.txt.

Please copy and paste the contents of SysProtLog.txt into your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 cflannagan

cflannagan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 23 January 2011 - 10:52 AM

In normal windows mode, or safe mode?

I'm doing it in normal mode right now - let me know if I was supposed to do it in safe mode.

BTW, when I clicked on "Create Log" button, SysProt keep trying to access drive A: (I do not have one), only have a CD-ROM drive, had to "X" the window 4 times before it would proceed

#6 cflannagan

cflannagan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 23 January 2011 - 10:55 AM

Here's the results:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AF544000
Module End: AF55C000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA624000
Module End: BA626000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwOpenProcess
Address: BA23A6C0
Driver Base: BA238000
Driver End: BA242000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwTerminateProcess
Address: B594C620
Driver Base: B5942000
Driver End: B5964000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

Function Name: ZwTerminateThread
Address: BA23A810
Driver Base: BA238000
Driver End: BA242000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwWriteVirtualMemory
Address: BA23A8B0
Driver Base: BA238000
Driver End: BA242000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: COOLMASTER.HOME:1897
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1895
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1893
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1891
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1889
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1888
Remote Address: BID.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1886
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1883
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1881
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1880
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1877
Remote Address: 63.116.166.98:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1876
Remote Address: 63.116.166.97:HTTP
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1873
Remote Address: EC2-174-129-29-218.COMPUTE-1.AMAZONAWS.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1870
Remote Address: AD-DC6.MEDIAPLEX.COM:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1868
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1866
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1864
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1862
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1860
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1859
Remote Address: BID.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1857
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1854
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1852
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1851
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1848
Remote Address: EC2-174-129-29-218.COMPUTE-1.AMAZONAWS.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1844
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1842
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1840
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1836
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1834
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1833
Remote Address: BID.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1831
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1829
Remote Address: A96-17-86-8.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1828
Remote Address: A96-17-86-8.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1826
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1824
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1823
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1820
Remote Address: EC2-174-129-29-218.COMPUTE-1.AMAZONAWS.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1818
Remote Address: IMG-DC6.MEDIAPLEX.COM:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1815
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1813
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1812
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1811
Remote Address: 63.116.166.107:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1809
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1805
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1801
Remote Address: BID.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1799
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1795
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1782
Remote Address: ENTERPRISE.XV.DC.OPENX.ORG:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COOLMASTER.HOME:1566
Remote Address: .:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1542
Remote Address: 63.116.166.91:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1539
Remote Address: 63.116.246.57:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1534
Remote Address: 63.116.246.82:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1367
Remote Address: GX-IN-F101.1E100.NET:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1358
Remote Address: MEDIA.SNV.VCMEDIA.COM:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1350
Remote Address: 63.116.166.88:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1320
Remote Address: .:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1315
Remote Address: MEDIA.SNV.VCMEDIA.COM:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1306
Remote Address: 63.116.246.57:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1291
Remote Address: 63.116.166.35:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1288
Remote Address: 63.116.246.82:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1284
Remote Address: 63.116.246.65:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COOLMASTER.HOME:1251
Remote Address: IP-91-212-226-6.SERVER.LU:HTTPS
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: CLOSE_WAIT

Local Address: COOLMASTER.HOME:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COOLMASTER:27015
Remote Address: LOCALHOST:1029
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: COOLMASTER:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: LISTENING

Local Address: COOLMASTER:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: COOLMASTER:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: COOLMASTER:1055
Remote Address: LOCALHOST:1054
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COOLMASTER:1054
Remote Address: LOCALHOST:1055
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COOLMASTER:1050
Remote Address: LOCALHOST:1049
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COOLMASTER:1049
Remote Address: LOCALHOST:1050
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COOLMASTER:1038
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: COOLMASTER:1029
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: COOLMASTER:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COOLMASTER:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: COOLMASTER.HOME:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: COOLMASTER.HOME:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COOLMASTER.HOME:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: COOLMASTER.HOME:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: COOLMASTER.HOME:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COOLMASTER:21761
Remote Address: NA
Type: UDP
Process: C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
State: NA

Local Address: COOLMASTER:9977
Remote Address: NA
Type: UDP
Process: C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
State: NA

Local Address: COOLMASTER:9877
Remote Address: NA
Type: UDP
Process: C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
State: NA

Local Address: COOLMASTER:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COOLMASTER:1257
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COOLMASTER:1042
Remote Address: NA
Type: UDP
Process: C:\Program Files\Secunia\PSI\psi.exe
State: NA

Local Address: COOLMASTER:1031
Remote Address: NA
Type: UDP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: NA

Local Address: COOLMASTER:1030
Remote Address: NA
Type: UDP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: NA

Local Address: COOLMASTER:1028
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: NA

Local Address: COOLMASTER:1027
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
State: NA

Local Address: COOLMASTER:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\D-Link\D-Link DWA-552 Xtreme N Desktop Adapter\acs.exe
State: NA

Local Address: COOLMASTER:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COOLMASTER:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: COOLMASTER:1032
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: COOLMASTER:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: COOLMASTER:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\1SS39XWX\CA470FYN.html&title=Obama%20tells%20Leno%20he%20was%20stunned%20by%20AIG%20bonuses%20-%20Sacramento%20Politics%20-%20California%20Politics%20%7C%20
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\1SS39XWX\group;cid=39875;pgtype=groups;us=uru;tp=comm;tp=fun_and_entertainment;tp=home_and_hobbies;tp=tween_and_teen;comm=big_kid;!c=comm;sz=300x250;tile=2;
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\1SS39XWX\Local;dcove=d;pl=sectfront;lvl6=OurRegion;loc=ats;pos=BDGE01;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=146x60,120x60;tile=6;ord=120672019077
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\1SS39XWX\P0994;ab=nil;gb=0;hb=0;gc=US;gs=nil;gd=nil;tods=nil;tode=nil;tf=nil;tp=nil;dow=nil;atf=0;cg=30;af=Standard;il=2335;sz=728x90;tile=1;u=il-2335_ID-[2
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\1SS39XWX\Type=click&FlightID=183182&AdID=280460&TargetID=17116&Segments=657,2743,3030,3285,4008,6298,7842,8463,8796,8806,8855,9496,9779,9781,9784,9853,10377
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\1SS39XWX\Type=click&FlightID=183188&AdID=258353&TargetID=16955&Segments=2619,2743,3030,3285,3800,4008,5045,5180,5380,6298,8463,8796,8836,9496,9770,9779,9781
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\1SS39XWX\Type=click&FlightID=203815&AdID=284594&TargetID=913&Segments=730,2259,2401,2743,3030,3285,3744,3800,4635,6298,7215,8260,8463,8796,9496,9779,9781,98
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\2TFODWRY\activity;src=1770367;met=1;v=1;pid=34820977;aid=213308643;ko=0;cid=30795432;rid=30813308;rv=1;&timestamp=1238551967634;eid1=2;ecn1=0;etm1=120;&_dc_
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\2TFODWRY\click,5jBaABOUAwDnzhoAKj0JAAAAEAAAAAIAAwAFCQIABgL3QQsA3D0NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJphwkkAAAAA,http%3A%2F%2Fpn1.ard.yahoo.com%2FSIG%3D163gb
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\2TFODWRY\click,VaUDAIL5BwBvPB0AimgJAAIAElQAAP8AAAAGCAIADwKMrgEAynoNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALGkw0kAAAAA,http%3A%2F%2Fus.ard.yahoo[2].rand%3D0pd0qftn
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\2TFODWRY\jzLB6xm465OdOniscnI4cu_JcPj912jmGn4-o39Z3qsY9FQQjcvk4gE59kHc5bub6Qb6R8DjcPRmWM0w0lMU-jamXs1aehYvnqd6avfPz0450ctBiGbKEKHhZuvlPru7IIBiSSMkvvlLlIerAlX
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\2TFODWRY\Local;dcove=d;pl=sectfront;lvl6=OurRegion;loc=ats;pos=BDGE02;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=146x60,120x60;tile=7;ord=120672019077
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\2TFODWRY\o_EAU79gA0ZfAit_TLhfekghaXy28R7FGn4-o39Z3qsY9FQQjcvk4gE59kHc5bub6Qb6R8DjcPRmWM0w0lMU-jamXs1aehYvxtmZqLuWzII2syLF_u3pnMmL0PoJGO_TJOZ7DqoPS9UCnCKCayo
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\2TFODWRY\Type=click&FlightID=195071&AdID=268853&TargetID=913&Segments=730,2259,2401,2743,3030,3285,3744,3800,4635,6298,7215,8463,8788,8796,9496,9779,9781,98
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\2TFODWRY\v=5%3Bm=2%3Bl=2355%3Bc=7238%3Bb=32648%3Bp=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3Btr%3DFLhe4FN6CG4%3Btm%3D0-0%3Bts=20090319155546%3Bdct=;or
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\2TFODWRY\v=5;m=2;l=3081;cxt=30000117_1164602-30000117_1164602-30000117_1164378-10000150_1164377-10000129_1164380-90000118_1164376;kw=;ts=894089;smuid=CTIsYu
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\2TFODWRY\_HomePage;dcopt=ist;dcove=d;pl=homepage;lvl6=SacbeeFront;loc=ats;pos=BILLBO;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=972x30;tile=1;ord=6689
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\2TFODWRY\_HomePage;dcove=d;pl=homepage;lvl6=SacbeeFront;loc=ats;pos=LDRB01;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=728x90;tile=7;ord=84616449126039
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\416RKPUJ\activity;src=911025;met=1;v=1;pid=31536383;aid=213113075;ko=0;cid=30808936;rid=30826812;rv=1;&timestamp=1238467989494;eid1=2;ecn1=0;etm1=10;&_dc_ck
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\416RKPUJ\click,VaUDAP37BwA0DhoAl4IIAAAADlQAAA8AAgABEQIABgOMrgEAyuoMAM0qDAAAAAAAAAAAAAAAAAAAAAAAAAAAAOXNxkkAAAAA,http%3A%2F%2Fus.ard.yahoo[2].rand%3D51263801
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\416RKPUJ\group;cid=39875;pgtype=groups;us=uru;tp=comm;tp=fun_and_entertainment;tp=home_and_hobbies;tp=tween_and_teen;comm=big_kid;!c=comm;sz=728x90;tile=1;o
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\416RKPUJ\group;cid=39875;pgtype=post;us=uru;tp=comm;tp=fun_and_entertainment;tp=home_and_hobbies;tp=tween_and_teen;comm=big_kid;!c=comm;sz=728x90;tile=1;ord
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XAPMH05\activity;src=1770367;met=1;v=1;pid=34820977;aid=213308643;ko=0;cid=30795432;rid=30813308;rv=1;&timestamp=1238551737634;eid1=2;ecn1=1;etm1=6;&_dc_ck
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XAPMH05\activity;src=911025;met=1;v=1;pid=31536383;aid=213113075;ko=0;cid=30808936;rid=30826812;rv=1;&timestamp=1238467979494;eid1=2;ecn1=1;etm1=10;&_dc_ck
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XAPMH05\click,5jBaABOUAwDnzhoAhzAJAAAADAAAAAAAAgAFCQIABgL3QQsA5ywNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGlhwkkAAAAA,http%3A%2F%2Fpn1.ard.yahoo.com%2FSIG%3D1636u
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XAPMH05\group;cid=39875;pgtype=groups;us=uru;tp=comm;tp=fun_and_entertainment;tp=home_and_hobbies;tp=tween_and_teen;comm=big_kid;!c=comm;sz=728x90;tile=1;o
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XAPMH05\Type=click&FlightID=183240&AdID=278122&TargetID=32172&Segments=657,2259,2401,2743,3030,3285,3744,3800,4008,4635,6298,7215,8463,8796,8857,9496,9779,
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XAPMH05\v=5%3Bm=2%3Bl=3081%3Bc=7239%3Bb=32666%3Bp=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3Btr%3DHUv6vcIwtmr%3Btm%3D0-0%3Bts=20090328232446%3Bdct=;or
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XAPMH05\v=5%3Bm=2%3Bl=971%3Bc=3360%3Bb=12864%3Bp=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3Btr%3DHGtlRBILIzC%3Btm%3D0-0%3Bts=20090318105259%3Bdct=;ord
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XAPMH05\v=5;m=2;l=2357;cxt=20000452_1161558;kw=;ts=677971;smuid=CTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi;p=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3B
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XAPMH05\women;sz=300x250;s=223;s=48;s=20;s=176;s=140;s=56;s=12;s=232;s=92;s=49;s=156;s=128;s=55;s=23;s=3;s=1;s=22;s=34;s=29;s=11;s=69;s=52;s=147;s=5;s=27;s
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XAPMH05\_HomePage;dcove=d;pl=homepage;lvl6=SacbeeFront;loc=ats;pos=NTL1;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=146x60,120x60;tile=5;ord=846164491
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XYB4PMJ\activity;src=951243;met=1;v=1;pid=33985523;aid=212582633;ko=0;cid=30539581;rid=30557458;rv=1;&timestamp=1237473049090;eid1=2;ecn1=1;etm1=3;eid2=3;e
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XYB4PMJ\activity;src=951243;met=1;v=1;pid=33985523;aid=212582633;ko=0;cid=30539581;rid=30557458;rv=1;&timestamp=1237473051418;eid1=2;ecn1=0;etm1=3;&_dc_ck=
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XYB4PMJ\activity;src=951243;met=1;v=1;pid=33985523;aid=212582633;ko=0;cid=30539581;rid=30557458;rv=1;&timestamp=1237492543652;eid1=2;ecn1=1;etm1=9;&_dc_ck=
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XYB4PMJ\E_dWFj0HJQZ4ljM1UVy-vUghaXy28R7FGn4-o39Z3qsY9FQQjcvk4gE59kHc5bub6Qb6R8DjcPRmWM0w0lMU-jamXs1aehYvFjq1gmkxFOs3qx807Kj6L8mL0PoJGO_TJOZ7DqoPS9X4a82E8Hf
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XYB4PMJ\group;cid=39875;pgtype=groups;us=uru;tp=comm;tp=fun_and_entertainment;tp=home_and_hobbies;tp=tween_and_teen;comm=big_kid;!c=comm;sz=300x250;tile=2;
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XYB4PMJ\group;cid=39875;pgtype=groups;us=uru;tp=comm;tp=fun_and_entertainment;tp=home_and_hobbies;tp=tween_and_teen;comm=big_kid;!c=comm;sz=300x250;tile=2;
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XYB4PMJ\group;cid=39875;pgtype=post;us=uru;tp=comm;tp=fun_and_entertainment;tp=home_and_hobbies;tp=tween_and_teen;comm=big_kid;!c=comm;sz=300x250;tile=3;or
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XYB4PMJ\Type=click&FlightID=199868&AdID=276264&TargetID=58517&Segments=730,2592,2743,3030,3285,6298,8463,8796,9496,9779,9781,9853,10381,13153,16113,18517,1
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\4XYB4PMJ\Type=click&FlightID=201896&AdID=277284&TargetID=58177&Segments=730,2743,3030,3285,6298,8463,8796,9496,9779,9781,9853,10381,14888,14997,15581,16113,
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\6FEH0LEZ\44NbUreZYo6tKffoyvSRuUghaXy28R7FGn4-o39Z3qsY9FQQjcvk4gE59kHc5bub6Qb6R8DjcPRmWM0w0lMU-jamXs1aehYvPZlaVRQeGoFgpqDGKtalG8mL0PoJGO_TJOZ7DqoPS9VJrfI9F9W
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\6FEH0LEZ\click,5jBaABOUAwDnzhoAKz0JAAAACAAAAAIAAQAFCQIABgL3QQsA3T0NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGNhwkkAAAAA,http%3A%2F%2Fpn1.ard.yahoo.com%2FSIG%3D165db
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\6FEH0LEZ\click,5jBaABOUAwDnzhoALT0JAAIAAAAAAP8AAAAFCQIABgL3QQsA3z0NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADthwkkAAAAA,http%3A%2F%2Fpn1.ard.yahoo.com%2FSIG%3D165fo
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\6FEH0LEZ\Local;dcove=d;pl=sectfront;lvl6=OurRegion;loc=ats;pos=NTL1;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=146x60,120x60;tile=2;ord=12067201907705
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\6FEH0LEZ\Type=click&FlightID=195322&AdID=278178&TargetID=1435&Segments=730,2259,2401,2720,2743,3030,3285,3744,3800,4635,6089,6298,7215,8260,8463,8796,9496,9
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\6FEH0LEZ\Type=click&FlightID=204193&AdID=282012&TargetID=24356&Segments=660,2276,2399,2743,3030,3285,3800,4008,4634,5045,5340,6298,8463,8796,9496,10373,1309
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\6FEH0LEZ\v=5;m=2;l=971;cxt=10000150_1161899;kw=;ts=876851;smuid=CTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi;p=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3Bt
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\6FEH0LEZ\yUc-wCVVDSidPhjXarqlEe_JcPj912jmGn4-o39Z3qsY9FQQjcvk4gE59kHc5bub6Qb6R8DjcPRmWM0w0lMU-jamXs1aehYvR8kWRz1XwuqnF6MZn9TysKHhZuvlPru7IIBiSSMkvvnDNwElmlB
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\6FEH0LEZ\_HomePage;dcopt=ist;dcove=d;pl=homepage;lvl6=SacbeeFront;loc=ats;pos=BILLBO;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=972x30;tile=1;ord=8455
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\6FEH0LEZ\_HomePage;dcove=d;pl=homepage;lvl6=SacbeeFront;loc=ats;pos=BDGE01;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=146x60,120x60;tile=4;ord=6689333
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\749EE7M8\gTZ27E4jKB-RwW_mtAspvkghaXy28R7FGn4-o39Z3qsY9FQQjcvk4gE59kHc5bub6Qb6R8DjcPRmWM0w0lMU-jamXs1aehYvh9y2XOZbonnVRv9R4fFZscmL0PoJGO_TJOZ7DqoPS9W665aaBC0
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\749EE7M8\v=5;m=3;l=2355;c=7238;b=32647;ts=20090322144051;p=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3Btr%3DFZJbMZt61j6%3Btm%3D0-0;cxt=99004712_1167749-
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\749EE7M8\yUc-wCVVDShfEThRahojQO_JcPj912jmGn4-o39Z3qsY9FQQjcvk4gE59kHc5bub6Qb6R8DjcPRmWM0w0lMU-jamXs1aehYvR8kWRz1XwuqnF6MZn9TysKHhZuvlPru7IIBiSSMkvvnDNwElmlB
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\749EE7M8\_HomePage;dcove=d;pl=homepage;lvl6=SacbeeFront;loc=ats;pos=LDRB01;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=728x90;tile=7;ord=66893336385337
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\749EE7M8\_HomePage;dcove=d;pl=homepage;lvl6=SacbeeFront;loc=ats;pos=NTL1;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=146x60,120x60;tile=5;ord=845591914
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\BZ5BZ9O8\activity;src=1770367;met=1;v=1;pid=34820977;aid=213308643;ko=0;cid=30795432;rid=30813308;rv=1;&timestamp=1238551777634;eid1=2;ecn1=0;etm1=30;&_dc_c
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\BZ5BZ9O8\activity;src=2004590;met=1;v=1;pid=32269489;aid=212067736;ko=0;cid=30829938;rid=30847814;rv=1;&timestamp=1238423230572;eid1=2;ecn1=1;etm1=10;&_dc_c
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\BZ5BZ9O8\adlink%2F5113%2F485371%2F0%2F5%2FAdId%3D257249%3BBnId%3D1%3Bitime%3D424486932%3Bkvmn%3D93245511%3Bkvtid%3D14rvg4v1913vb8%3Bkvseg%3D99999%3A50154%3A
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\BZ5BZ9O8\Type=click&FlightID=183237&AdID=277239&TargetID=17116&Segments=657,2743,3030,3285,4008,6298,7842,8463,8796,8806,8855,9496,9779,9781,9784,9853,10377
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\KJ3BQSXL\1375629126@PageCounter,HeaderSpon,WindowShade,WxSpon,PageSpon,PageSpon2,PdSearch,PageSpon3,PageSpon4,PList1,PList2,PList3,PList4,PList5,PList6,Hidd
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\KJ3BQSXL\activity;src=2004590;met=1;v=1;pid=32269489;aid=212067736;ko=0;cid=30829938;rid=30847814;rv=1;&timestamp=1238423240572;eid1=2;ecn1=0;etm1=10;&_dc_c
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\KJ3BQSXL\group;cid=39875;pgtype=groups;us=uru;tp=comm;tp=fun_and_entertainment;tp=home_and_hobbies;tp=tween_and_teen;comm=big_kid;!c=comm;sz=728x90;tile=1;o
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\KRSFAN8P\nH8QOPmAicx0tWF1LjFHTO_JcPj912jmGn4-o39Z3qsY9FQQjcvk4gE59kHc5bub6Qb6R8DjcPRmWM0w0lMU-jamXs1aehYv0Zu9L5UWwhFevqT8plOHnqHhZuvlPru7IIBiSSMkvvnbLL8zTzd
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\KRSFAN8P\Type=click&FlightID=195322&AdID=278178&TargetID=1435&Segments=730,2259,2401,2720,2743,3030,3285,3744,3800,4635,6298,7215,8463,8796,9496,9779,9781,9
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\KRSFAN8P\v=5;m=3;l=971;c=6460;b=31068;ts=20090318105307;p=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3Btr%3DDB7SPJnw2bj%3Btm%3D0-0;cxt=10000150_1161899[1
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\KRSFAN8P\_HomePage;dcove=d;pl=homepage;lvl6=SacbeeFront;loc=ats;pos=BDGE01;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=146x60,120x60;tile=4;ord=8455919
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\OLQR8L2Z\ra=PE25Q6CLD139L22MYMFKLB9VCB76O8HB&sessioncookie=QMJH2S6NKO2V0UWDT64HC2TB3PPH8ZQ7&cookie=U8FDVEZ9FONLDIQ9J6IM0E3QQR7VFA8C&browsertok[1].com%2F&scr
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\OLQR8L2Z\science_fiction_fantasy;sz=300x250;s=48;s=176;s=140;s=12;s=92;s=49;s=220;s=156;s=128;s=55;s=3;s=1;s=221;s=29;s=69;s=52;s=27;s=219;s=172;s=32;s=163;
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\OLQR8L2Z\v=5;m=2;l=2355;cxt=10000150_0;kw=;ts=609393;smuid=CTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi;p=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3Btr%3DF
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\OLQR8L2Z\v=5;m=2;l=2357;cxt=10000150_0;kw=;ts=760652;smuid=CTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi;p=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3Btr%3DB
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\OLQR8L2Z\v=5;m=2;l=2922;cxt=;kw=;ts=875206;smuid=CTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi;p=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3Btr%3DFvL8tZPb31B
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\OLQR8L2Z\v=5;m=3;l=3081;c=7239;b=32666;ts=20090328232446;p=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3Btr%3DHUv6vcIwtmr%3Btm%3D0-0;cxt=30000117_1178121-
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\OLQR8L2Z\_HomePage;dcove=d;pl=homepage;lvl6=SacbeeFront;loc=ats;pos=MREC01;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=300x250;tile=3;ord=8461644912603
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\OPUF81ER\group;cid=39875;pgtype=groups;us=uru;tp=comm;tp=fun_and_entertainment;tp=home_and_hobbies;tp=tween_and_teen;comm=big_kid;!c=comm;sz=300x250;tile=2;
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\OPUF81ER\group;cid=39875;pgtype=post;us=uru;tp=comm;tp=fun_and_entertainment;tp=home_and_hobbies;tp=tween_and_teen;comm=big_kid;!c=comm;sz=728x90;tile=1;ord
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\OPUF81ER\nH8QOPmAicyO79qahhPmUe_JcPj912jmGn4-o39Z3qsY9FQQjcvk4gE59kHc5bub6Qb6R8DjcPRmWM0w0lMU-jamXs1aehYv0Zu9L5UWwhFevqT8plOHnqHhZuvlPru7IIBiSSMkvvnbLL8zTzd
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\OPUF81ER\PIA9jFbysANfHpR4CDOLhjLwt3bND8ObnaEFmo25CwPMWuC092oFPd9VP4u5WBkyIJaOYSTPPprW48BDzSjIvNivAvYAgDn9LYg0jDplXcKCO2UDRfnAQgHLF6oBffCSRql__-mk0sCl8W9Tqg6
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\OPUF81ER\Type=click&FlightID=183239&AdID=278121&TargetID=16955&Segments=657,2619,2743,3030,3285,3800,4008,5045,5180,5380,6298,8463,8796,8855,9496,9770,9779,
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\OPUF81ER\Type=click&FlightID=184648&AdID=280463&TargetID=16955&Segments=657,2619,2743,3030,3285,3800,4008,5045,5180,5380,6298,8463,8796,8855,9496,9770,9779,
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\OPUF81ER\v=5;m=3;l=2355;c=7238;b=32647;ts=20090320105150;p=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3Btr%3DFgYbykqvgtf%3Btm%3D0-0;cxt=10000150_1165336-
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\OPUF81ER\_HomePage;dcove=d;pl=homepage;lvl6=SacbeeFront;loc=ats;pos=LDRB01;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=728x90;tile=7;ord=84559191477114
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\RG64IPXI\activity;src=1770367;met=1;v=1;pid=34820977;aid=213308643;ko=0;cid=30795432;rid=30813308;rv=1;&timestamp=1238551747634;eid1=2;ecn1=0;etm1=10;&_dc_c
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\RG64IPXI\activity;src=1770367;met=1;v=1;pid=34820977;aid=213308643;ko=0;cid=30795432;rid=30813308;rv=1;&timestamp=1238551847634;eid1=2;ecn1=0;etm1=70;&_dc_c
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\RG64IPXI\click,VaUDAP37BwA0DhoAl4IIAAAADlQAAA8AAgAFEwIABgOMrgEAyuoMAM0qDAAAAAAAAAAAAAAAAAAAAAAAAAAAAFL1wkkAAAAA,http%3A%2F%2Fus.ard.yahoo[2].rand%3D31187502
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\RG64IPXI\Type=click&FlightID=195322&AdID=278178&TargetID=1435&Segments=730,2259,2401,2720,2743,3030,3285,3744,3800,4635,6089,6298,7215,8463,8796,9496,9779,9
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\RG64IPXI\Type=click&FlightID=195323&AdID=278179&TargetID=1434&Segments=730,2274,2607,2690,2719,2743,3030,3229,3285,4898,6298,8463,8796,9496,9779,9781,9853,1
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\RG64IPXI\v=5%3Bm=2%3Bl=2357%3Bc=7069%3Bb=32001%3Bp=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3Btr%3DDRftrEWaMlL%3Btm%3D0-0%3Bts=20090319191954%3Bdct=;or
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\RG64IPXI\v=5%3Bm=2%3Bl=2922%3Bc=6338%3Bb=28187%3Bp=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3Btr%3DFvL8tZPb31B%3Btm%3D0-0%3Bts=20090320105420%3Bdct=;or
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\RG64IPXI\v=5;m=2;l=2355;cxt=10000150_0;kw=;ts=844860;smuid=CTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi;p=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3Btr%3DF
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\RG64IPXI\_HomePage;dcove=d;pl=homepage;lvl6=SacbeeFront;loc=ats;pos=NTL1;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=146x60,120x60;tile=5;ord=668933363
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\SLMJ4P63\activity;src=911025;met=1;v=1;pid=31536383;aid=213113068;ko=0;cid=30809010;rid=30826886;rv=1;&timestamp=1238467981619;eid1=2;ecn1=0;etm1=9;&_dc_ck=
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\SLMJ4P63\click,VaUDAAr5BwB7LRgAFu8HAAAAPlQAAA8AAgAECgIAAgO9uQ0ATysJAABzCwAAAAAAAAAAAAAAAAAAAAAAAAAAADhcykkAAAAA,http%3A%2F%2Fus.ard.yahoo[2].rand%3Dal8vneei
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\SLMJ4P63\click,VaUDAIL5BwBvPB0AimgJAAAAKlQAAAEABAAGCAIADwKMrgEAynoNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMekw0kAAAAA,http%3A%2F%2Fus.ard.yahoo[2].rand%3D20157645
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\SLMJ4P63\click,VaUDAJr3BwBWJRwAbFoIAAAAAlQAAA4AAwAFCQIADwKMrgEAcfALAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVewkkAAAAA,http%3A%2F%2Fus.ard.yahoo.com%2FSIG%3D15o7hj
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\SLMJ4P63\group;cid=39875;pgtype=post;us=uru;tp=comm;tp=fun_and_entertainment;tp=home_and_hobbies;tp=tween_and_teen;comm=big_kid;!c=comm;sz=160x600;tile=2;or
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\SLMJ4P63\Type=click&FlightID=204193&AdID=282012&TargetID=24356&Segments=857,2276,2399,2743,3030,3285,3800,4008,4634,5045,5340,6298,8463,8796,9496,9779,9781,
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\SLMJ4P63\v=5;m=3;l=2357;c=7069;b=32001;ts=20090319191954;p=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3Btr%3DDRftrEWaMlL%3Btm%3D0-0;cxt=20000452_1161558[
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\SROJW7Y7\activity;src=2004590;met=1;v=1;pid=32269489;aid=212067736;ko=0;cid=30829938;rid=30847814;rv=1;&timestamp=1238423270572;eid1=2;ecn1=0;etm1=30;&_dc_c
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\SROJW7Y7\Local;dcopt=ist;dcove=d;pl=sectfront;lvl6=OurRegion;loc=ats;pos=NTL2;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=728x90;tile=1;ord=12067201907
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\SROJW7Y7\science_fiction_fantasy;sz=728x90;s=48;s=176;s=140;s=12;s=92;s=49;s=220;s=156;s=128;s=55;s=3;s=1;s=221;s=29;s=69;s=52;s=27;s=219;s=172;s=32;s=163;s
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\SROJW7Y7\v=5%3Bm=2%3Bl=2357%3Bc=7238%3Bb=32650%3Bp=ui%3DCTIsYuZUJpwzyQAZ29PALZ5UV1R0F_YTNVZl3fPi%3Btr%3DBlOT6bqkhXd%3Btm%3D0-0%3Bts=20090319155546%3Bdct=;or
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\SROJW7Y7\_HomePage;dcove=d;pl=homepage;lvl6=SacbeeFront;loc=ats;pos=BDGE01;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=146x60,120x60;tile=4;ord=8461644
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\SROJW7Y7\_HomePage;dcove=d;pl=homepage;lvl6=SacbeeFront;loc=ats;pos=MREC01;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=300x250;tile=3;ord=6689333638533
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\SROJW7Y7\_HomePage;dcove=d;pl=homepage;lvl6=SacbeeFront;loc=ats;pos=MREC01;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=300x250;tile=3;ord=8455919147711
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\WDYB8DE7\activity;src=911025;met=1;v=1;pid=31536383;aid=213113068;ko=0;cid=30809010;rid=30826886;rv=1;&timestamp=1238467991603;eid1=2;ecn1=0;etm1=10;&_dc_ck
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\WDYB8DE7\activity;src=951243;met=1;v=1;pid=33985523;aid=212582633;ko=0;cid=30539581;rid=30557458;rv=1;&timestamp=1237513580105;eid1=2;ecn1=1;etm1=9;&_dc_ck=
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\WDYB8DE7\click,VaUDAIL5BwBvPB0AimgJAAAAHlQAAAAAAgAGCAIADwKMrgEAynoNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALakw0kAAAAA,http%3A%2F%2Fus.ard.yahoo[2].rand%3D13958117
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\WDYB8DE7\group;cid=39875;pgtype=post;us=uru;tp=comm;tp=fun_and_entertainment;tp=home_and_hobbies;tp=tween_and_teen;comm=big_kid;!c=comm;sz=160x600;tile=2;or
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\WDYB8DE7\Type=click&FlightID=195072&AdID=268854&TargetID=31334&Segments=657,2259,2401,2743,3030,3285,3744,3800,4008,4635,6089,6298,7215,8260,8463,8796,8857,
Status: Hidden

Object: C:\Documents and Settings\Anita Flannagan\Local Settings\temp\Temporary Internet Files\Content.IE5\WDYB8DE7\_HomePage;dcopt=ist;dcove=d;pl=homepage;lvl6=SacbeeFront;loc=ats;pos=BILLBO;reg=1;is=Staff_Exclude;is=not_pc;is=logged_in;sz=972x30;tile=1;ord=8461
Status: Hidden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{1EEDEC95-55DE-4CBD-AB21-5139E3FD605C}
Status: Access denied


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:51 PM

Posted 23 January 2011 - 01:06 PM

OK,these are not the results I expected. This is a newer malware and I think it best if we post a new set pf logs and have our Malware removal team get this out safely.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip Gmer and post the SysProt AntiRootkit log you posted earlier.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 cflannagan

cflannagan
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 23 January 2011 - 01:55 PM

Done, posted there (url: http://www.bleepingcomputer.com/forums/topic375257.html )

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:51 PM

Posted 23 January 2011 - 03:33 PM

Thank you.
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users