Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TROJ_SPNR.03D411 Infection


  • Please log in to reply
9 replies to this topic

#1 cativo

cativo

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 27 March 2012 - 01:38 PM

Been getting infection warnings of TROJ_SPNR.03D411 malware from Tend Micro OfficeScan consistently for a few weeks now. Trend Micro cleans the infection but it constantly returns. Can't actually find any infected files/processes (possible rootkit?) Ran Malwarebytes but it only found 3 registry issues which was repaired:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702


Protection: Enabled

3/26/2012 10:45:52 PM
mbam-log-2012-03-26 (22-45-52).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 444887
Time elapsed: 2 hour(s), 21 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:58 PM

Posted 27 March 2012 - 01:49 PM

Hello and welcome. I moved this to the Am I Infected forum. lets take another look.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.




>>>
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cativo

cativo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 27 March 2012 - 05:33 PM

Thank you for your help boopme!

Here are the logs:


MiniToolBox by Farbar Version: 18-01-2012
Ran by (administrator) on 27-03-2012 at 13:27:30
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: proxy.etn.com:8080

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.backup.ftp", "proxy.etn.com"
"network.proxy.backup.ftp_port", 8080
"network.proxy.backup.gopher", "proxy.etn.com"
"network.proxy.backup.gopher_port", 8080
"network.proxy.backup.socks", "proxy.etn.com"
"network.proxy.backup.socks_port", 8080
"network.proxy.backup.ssl", "proxy.etn.com"
"network.proxy.backup.ssl_port", 8080
"network.proxy.ftp", "proxy.etn.com"
"network.proxy.ftp_port", 8080
"network.proxy.gopher", "proxy.etn.com"
"network.proxy.gopher_port", 8080
"network.proxy.http", "proxy.etn.com"
"network.proxy.http_port", 8080
"network.proxy.no_proxies_on", "connect.eaton.com,*tnv.com,*lmtas.com,htgapp*.dana.com,htgweb.vpn.dana.com,*.homeheartbeat.com,portal.pw.utc.com,business.isabel.be,*.corp.moeller.net,intranet.moeller.net,mis.moeller.net,wtt.moeller.net,was.moeller.net,ctx.moeller.net,yambs.moeller.net,crm.moeller.cz,vip.moeller.net,tintranet.moeller.net,statistik.moeller.net,www.moeller.net,legolas.moeller*cz.com,127*,255.*,192.168.*,198.151.185.90,192.251.51.118,192.149.86.0,198.147.174*,207.24.213*,206.18.202.35,209.195.147.53,209.195.147.57,209.195.147.60,162.74.90.10,162.74.22.196,162.74.80.200,193.228.200*,192.127.220.100,192.127.44.75,ecm.aero.bombardier.net,ecs.aero.bombardier.net,ecs2.aero.bombardier.net,ecs6.aero.bombardier.net,*.mau.dana.com,*.vpn.dana.com,*.wdl.dana.com,nacitrix.dana.com,*etn.com,www.eaton.com,www.eatonelectrical.com,wtt.moeller.net,151.x.*,x.x.*,166.99.*,172.16.*,172.17.*,172.18.*,172.19.*,172.20.*,172.21.*,172.22.*,172.23.*,172.24.*,172.25.*,172.26.*,172.27.*,172.28.*,172.29.*,172.30.*,172.31.*,10.*,localhost,127.0.0.1"
"network.proxy.share_proxy_settings", true
"network.proxy.socks", "proxy.etn.com"
"network.proxy.socks_port", 8080
"network.proxy.ssl", "proxy.etn.com"
"network.proxy.ssl_port", 8080

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® WiFi Link 5300 AGN = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Intel® 82567LM Gigabit Network Connection = Local Area Connection (Media disconnected)
Bluetooth LAN Access Server Driver = Local Area Connection 5 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Network Connect Adapter"

set address name="Network Connect Adapter" source=dhcp
set dns name="Network Connect Adapter" source=dhcp register=PRIMARY
set wins name="Network Connect Adapter" source=dhcp

# Interface IP Configuration for "Local Area Connection 5"

set address name="Local Area Connection 5" source=dhcp
set dns name="Local Area Connection 5" source=dhcp register=PRIMARY
set wins name="Local Area Connection 5" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : COSCAWHP45xxxxx Primary Dns Suffix . . . . . . . : napa.ad.etn.com Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : napa.ad.etn.com napa.ad.etn.com ad.etn.com etn.comEthernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : napa.ad.etn.com Description . . . . . . . . . . . : Intel® WiFi Link 5300 AGN Physical Address. . . . . . . . . : 00-21-xx-xx-xx-xx Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.x.x.x Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.225.55.1 DHCP Server . . . . . . . . . . . : 151.x.x.x DNS Servers . . . . . . . . . . . : 151.x.x.x 151.x.x.x Primary WINS Server . . . . . . . : 151.x.x.x Secondary WINS Server . . . . . . : 151.x.x.x Lease Obtained. . . . . . . . . . : Tuesday, March 27, 2012 10:35:24 AM Lease Expires . . . . . . . . . . : Wednesday, March 28, 2012 10:35:24 AMEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Intel® 82567LM Gigabit Network Connection Physical Address. . . . . . . . . : D8-D3-85-3A-19-20Ethernet adapter Network Connect Adapter: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Juniper Network Connect Virtual Adapter Physical Address. . . . . . . . . : 00-FF-50-53-1C-8AEthernet adapter Local Area Connection 5: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Bluetooth LAN Access Server Driver Physical Address. . . . . . . . . : 00-27-13-FF-37-51Server: easohsnapa06.napa.ad.etn.com
Address: 151.x.x.x

Name: google.com
Addresses: 72.14.204.138, 72.14.204.102, 72.14.204.101, 72.14.204.113
72.14.204.100

Pinging google.com [72.14.204.102] with 32 bytes of data:Request timed out.Request timed out.Ping statistics for 72.14.204.102: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),Server: easohsnapa06.napa.ad.etn.com
Address: 151.x.x.x

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Request timed out.Request timed out.Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),Server: easohsnapa06.napa.ad.etn.com
Address: 151.x.x.x

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Request timed out.Request timed out.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 6a c4 47 84 ...... Intel® WiFi Link 5300 AGN - Packet Scheduler Miniport
0x3 ...d8 d3 85 3a 19 20 ...... Intel® 82567LM Gigabit Network Connection - Packet Scheduler Miniport
0x10005 ...00 ff 50 53 1c 8a ...... Juniper Network Connect Virtual Adapter - Pylon GigE Vision Streaming Filter Miniport
0x10006 ...00 27 13 ff 37 51 ...... Bluetooth LAN Access Server Driver - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.225.55.1 10.225.55.61 10
10.225.55.0 255.255.255.0 10.225.55.61 10.225.55.61 10
10.225.55.61 255.255.255.255 127.0.0.1 127.0.0.1 10
10.255.255.255 255.255.255.255 10.225.55.61 10.225.55.61 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 10.225.55.61 10.225.55.61 20
224.0.0.0 240.0.0.0 10.225.55.61 10.225.55.61 10
255.255.255.255 255.255.255.255 10.225.55.61 10006 1
255.255.255.255 255.255.255.255 10.225.55.61 10.225.55.61 1
255.255.255.255 255.255.255.255 10.225.55.61 3 1
255.255.255.255 255.255.255.255 10.225.55.61 10005 1
Default Gateway: 10.225.55.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/27/2012 10:43:10 AM) (Source: Application Error) (User: )
Description: Faulting application acrord32.exe, version 10.1.2.45, faulting module makeaccessible.api, version 10.1.2.45, fault address 0x0006cdaf.
Processing media-specific event for [acrord32.exe!ws!]

Error: (03/27/2012 10:34:24 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (03/27/2012 10:33:37 AM) (Source: UserInit) (User: )
Description: Could not execute the following script SCCMStartup.vbs. The system cannot find the file specified.
.

Error: (03/27/2012 10:33:37 AM) (Source: UserInit) (User: )
Description: Could not execute the following script admin_probe.vbs. The system cannot find the file specified.
.

Error: (03/27/2012 10:33:37 AM) (Source: UserInit) (User: )
Description: Could not execute the following script EnforceLocalAdminGroup.vbs. The system cannot find the file specified.
.

Error: (03/27/2012 10:33:20 AM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (03/27/2012 10:33:20 AM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (03/27/2012 09:27:43 AM) (Source: Communicator) (User: )
Description: Communicator was unable to resolve the DNS hostname of the login server sipexternal.eaton.com.



Resolution:

If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full. If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for sipexternal.eaton.com because it could not be resolved.

Error: (03/27/2012 09:27:43 AM) (Source: Communicator) (User: )
Description: Communicator was unable to resolve the DNS hostname of the login server sipexternal.eaton.com.



Resolution:

If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full. If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for sipexternal.eaton.com because it could not be resolved.

Error: (03/27/2012 09:27:43 AM) (Source: Communicator) (User: )
Description: Communicator was unable to resolve the DNS hostname of the login server sip.eaton.com.



Resolution:

If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full. If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for sip.eaton.com because it could not be resolved.


System errors:
=============
Error: (03/27/2012 10:37:12 AM) (Source: DCOM) (User: SYSTEM)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.

Error: (03/27/2012 10:35:27 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (03/27/2012 10:33:23 AM) (Source: Service Control Manager) (User: )
Description: The %ISUSB.SvcDesc% service failed to start due to the following error:
%%1058

Error: (03/27/2012 10:33:20 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain NAPA due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (03/27/2012 09:27:55 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (03/27/2012 09:27:51 AM) (Source: Dhcp) (User: )
Description: The IP address lease 10.0.0.229 for the Network Card with network address 00216AC44784 has been
denied by the DHCP server 151.x.x.x (The DHCP Server sent a DHCPNACK message).

Error: (03/27/2012 07:34:26 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 479 minutes.
NtpClient has no source of accurate time.

Error: (03/27/2012 06:31:21 AM) (Source: NETLOGON) (User: )
Description: No Domain Controller is available for domain NAPA due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Error: (03/27/2012 03:34:24 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 239 minutes.
NtpClient has no source of accurate time.

Error: (03/27/2012 01:34:21 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 120 minutes.
NtpClient has no source of accurate time.


Microsoft Office Sessions:
=========================
Error: (03/27/2012 10:43:10 AM) (Source: Application Error)(User: )
Description: acrord32.exe10.1.2.45makeaccessible.api10.1.2.450006cdaf

Error: (03/27/2012 10:34:24 AM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: The specified domain either does not exist or could not be contacted.

Error: (03/27/2012 10:33:37 AM) (Source: UserInit)(User: )
Description: SCCMStartup.vbsThe system cannot find the file specified.

Error: (03/27/2012 10:33:37 AM) (Source: UserInit)(User: )
Description: admin_probe.vbsThe system cannot find the file specified.

Error: (03/27/2012 10:33:37 AM) (Source: UserInit)(User: )
Description: EnforceLocalAdminGroup.vbsThe system cannot find the file specified.

Error: (03/27/2012 10:33:20 AM) (Source: AutoEnrollment)(User: )
Description: local system0x8007054bThe specified domain either does not exist or could not be contacted.

Error: (03/27/2012 10:33:20 AM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: The specified domain either does not exist or could not be contacted.

Error: (03/27/2012 09:27:43 AM) (Source: Communicator)(User: )
Description: Communicatorsipexternal.eaton.com

Error: (03/27/2012 09:27:43 AM) (Source: Communicator)(User: )
Description: Communicatorsipexternal.eaton.com

Error: (03/27/2012 09:27:43 AM) (Source: Communicator)(User: )
Description: Communicatorsip.eaton.com


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 8.1.2)
7-Zip 4.57
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Agere Systems HDA Modem
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Ask Toolbar (Version: 1.14.1.0)
Ask Toolbar Updater (Version: 1.2.0.20007)
AT&T Connect Participant Application v8.9.27 (Version: 8.9.27)
AuthenTec Fingerprint System (Version: 8.0.100.25)
Basler pylon Runtime x86 (GEV) 2.1.0.1664 (Version: 2.1.1664)
Bonjour (Version: 3.0.0.2)
Capture One 6.3 (Version: 6.3.51745.73)
Check Point Endpoint Security - Secure Access (Version: 7.6.165.000)
Citrix Presentation Server Client (Version: 10.100.55836)
ClearType Tuning Control Panel Applet (Version: 1.01.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Configuration Manager Client (Version: 4.00.6487.2000)
Critical Update for Windows Media Player 11 (KB959772)
Crystal XI (Version: 1.0.0.0)
CutePDF Writer 2.7
Dassault Systemes Software B19
Dassault Systemes Software Prerequisites x86 (Version: 8.1.3)
EatonTemplates (Version: 1.00.0000)
Embedded Security for HP ProtectTools Driver (Version: 5.5.100)
ENOVIA Collaborative Design for ProENGINEER Client (Version: 10.5.0.0)
eRoom 7 Client (Version: 501.24)
File-Rescue Plus (Version: 1.0.0)
File Rescue Plus (Version: 004.000.00011)
Free Launch Bar (Version: 2.0)
Glary Undelete 1.6.0.262
GML Matting 0.3 (Version: 0.3)
GoToMeeting 4.8.0.723 (Version: 4.8.0.723)
HP 3D DriveGuard (Version: 1.10 C1)
HP Integrated Module with Bluetooth wireless technology (Version: 5.1.0.4803)
HP Performance Tuning Framework (Version: 2.15.1900)
HP Quick Launch Buttons (Version: 6.40.17.2)
HP Wireless Assistant (Version: 3.00 K2)
IE5 Registration (Version: 5.00)
Intel PROSet Wireless
Intel® Network Connections Drivers
Intel® PROSet/Wireless WiFi Software (Version: 12.04.0000)
InterVideo DVD Check
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo WinDVD (Version: 5.0-B11.1259)
IrfanView (remove only) (Version: 4.30)
J2SE Runtime Environment 5.0 Update 15 (Version: 1.5.0.150)
Juniper Installer Service (Version: 7.0.0.17289)
Juniper Networks Host Checker (Version: 7.0.0.18809)
Juniper Networks Network Connect 5.5.0 (Version: 5.5.0.12029)
Juniper Networks Network Connect 7.0.0 (Version: 7.0.0.18809)
Juniper Networks Setup Client (Version: 2.2.5.10685)
Juniper Networks Setup Client Activex Control (Version: 2.1.1.1)
License Use Management Runtime (Version: 4.6.8)
LumiCam 4.0
LumiCam 4.3
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MFGPro NetTerm (Version: 1.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft ActiveSync (Version: 4.5.5096.0)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Communicator 2007 (Version: 2.0.6362.129)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Project MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Project Standard 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Visio Viewer 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Standard 2010 (Version: 14.0.6029.1000)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 6 Service Pack 2 (KB954459) (Version: 6.20.1099.0)
MxProNT (Version: 10.5.0.0)
NVIDIA Control Panel 276.00 (Version: 276.00)
NVIDIA Graphics Driver 276.00 (Version: 276.00)
NVIDIA Install Application (Version: 2.275.82.0)
NVIDIA nView 135.92 (Version: 135.92)
NVIDIA nView Desktop Manager (Version: 6.14.10.13592)
NVIDIA Performance Drivers (Version: 1.0.0.2)
OptiFlow! v4.2
OPTIS SPEOS CAA V5 Based V10.1 for 32 bits operating system (Version: 10.1.0.7)
Oracle JInitiator 1.1.5.21.1
Oracle JInitiator 1.1.7.18
Oracle JInitiator 1.1.8.16
Oracle JInitiator 1.3.1.25
PAL
QLBCASL (Version: 6.40.17.2)
QuickTime (Version: 7.69.80.9)
RDC
RegSnap version 7.0 (Version: 7.0)
Release OrCAD 16.0 (Version: 16.0)
RemoteAccess (Version: 1.0.1.6)
RICOH R5C853 Media Driver Ver.1.02.00.17 (Version: 1.02.00.17)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Business (Version: 10.1)
Roxio Creator Business v10 (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio MyDVD (Version: 10.1.055)
SolidWorks 2011 Document Manager API (Version: 19.00.5019)
SolidWorks eDrawings 2011 (Version: 11.2.113)
SolidWorks viewer (Version: 15.22.113)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Synaptics Pointing Device Driver (Version: 12.2.2.0)
tinySpell 1.9.40
Topaz DeNoise 5 (Version: 5.0.1)
Trend Micro OfficeScan Client (Version: 10.5)
Trend Micro OfficeScan Intrusion Defense Firewall Client (Version: 6.1.69)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VBA (3821b) (Version: 6.01.00.1234)
VC 9.0 Runtime (Version: 1.0.0)
WebFldrs XP (Version: 9.50.7523)
WIMGAPI (Version: 1.0.0.0)
Windows Driver Package - Leaf Imaging Ltd. Image (02/11/2010 ) (Version: 02/11/2010 )
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
Wisdom-soft ScreenHunter 5.0 Free
XML Paper Specification Shared Components Pack 1.0
Zenfolio Uploader

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 3036.19 MB
Available physical RAM: 2084.36 MB
Total Pagefile: 4925.71 MB
Available Pagefile: 4073.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.96 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:146.73 GB) NTFS
3 Drive e: () (Removable) (Total:0.95 GB) (Free:0.14 GB) FAT

========================= Users: ========================================

User accounts for \\COSCAWHP45xxxxx

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****



----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/27/2012 at 03:03 PM

Application Version : 5.0.1146

Core Rules Database Version : 8387
Trace Rules Database Version: 6199

Scan type : Complete Scan
Total Scan Time : 01:14:26

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 803
Memory threats detected : 0
Registry items scanned : 38770
Registry threats detected : 0
File items scanned : 78867
File threats detected : 304

Adware.Tracking Cookie
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@2o7[2].txt [ /2o7 ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@accounts[2].txt [ /accounts ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@ads.supplyframe[1].txt [ /ads.supplyframe ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@adserving[2].txt [ /adserving ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@adtrackrs[2].txt [ /adtrackrs ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@associatedcontent.112.2o7[1].txt [ /associatedcontent.112.2o7 ]
C:\Documents and Settings\e00xxxxx\Cookies\e0087924@bs.serving-sys[1].txt [ /bs.serving-sys ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@dealtime[1].txt [ /dealtime ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@find-ip-address[1].txt [ /find-ip-address ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@insightexpressai[2].txt [ /insightexpressai ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@marriottinternational.122.2o7[1].txt [ /marriottinternational.122.2o7 ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@mediaforge[2].txt [ /mediaforge ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@microsoftwindows.112.2o7[1].txt [ /microsoftwindows.112.2o7 ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@ptc.112.2o7[1].txt [ /ptc.112.2o7 ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@sdctrack.thomasnet[2].txt [ /sdctrack.thomasnet ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@server.iad.liveperson[1].txt [ /server.iad.liveperson ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@serving-sys[2].txt [ /serving-sys ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@stat.dealtime[1].txt [ /stat.dealtime ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@trafficmp[2].txt [ /trafficmp ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@www.pixeltrack66[2].txt [ /www.pixeltrack66 ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@yellowpages.112.2o7[1].txt [ /yellowpages.112.2o7 ]
C:\Documents and Settings\e00xxxxx\Cookies\PUGPFOAK.txt [ /liveperson.net ]
C:\Documents and Settings\e00xxxxx\Cookies\5OC5VEBR.txt [ /tacoda.net ]
C:\Documents and Settings\e00xxxxx\Cookies\0CFKVL0U.txt [ /beta-ads.ace.advertising.com ]
C:\Documents and Settings\e00xxxxx\Cookies\0HV0XX2B.txt [ /revsci.net ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@dcscxxqkamertejzhxf28961k_1u1m[1].txt [ /sdctrack.thomasnet.com ]
C:\Documents and Settings\e00xxxxx\Cookies\8NLRJU9Q.txt [ /legolas-media.com ]
C:\Documents and Settings\e00xxxxx\Cookies\TE3DM7SL.txt [ /advertising.com ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@1067971883[2].txt [ /www.googleadservices.com ]
C:\Documents and Settings\e00xxxxx\Cookies\RTZ2Y5NY.txt [ /amazon-adsystem.com ]
C:\Documents and Settings\e00xxxxx\Cookies\C74CN6T0.txt [ /liveperson.net ]
C:\Documents and Settings\e00xxxxx\Cookies\JKEOSEXP.txt [ /intermedia.net ]
C:\Documents and Settings\e00xxxxx\Cookies\91KXTEO3.txt [ /usatoday1.112.2o7.net ]
C:\Documents and Settings\e00xxxxx\Cookies\CA4HI5XA.txt [ /atdmt.com ]
C:\Documents and Settings\e00xxxxx\Cookies\XSZ2MF56.txt [ /media6degrees.com ]
C:\Documents and Settings\e00xxxxx\Cookies\28CDD2HH.txt [ /flightstats.com ]
C:\Documents and Settings\e00xxxxx\Cookies\RH3EDO47.txt [ /doubleclick.net ]
C:\Documents and Settings\e00xxxxx\Cookies\1MUAB1U2.txt [ /dmtracker.com ]
C:\Documents and Settings\e00xxxxx\Cookies\WGQSS8KW.txt [ /kontera.com ]
C:\Documents and Settings\e00xxxxx\Cookies\5EU8FCVS.txt [ /interclick.com ]
C:\Documents and Settings\e00xxxxx\Cookies\ROR38RF3.txt [ /sales.liveperson.net ]
C:\Documents and Settings\e00xxxxx\Cookies\ID9NWFOA.txt [ /invitemedia.com ]
C:\Documents and Settings\e00xxxxx\Cookies\8LF21QLY.txt [ /at.atwola.com ]
C:\Documents and Settings\e00xxxxx\Cookies\ZUG9IFQJ.txt [ /questionmarket.com ]
C:\Documents and Settings\e00xxxxx\Cookies\V1ESC1NM.txt [ /www.flightstats.com ]
C:\Documents and Settings\e00xxxxx\Cookies\FGW54EQG.txt [ /ads.saymedia.com ]
C:\Documents and Settings\e00xxxxx\Cookies\JNVUQJS7.txt [ /collective-media.net ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@cgi-bin[2].txt [ /imrworldwide.com ]
C:\Documents and Settings\e00xxxxx\Cookies\B4L6NLRY.txt [ /pro-market.net ]
C:\Documents and Settings\e00xxxxx\Cookies\RW8YMPUN.txt [ /www.burstnet.com ]
C:\Documents and Settings\e00xxxxx\Cookies\8OMBGB24.txt [ /ru4.com ]
C:\Documents and Settings\e00xxxxx\Cookies\SW8769YG.txt [ /specificclick.net ]
C:\Documents and Settings\e00xxxxx\Cookies\B43M4U2D.txt [ /ads.pointroll.com ]
C:\Documents and Settings\e00xxxxx\Cookies\II4051OU.txt [ /tribalfusion.com ]
C:\Documents and Settings\e00xxxxx\Cookies\NNQ3JPNL.txt [ /ad.adbull.com ]
C:\Documents and Settings\e00xxxxx\Cookies\TZM1P7I0.txt [ /ad.yieldmanager.com ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@estat[1].txt [ /estat.com ]
C:\Documents and Settings\e00xxxxx\Cookies\5H5ZLS61.txt [ /burstnet.com ]
C:\Documents and Settings\e00xxxxx\Cookies\e00xxxxx@dcs8u0ga210000478ev8s20t9_1m4z[1].txt [ /sdctrack.thomasnet.com ]
C:\Documents and Settings\e00xxxxx\Cookies\FC9SAG8Q.txt [ /lucidmedia.com ]
C:\Documents and Settings\e00xxxxx\Cookies\LKTYITUI.txt [ /tacoda.at.atwola.com ]
C:\Documents and Settings\e00xxxxx\Cookies\57IMQJVT.txt [ /casalemedia.com ]
C:\Documents and Settings\e00xxxxx\Cookies\R1E9NLYD.txt [ /pointroll.com ]
C:\Documents and Settings\e00xxxxx\Cookies\O913E9VV.txt [ /adbrite.com ]
C:\Documents and Settings\e00xxxxx\Cookies\0E06TAJN.txt [ /xiti.com ]
C:\Documents and Settings\e00xxxxx\Cookies\58SU1SJM.txt [ /adxpose.com ]
C:\Documents and Settings\e00xxxxx\Cookies\I9936X4Z.txt [ /micklemedia.com ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@atdmt[1].txt [ Cookie:administrator@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\Cookies\administrator@statse.webtrendslive[2].txt [ Cookie:administrator@statse.webtrendslive.com/ ]
C:\DOCUMENTS AND SETTINGS\E0081857\Cookies\CAO9QVOX.txt [ Cookie:e0081857@statse.webtrendslive.com/ ]
C:\DOCUMENTS AND SETTINGS\E0081857\Cookies\CA9SQ5DB.txt [ Cookie:e0081857@microsoftwindows.112.2o7.net/ ]
C:\DOCUMENTS AND SETTINGS\E0081857\Cookies\CAI7KXMH.txt [ Cookie:e0081857@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\e00xxxxx\Cookies\T50E4WAP.txt [ Cookie:e00xxxxx@google.com/accounts/ ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\GKAB6Z7G.DEFAULT\COOKIES.SQLITE ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGVRZPGQ ]
cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGVRZPGQ ]
cdn2.baronsmedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGVRZPGQ ]
content.yieldmanager.edgesuite.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGVRZPGQ ]
convoad.technoratimedia.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGVRZPGQ ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGVRZPGQ ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGVRZPGQ ]
media.vfmii.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGVRZPGQ ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGVRZPGQ ]
objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGVRZPGQ ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGVRZPGQ ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGVRZPGQ ]
www.webhostrevenue.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGVRZPGQ ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.viacom.adbureau.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.viacom.adbureau.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.microsoftwindows.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.idgenterprise.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.cmp.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.stats.slashgear.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.stats.slashgear.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.infoworldmediagroup.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.nextag.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.mediaforge.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.mediaforge.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
click.compusaonline.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
click.compusaonline.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.calumetphoto.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
tracker.roitesting.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
media.vfmii.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.linksynergy.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.stats.paste2.org [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.stats.paste2.org [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.msnportal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.stolencamerafinder.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.stolencamerafinder.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.rangefinderforum.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.rangefinderforum.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
ads2.techbanner.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.bravenet.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.qnsr.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
o1.qnsr.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
www.qsstats.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
www.qsstats.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.nikonjp.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.atwola.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.c.atdmt.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.c1.atdmt.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
www.3dstats.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
ads.saymedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
server.iad.liveperson.net [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\DOCUMENTS AND SETTINGS\e00xxxxx\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9BQB2YMS.DEFAULT\COOKIES.SQLITE ]
C:\DOCUMENTS AND SETTINGS\e00xxxxx\LOCAL SETTINGS\TEMP\COOKIES\e00xxxxx@MICROSOFTWINDOWS.112.2O7[1].TXT [ /MICROSOFTWINDOWS.112.2O7 ]
C:\DOCUMENTS AND SETTINGS\e00xxxxx\LOCAL SETTINGS\TEMP\COOKIES\e00xxxxx@PTC.112.2O7[1].TXT [ /PTC.112.2O7 ]

PUP.CNETInstaller
C:\DOCUMENTS AND SETTINGS\e00xxxxx\MY DOCUMENTS\INSTALLATION FILES\CNET2_EASYSCREENCAPTUREVIDEO_ZIP.EXE
C:\RECYCLER\S-1-5-21-1344849015-2219639898-3131602459-501597\DC449.EXE



----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-27 15:17:00
-----------------------------
15:17:00.031 OS Version: Windows 5.1.2600 Service Pack 3
15:17:00.031 Number of processors: 2 586 0x170A
15:17:00.031 ComputerName: COSCAWHP45xxxxx UserName: e00xxxxx
15:17:01.859 Initialize success
15:17:22.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:17:22.125 Disk 0 Vendor: WDC_WD25 12.0 Size: 238475MB BusType: 3
15:17:22.156 Disk 0 MBR read successfully
15:17:22.156 Disk 0 MBR scan
15:17:22.156 Disk 0 Windows VISTA default MBR code
15:17:22.171 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238473 MB offset 2048
15:17:22.187 Disk 0 scanning sectors +488394752
15:17:22.265 Disk 0 scanning C:\WINDOWS\system32\drivers
15:17:44.781 Service scanning
15:18:33.875 Service TmFilter C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys **LOCKED** 32
15:18:33.968 Service TmPreFilter C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys **LOCKED** 32
15:18:35.015 Service VSApiNt C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys **LOCKED** 32
15:18:35.171 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
15:18:38.359 Modules scanning
15:18:44.703 Disk 0 trace - called modules:
15:18:44.750 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys
15:18:44.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae2d030]
15:18:44.781 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> [0x8ae0f718]
15:18:44.796 5 hpdskflt.sys[f77104e6] -> nt!IofCallDriver -> \Device\000000a2[0x8ae47160]
15:18:44.812 7 ACPI.sys[f743e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a830028]
15:18:44.843 Scan finished successfully
15:19:39.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\e00xxxxx\Desktop\MBR.dat"
15:19:39.031 The log file has been saved successfully to "C:\Documents and Settings\e00xxxxx\Desktop\aswMBR results.txt"

Edited by cativo, 27 March 2012 - 06:06 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:58 PM

Posted 27 March 2012 - 07:54 PM

Hmmm Lets do one more and after it tell me if Trend is still reporting it.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 cativo

cativo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 28 March 2012 - 08:49 AM

Ran the online scanner and it removed and quarantined 2 threats. Log file:

C:\IMAGEN\SYSTOOLS\IMAGEMODS\IE_Reg_Change.exe probably unknown NewHeur_PE virus deleted - quarantined
C:\RECYCLER\S-1-5-21-1344849015-2219639898-3131602459-501597\Dc342.zip a variant of Win32/Kryptik.WGF trojan deleted - quarantined

The second item is the virus that is showing up my AV, but under a different name.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:58 PM

Posted 28 March 2012 - 12:47 PM

So, it should be gone now.

Edited by boopme, 28 March 2012 - 12:47 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 cativo

cativo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 28 March 2012 - 01:11 PM

Well I'm not so sure. My anti virus was deleting the same file form the Recycler bin as well but the virus persisted. I haven't seen it show up yet so I'll cross my fingers.

Reading up on it, some security sites say that Win32/Kryptik and its variants can hide in running processes and have the ability to reinstall itself upon deletion. This is what Ive been experiencing. My AV would delete it, but the virus would return.

EDIT: Just rebooted and my AV popped up again. Virus is back and in the Recycler bin. My AV, Trend Micro, also routinely does a DCS cleanse of the virus which according to the website kills the affected process and fixes system files.

Not out of the woods yet.

Edited by cativo, 28 March 2012 - 01:30 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:58 PM

Posted 28 March 2012 - 01:37 PM

Lets clear that now ... It's usually my last anyway.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 cativo

cativo
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 28 March 2012 - 02:01 PM

While you were writing your response I tried something similar. Right after the DCS operation of Trend Micro (killing the process), I permanently deleted the contents of the Recycler. Rebooted and now the virus has not returned. Not only that, other symptoms are now gone, such as IE home page changing, network card issues, etc. Another symptom was my system restore was not working. Now its working.

I'm gonna give it a few days and see how it goes. Hopefully I won't be back!

Thanks you for all your help!

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:58 PM

Posted 28 March 2012 - 02:34 PM

Sounds good,hope we never se you again. :lol: You know what I mean.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users