wscript.exe constantly running

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

wscript.exe constantly running Not sure if this is malware or something more benign

#1 greenrubberducky

Member

Group: Members
Posts: 28
Joined: 23-December 06

Posted 30 September 2011 - 03:23 PM

Recently started noticing that my laptop is being heavily taxed while at idle (I'm not doing anything). Looking in the task list, I found services.exe, svchost.exe and wscript.exe all floating around 15-20% of CPU capacity. Something, not sure what, is taking advantage of the scripting services in Windows and is constantly running.

My DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702
Run by KurchevA at 14:12:10 on 2011-09-30
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3036.2043 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\VPN Client\cvpnd.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WScript.exe
\\akr-dc2\sysvol\gojo.net\scripts\gojo applications.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Documents and Settings\KurchevA\Local Settings\Application Data\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\PTC\WindchillSharePointProducts\ClientManager\ProductPointService.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\proquota.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mygojo.com/portal/Pages/Default.aspx
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = proxy.gojo.net:8080
uInternet Settings,ProxyOverride = 10.0.0.0;192.168.1.0;*mygojo.com;*.gojo.net;*.myqualpak.com;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\kurcheva\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] nwiz.exe /installquiet /nodetect
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [pwdCHECK] c:\windows\system32\wscript.exe c:\roam\passchange\expirepwd.vbs
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
StartupFolder: c:\docume~1\kurcheva\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{6dc47739-3bb0-4494-a43d-193bf54070ae}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\windch~1.lnk - c:\windows\installer\{aeebc44f-53b9-4aa9-b272-6c2c9685e1ea}\_2019124893CC8F92CB83EB.exe
uPolicies-explorer: ForceActiveDesktopOn = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
uPolicies-system: ProfileQuotaMessage = You have exceeded your profile storage space. Please contact the helpdesk prior to logging off your PC. 
uPolicies-system: MaxProfileSize = 30000 (0x7530)
uPolicies-system: WarnUserTimeout = 60 (0x3c)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: dermatitis.com\www
Trusted Zone: dispenserhelp.com
Trusted Zone: dispenserhelp.com\www
Trusted Zone: eflexonline.com
Trusted Zone: gojo.biz\www
Trusted Zone: gojo.com
Trusted Zone: gojo.com\global
Trusted Zone: gojo.com\mx1
Trusted Zone: gojo.com\promotions
Trusted Zone: gojo.com\register
Trusted Zone: gojo.com\savvyseller
Trusted Zone: gojo.com\web
Trusted Zone: gojo.com\webmail
Trusted Zone: gojo.com\www
Trusted Zone: gojo.info\www
Trusted Zone: gojo.net\akr-kronapp
Trusted Zone: gojo.net\akr-llapp1
Trusted Zone: gojo.net\akr-llapp2
Trusted Zone: gojo.net\akr-nas1
Trusted Zone: gojo.net\goplaces
Trusted Zone: gojo.net\prodlink
Trusted Zone: gojo.net\proklink
Trusted Zone: gojo.net\promotions
Trusted Zone: gojo.net\savvyseller
Trusted Zone: gojo.net\stagelink
Trusted Zone: gojo.net\www
Trusted Zone: gojo.org\www
Trusted Zone: gojo.us\www
Trusted Zone: gojocanada.ca\www
Trusted Zone: googleapis.com\ajax
Trusted Zone: handcare.com\www
Trusted Zone: handsanitizing.com\www
Trusted Zone: healthyhands.com
Trusted Zone: healthyhands.com\www
Trusted Zone: healthyhandsusa.com
Trusted Zone: healthyhandsusa.com\www
Trusted Zone: medmutual.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\go
Trusted Zone: microsoft.com\msdn
Trusted Zone: microsoft.com\oca
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\technet
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: msn.com\runonce
Trusted Zone: myflexonline.com
Trusted Zone: mygojo.com
Trusted Zone: mygojo.com\content
Trusted Zone: mygojo.com\docscan
Trusted Zone: mygojo.com\www
Trusted Zone: prodlink
Trusted Zone: provon.biz\www
Trusted Zone: provon.com
Trusted Zone: provon.com\www
Trusted Zone: provon.net\www
Trusted Zone: provon.org\www
Trusted Zone: provon.us\www
Trusted Zone: purell.com
Trusted Zone: purell.com\www
Trusted Zone: themarlincompany.com
Trusted Zone: webex.com\gojo
Trusted Zone: webroom.com\prodconf01
Trusted Zone: webroom.com\prodconf02
Trusted Zone: webroom.com\prodconf03
Trusted Zone: windowsupdate.com
Trusted Zone: dispenserhelp.com
Trusted Zone: dispenserhelp.com\www
Trusted Zone: eflexonline.com
Trusted Zone: gojo.com
Trusted Zone: gojo.com\global
Trusted Zone: gojo.com\mx1
Trusted Zone: gojo.com\promotions
Trusted Zone: gojo.com\register
Trusted Zone: gojo.com\savvyseller
Trusted Zone: gojo.com\web
Trusted Zone: gojo.com\webmail
Trusted Zone: gojo.com\www
Trusted Zone: gojo.net\akr-kronapp
Trusted Zone: gojo.net\akr-llapp1
Trusted Zone: gojo.net\akr-llapp2
Trusted Zone: gojo.net\akr-nas1
Trusted Zone: gojo.net\prodlink
Trusted Zone: gojo.net\proklink
Trusted Zone: gojo.net\promotions
Trusted Zone: gojo.net\savvyseller
Trusted Zone: gojo.net\stagelink
Trusted Zone: googleapis.com\ajax
Trusted Zone: healthyhands.com
Trusted Zone: healthyhandsusa.com
Trusted Zone: healthyhandsusa.com\www
Trusted Zone: medmutual.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\go
Trusted Zone: microsoft.com\msdn
Trusted Zone: microsoft.com\oca
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\technet
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com\www
Trusted Zone: msn.com\runonce
Trusted Zone: myflexonline.com
Trusted Zone: mygojo.com
Trusted Zone: mygojo.com\content
Trusted Zone: mygojo.com\docscan
Trusted Zone: mygojo.com\www
Trusted Zone: prodlink
Trusted Zone: provon.com
Trusted Zone: provon.com\www
Trusted Zone: purell.com
Trusted Zone: purell.com\www
Trusted Zone: themarlincompany.com
Trusted Zone: webex.com\gojo
Trusted Zone: webroom.com\prodconf01
Trusted Zone: webroom.com\prodconf02
Trusted Zone: webroom.com\prodconf03
Trusted Zone: windowsupdate.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {AE3E8210-B33F-49C1-B4E2-860F5F4D732F} - hxxps://akr-dsview/dsview/applets/viewerLauncher.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CFFE5E18-79B9-431C-8CE2-AE55A16E7C09} - hxxp://content.mygojo.com/Businesstools/newlook%205.0/NEWLOOK.CAB
DPF: {F694EA1F-2EC1-445D-8988-1862AD0CC4C8} - hxxp://windchill.gojo.net/Windchill/wtcore/jsp/wvs/download/i486_nt_ie/pvvercheck_ie.cab
TCP: DhcpNameServer = 10.6.2.222 10.6.2.223 10.4.2.222 10.6.4.201 10.6.4.202
TCP: Interfaces\{9D8AA981-C3B8-4791-85C3-608801D78576} : DhcpNameServer = 10.25.25.1
TCP: Interfaces\{EB92FE70-9502-49C7-94A3-3D7F98D5FEA3} : DhcpNameServer = 10.6.2.222 10.6.2.223 10.4.2.222 10.6.4.201 10.6.4.202
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {b4870b70-f390-11d2-9fb9-f4ed725ea20d} - c:\program files\novell\zenworks\NalExpEx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\kurcheva\application data\mozilla\firefox\profiles\dp7geu2n.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\kurcheva\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\ptc\np6_pvapplite9.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-6-24 343920]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-6-12 1164536]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-3-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-6-24 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-3-25 147472]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-3-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-8-27 70728]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\nvidia corporation\performance drivers\nvPDsvc.exe [2008-12-11 3575808]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-6-12 477696]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-6-18 222512]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-6-1 238736]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-4 41216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-6-24 91832]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-6-24 43288]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2009-6-10 47616]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-13 39984]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-27 66600]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-12-27 31124344]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-8-28 189792]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
.
=============== Created Last 30 ================
.
2011-09-30 18:03:35	388096	----a-r-	c:\documents and settings\kurcheva\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-09-30 18:03:34	--------	d-----w-	c:\program files\Trend Micro
2011-09-30 12:33:46	599040	-c----w-	c:\windows\system32\dllcache\crypt32.dll
2011-09-28 17:14:12	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 13:29:45	--------	d-----w-	c:\documents and settings\kurcheva\local settings\application data\assembly
2011-09-06 13:29:32	--------	d-----w-	c:\documents and settings\kurcheva\local settings\application data\Deployment
2011-09-06 13:18:45	--------	d-----w-	c:\program files\Microsoft Office 2010 Code Compatibility Inspector Update 1
2011-09-05 17:04:56	183696	----a-w-	c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-09-05 17:04:56	183696	----a-w-	c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2011-09-03 10:17:37	599040	----a-w-	c:\windows\system32\crypt32.dll
2011-08-10 12:33:54	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-08-10 12:33:53	411368	----a-w-	c:\windows\system32\deploytk.dll
2011-07-15 13:29:31	456320	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00	10496	----a-w-	c:\windows\system32\drivers\ndistapi.sys
.
============= FINISH: 14:12:41.30 ===============

My GMER output:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-30 16:17:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FC4O
Running: gmer.exe; Driver: C:\DOCUME~1\KurchevA\LOCALS~1\Temp\pftorpoc.sys


---- System - GMER 1.0.15 ----

Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwCreateFile [0xB7CEF7B8]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwCreateKey [0xB7CEF676]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwCreateProcess [0xB7CEF610]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwCreateProcessEx [0xB7CEF624]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwDeleteKey [0xB7CEF68A]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwDeleteValueKey [0xB7CEF6B6]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwEnumerateKey [0xB7CEF724]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwEnumerateValueKey [0xB7CEF70E]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwLoadKey2 [0xB7CEF73A]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwMapViewOfSection [0xB7CEF7F8]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwNotifyChangeKey [0xB7CEF766]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwOpenKey [0xB7CEF662]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwOpenProcess [0xB7CEF5D4]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwOpenThread [0xB7CEF5E8]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwProtectVirtualMemory [0xB7CEF7CC]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwQueryKey [0xB7CEF7A2]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwQueryMultipleValueKey [0xB7CEF6F8]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwQueryValueKey [0xB7CEF6E2]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwRenameKey [0xB7CEF6A0]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwReplaceKey [0xB7CEF78E]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwRestoreKey [0xB7CEF77A]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwSetContextThread [0xB7CEF64E]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwSetInformationProcess [0xB7CEF63A]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwSetValueKey [0xB7CEF6CC]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwTerminateProcess [0xB7CEF827]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwUnloadKey [0xB7CEF750]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwUnmapViewOfSection [0xB7CEF80E]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          ZwYieldExecution [0xB7CEF7E2]
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          NtCreateFile
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          NtMapViewOfSection
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          NtOpenProcess
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          NtOpenThread
Code            mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                          NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwYieldExecution                                                                          80504B08 7 Bytes  JMP B7CEF7E6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtCreateFile                                                                              80579084 5 Bytes  JMP B7CEF7BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtMapViewOfSection                                                                        805B1FE6 7 Bytes  JMP B7CEF7FC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwUnmapViewOfSection                                                                      805B2DF4 5 Bytes  JMP B7CEF812 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwProtectVirtualMemory                                                                    805B83CA 7 Bytes  JMP B7CEF7D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtOpenProcess                                                                             805CB3FA 5 Bytes  JMP B7CEF5D8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtOpenThread                                                                              805CB686 5 Bytes  JMP B7CEF5EC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtSetInformationProcess                                                                   805CDE44 5 Bytes  JMP B7CEF63E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwCreateProcessEx                                                                         805D1134 7 Bytes  JMP B7CEF628 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwCreateProcess                                                                           805D11EA 5 Bytes  JMP B7CEF614 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwSetContextThread                                                                        805D16F4 5 Bytes  JMP B7CEF652 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwTerminateProcess                                                                        805D2982 5 Bytes  JMP B7CEF82B mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwQueryValueKey                                                                           806219EC 7 Bytes  JMP B7CEF6E6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwSetValueKey                                                                             80621D3A 7 Bytes  JMP B7CEF6D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwUnloadKey                                                                               80622064 7 Bytes  JMP B7CEF754 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwQueryMultipleValueKey                                                                   80622916 7 Bytes  JMP B7CEF6FC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwRenameKey                                                                               806231EA 7 Bytes  JMP B7CEF6A4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwCreateKey                                                                               806237C8 5 Bytes  JMP B7CEF67A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwDeleteKey                                                                               80623C64 7 Bytes  JMP B7CEF68E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwDeleteValueKey                                                                          80623E34 7 Bytes  JMP B7CEF6BA mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwEnumerateKey                                                                            80624014 7 Bytes  JMP B7CEF728 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwEnumerateValueKey                                                                       8062427E 7 Bytes  JMP B7CEF712 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwOpenKey                                                                                 80624BA6 5 Bytes  JMP B7CEF666 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwQueryKey                                                                                80624EE8 7 Bytes  JMP B7CEF7A6 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwRestoreKey                                                                              806251A8 5 Bytes  JMP B7CEF77E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwLoadKey2                                                                                806255F8 7 Bytes  JMP B7CEF73E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwReplaceKey                                                                              8062589C 5 Bytes  JMP B7CEF792 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwNotifyChangeKey                                                                         806259B6 5 Bytes  JMP B7CEF76A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                               section is writeable [0xB75D9360, 0x33ABBD, 0xE8000020]
?               C:\DOCUME~1\KurchevA\LOCALS~1\Temp\mbr.sys                                                             The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!CreateFileA                                          7C801A28 5 Bytes  JMP 00830FEF 
.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!VirtualProtectEx                                     7C801A61 5 Bytes  JMP 00830073 
.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!VirtualProtect                                       7C801AD4 5 Bytes  JMP 00830F7E 
.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!LoadLibraryExW                                       7C801AF5 5 Bytes  JMP 00830058 
.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!LoadLibraryExA                                       7C801D53 5 Bytes  JMP 00830FA5 
.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!LoadLibraryA                                         7C801D7B 5 Bytes  JMP 0083002C 
.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!GetStartupInfoW                                      7C801E54 5 Bytes  JMP 00830F57 
.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!GetStartupInfoA                                      7C801EF2 5 Bytes  JMP 008300A9 
.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!CreateProcessW                                       7C802336 5 Bytes  JMP 008300CE 
.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!CreateProcessA                                       7C80236B 5 Bytes  JMP 00830F2B 
.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!GetProcAddress                                       7C80AE40 5 Bytes  JMP 00830F10 
.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!LoadLibraryW                                         7C80AEEB 5 Bytes  JMP 00830047 
.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!CreateFileW                                          7C810800 5 Bytes  JMP 00830FDE 
.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!CreatePipe                                           7C81D83F 5 Bytes  JMP 00830098 
.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!CreateNamedPipeW                                     7C82F0DD 5 Bytes  JMP 0083001B 
.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!CreateNamedPipeA                                     7C860CDC 5 Bytes  JMP 0083000A 
.text           C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!WinExec                                              7C86250D 5 Bytes  JMP 00830F3C 
.text           C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!RegOpenKeyExW                                        77DD6AAF 5 Bytes  JMP 00820FCA 
.text           C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!RegCreateKeyExW                                      77DD776C 5 Bytes  JMP 00820076 
.text           C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!RegOpenKeyExA                                        77DD7852 5 Bytes  JMP 0082001B 
.text           C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!RegOpenKeyW                                          77DD7946 5 Bytes  JMP 0082000A 
.text           C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!RegCreateKeyExA                                      77DDE9F4 5 Bytes  JMP 0082005B 
.text           C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!RegOpenKeyA                                          77DDEFC8 5 Bytes  JMP 00820FEF 
.text           C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!RegCreateKeyW                                        77DFBA55 2 Bytes  JMP 00820FAF 
.text           C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!RegCreateKeyW + 3                                    77DFBA58 2 Bytes  [A2, 88]
.text           C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!RegCreateKeyA                                        77DFBCF3 5 Bytes  JMP 00820036 
.text           C:\WINDOWS\system32\svchost.exe[236] msvcrt.dll!_wsystem                                               77C2931E 5 Bytes  JMP 00810F92 
.text           C:\WINDOWS\system32\svchost.exe[236] msvcrt.dll!system                                                 77C293C7 5 Bytes  JMP 00810FA3 
.text           C:\WINDOWS\system32\svchost.exe[236] msvcrt.dll!_creat                                                 77C2D40F 5 Bytes  JMP 0081001D 
.text           C:\WINDOWS\system32\svchost.exe[236] msvcrt.dll!_open                                                  77C2F566 5 Bytes  JMP 0081000C 
.text           C:\WINDOWS\system32\svchost.exe[236] msvcrt.dll!_wcreat                                                77C2FC9B 5 Bytes  JMP 00810FC8 
.text           C:\WINDOWS\system32\svchost.exe[236] msvcrt.dll!_wopen                                                 77C30055 5 Bytes  JMP 00810FE3 
.text           C:\WINDOWS\system32\svchost.exe[236] WS2_32.dll!socket                                                 71AB4211 5 Bytes  JMP 007C0FEF 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateFileA                                          7C801A28 5 Bytes  JMP 00A40000 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!VirtualProtectEx                                     7C801A61 1 Byte  [E9]
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!VirtualProtectEx                                     7C801A61 5 Bytes  JMP 00A40065 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!VirtualProtect                                       7C801AD4 5 Bytes  JMP 00A40F70 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!LoadLibraryExW                                       7C801AF5 5 Bytes  JMP 00A40F81 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!LoadLibraryExA                                       7C801D53 5 Bytes  JMP 00A40F9E 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!LoadLibraryA                                         7C801D7B 5 Bytes  JMP 00A40036 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!GetStartupInfoW                                      7C801E54 5 Bytes  JMP 00A40F38 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!GetStartupInfoA                                      7C801EF2 5 Bytes  JMP 00A40F53 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateProcessW                                       7C802336 5 Bytes  JMP 00A400BD 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateProcessA                                       7C80236B 5 Bytes  JMP 00A400AC 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!GetProcAddress                                       7C80AE40 5 Bytes  JMP 00A400D8 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!LoadLibraryW                                         7C80AEEB 5 Bytes  JMP 00A40FB9 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateFileW                                          7C810800 5 Bytes  JMP 00A40011 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreatePipe                                           7C81D83F 5 Bytes  JMP 00A4008A 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateNamedPipeW                                     7C82F0DD 5 Bytes  JMP 00A40FCA 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!CreateNamedPipeA                                     7C860CDC 5 Bytes  JMP 00A40FDB 
.text           C:\WINDOWS\system32\svchost.exe[272] kernel32.dll!WinExec                                              7C86250D 5 Bytes  JMP 00A4009B 
.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegOpenKeyExW                                        77DD6AAF 5 Bytes  JMP 00A30FB9 
.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegCreateKeyExW                                      77DD776C 5 Bytes  JMP 00A30F79 
.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegOpenKeyExA                                        77DD7852 5 Bytes  JMP 00A30FCA 
.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegOpenKeyW                                          77DD7946 5 Bytes  JMP 00A30FDB 
.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegCreateKeyExA                                      77DDE9F4 5 Bytes  JMP 00A30F94 
.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegOpenKeyA                                          77DDEFC8 5 Bytes  JMP 00A30000 
.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegCreateKeyW                                        77DFBA55 5 Bytes  JMP 00A30036 
.text           C:\WINDOWS\system32\svchost.exe[272] ADVAPI32.dll!RegCreateKeyA                                        77DFBCF3 5 Bytes  JMP 00A30025 
.text           C:\WINDOWS\system32\svchost.exe[272] msvcrt.dll!_wsystem                                               77C2931E 5 Bytes  JMP 00A2005D 
.text           C:\WINDOWS\system32\svchost.exe[272] msvcrt.dll!system                                                 77C293C7 5 Bytes  JMP 00A20042 
.text           C:\WINDOWS\system32\svchost.exe[272] msvcrt.dll!_creat                                                 77C2D40F 5 Bytes  JMP 00A20FE3 
.text           C:\WINDOWS\system32\svchost.exe[272] msvcrt.dll!_open                                                  77C2F566 5 Bytes  JMP 00A20000 
.text           C:\WINDOWS\system32\svchost.exe[272] msvcrt.dll!_wcreat                                                77C2FC9B 5 Bytes  JMP 00A20FC8 
.text           C:\WINDOWS\system32\svchost.exe[272] msvcrt.dll!_wopen                                                 77C30055 5 Bytes  JMP 00A2001D 
.text           C:\WINDOWS\system32\svchost.exe[272] WS2_32.dll!socket                                                 71AB4211 5 Bytes  JMP 00A10FEF 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!CreateFileA            7C801A28 5 Bytes  JMP 017B0FEF 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!VirtualProtectEx       7C801A61 5 Bytes  JMP 017B0F69 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!VirtualProtect         7C801AD4 5 Bytes  JMP 017B005E 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!LoadLibraryExW         7C801AF5 5 Bytes  JMP 017B0043 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!LoadLibraryExA         7C801D53 5 Bytes  JMP 017B0F86 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!LoadLibraryA           7C801D7B 5 Bytes  JMP 017B0F97 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!GetStartupInfoW        7C801E54 5 Bytes  JMP 017B0F31 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!GetStartupInfoA        7C801EF2 5 Bytes  JMP 017B0F42 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!CreateProcessW         7C802336 5 Bytes  JMP 017B0094 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!CreateProcessA         7C80236B 5 Bytes  JMP 017B0EFB 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!GetProcAddress         7C80AE40 5 Bytes  JMP 017B00AF 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!LoadLibraryW           7C80AEEB 5 Bytes  JMP 017B0028 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!CreateFileW            7C810800 5 Bytes  JMP 017B0FD4 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!CreatePipe             7C81D83F 5 Bytes  JMP 017B006F 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!CreateNamedPipeW       7C82F0DD 5 Bytes  JMP 017B0FA8 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!CreateNamedPipeA       7C860CDC 5 Bytes  JMP 017B0FC3 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] kernel32.dll!WinExec                7C86250D 5 Bytes  JMP 017B0F20 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] ADVAPI32.dll!RegOpenKeyExW          77DD6AAF 5 Bytes  JMP 017A0FB2 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] ADVAPI32.dll!RegCreateKeyExW        77DD776C 5 Bytes  JMP 017A0F72 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] ADVAPI32.dll!RegOpenKeyExA          77DD7852 5 Bytes  JMP 017A0FC3 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] ADVAPI32.dll!RegOpenKeyW            77DD7946 5 Bytes  JMP 017A0FDE 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] ADVAPI32.dll!RegCreateKeyExA        77DDE9F4 5 Bytes  JMP 017A0F8D 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] ADVAPI32.dll!RegOpenKeyA            77DDEFC8 5 Bytes  JMP 017A0FEF 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] ADVAPI32.dll!RegCreateKeyW          77DFBA55 5 Bytes  JMP 017A002F 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] ADVAPI32.dll!RegCreateKeyA          77DFBCF3 5 Bytes  JMP 017A001E 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] msvcrt.dll!_wsystem                 77C2931E 5 Bytes  JMP 01790FA6 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] msvcrt.dll!system                   77C293C7 5 Bytes  JMP 01790FB7 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] msvcrt.dll!_creat                   77C2D40F 5 Bytes  JMP 01790FC8 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] msvcrt.dll!_open                    77C2F566 5 Bytes  JMP 01790000 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] msvcrt.dll!_wcreat                  77C2FC9B 5 Bytes  JMP 01790027 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] msvcrt.dll!_wopen                   77C30055 5 Bytes  JMP 01790FE3 
.text           C:\Program Files\McAfee\Common Framework\FrameworkService.exe[368] WS2_32.dll!socket                   71AB4211 5 Bytes  JMP 01780FEF 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!CreateFileA                                          7C801A28 5 Bytes  JMP 00700FEF 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!VirtualProtectEx                                     7C801A61 5 Bytes  JMP 00700076 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!VirtualProtect                                       7C801AD4 5 Bytes  JMP 00700F77 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!LoadLibraryExW                                       7C801AF5 5 Bytes  JMP 00700F92 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!LoadLibraryExA                                       7C801D53 5 Bytes  JMP 00700FB9 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!LoadLibraryA                                         7C801D7B 5 Bytes  JMP 0070005B 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!GetStartupInfoW                                      7C801E54 5 Bytes  JMP 00700F3F 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!GetStartupInfoA                                      7C801EF2 5 Bytes  JMP 00700F50 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!CreateProcessW                                       7C802336 5 Bytes  JMP 007000C7 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!CreateProcessA                                       7C80236B 5 Bytes  JMP 007000AC 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!GetProcAddress                                       7C80AE40 5 Bytes  JMP 00700F09 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!LoadLibraryW                                         7C80AEEB 5 Bytes  JMP 00700FD4 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!CreateFileW                                          7C810800 5 Bytes  JMP 00700014 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!CreatePipe                                           7C81D83F 5 Bytes  JMP 00700087 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!CreateNamedPipeW                                     7C82F0DD 5 Bytes  JMP 0070004A 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!CreateNamedPipeA                                     7C860CDC 5 Bytes  JMP 0070002F 
.text           C:\WINDOWS\System32\svchost.exe[704] kernel32.dll!WinExec                                              7C86250D 5 Bytes  JMP 00700F24 
.text           C:\WINDOWS\System32\svchost.exe[704] ADVAPI32.dll!RegOpenKeyExW                                        77DD6AAF 5 Bytes  JMP 006F001B 
.text           C:\WINDOWS\System32\svchost.exe[704] ADVAPI32.dll!RegCreateKeyExW                                      77DD776C 5 Bytes  JMP 006F0F8A 
.text           C:\WINDOWS\System32\svchost.exe[704] ADVAPI32.dll!RegOpenKeyExA                                        77DD7852 5 Bytes  JMP 006F0FCA 
.text           C:\WINDOWS\System32\svchost.exe[704] ADVAPI32.dll!RegOpenKeyW                                          77DD7946 5 Bytes  JMP 006F000A 
.text           C:\WINDOWS\System32\svchost.exe[704] ADVAPI32.dll!RegCreateKeyExA                                      77DDE9F4 5 Bytes  JMP 006F0F9B 
.text           C:\WINDOWS\System32\svchost.exe[704] ADVAPI32.dll!RegOpenKeyA                                          77DDEFC8 5 Bytes  JMP 006F0FEF 
.text           C:\WINDOWS\System32\svchost.exe[704] ADVAPI32.dll!RegCreateKeyW                                        77DFBA55 5 Bytes  JMP 006F003D 
.text           C:\WINDOWS\System32\svchost.exe[704] ADVAPI32.dll!RegCreateKeyA                                        77DFBCF3 5 Bytes  JMP 006F002C 
.text           C:\WINDOWS\System32\svchost.exe[704] msvcrt.dll!_wsystem                                               77C2931E 5 Bytes  JMP 006E0FA1 
.text           C:\WINDOWS\System32\svchost.exe[704] msvcrt.dll!system                                                 77C293C7 5 Bytes  JMP 006E0036 
.text           C:\WINDOWS\System32\svchost.exe[704] msvcrt.dll!_creat                                                 77C2D40F 5 Bytes  JMP 006E0FC6 
.text           C:\WINDOWS\System32\svchost.exe[704] msvcrt.dll!_open                                                  77C2F566 5 Bytes  JMP 006E0FE3 
.text           C:\WINDOWS\System32\svchost.exe[704] msvcrt.dll!_wcreat                                                77C2FC9B 5 Bytes  JMP 006E001B 
.text           C:\WINDOWS\System32\svchost.exe[704] msvcrt.dll!_wopen                                                 77C30055 5 Bytes  JMP 006E0000 
.text           C:\WINDOWS\System32\svchost.exe[704] WS2_32.dll!socket                                                 71AB4211 5 Bytes  JMP 006D000A 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!CreateFileA                                          7C801A28 5 Bytes  JMP 00700000 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!VirtualProtectEx                                     7C801A61 5 Bytes  JMP 00700089 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!VirtualProtect                                       7C801AD4 5 Bytes  JMP 00700078 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!LoadLibraryExW                                       7C801AF5 5 Bytes  JMP 00700067 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!LoadLibraryExA                                       7C801D53 5 Bytes  JMP 00700F9E 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!LoadLibraryA                                         7C801D7B 5 Bytes  JMP 00700FC3 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!GetStartupInfoW                                      7C801E54 5 Bytes  JMP 007000C6 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!GetStartupInfoA                                      7C801EF2 5 Bytes  JMP 007000AB 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!CreateProcessW                                       7C802336 5 Bytes  JMP 00700F45 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!CreateProcessA                                       7C80236B 5 Bytes  JMP 007000E8 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!GetProcAddress                                       7C80AE40 5 Bytes  JMP 00700F34 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!LoadLibraryW                                         7C80AEEB 5 Bytes  JMP 00700040 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!CreateFileW                                          7C810800 5 Bytes  JMP 00700FEF 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!CreatePipe                                           7C81D83F 5 Bytes  JMP 0070009A 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!CreateNamedPipeW                                     7C82F0DD 5 Bytes  JMP 00700FDE 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!CreateNamedPipeA                                     7C860CDC 5 Bytes  JMP 0070002F 
.text           C:\WINDOWS\System32\svchost.exe[848] kernel32.dll!WinExec                                              7C86250D 5 Bytes  JMP 007000D7 
.text           C:\WINDOWS\System32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyExW                                        77DD6AAF 5 Bytes  JMP 006F0FDE 
.text           C:\WINDOWS\System32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyExW                                      77DD776C 5 Bytes  JMP 006F0F7C 
.text           C:\WINDOWS\System32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyExA                                        77DD7852 5 Bytes  JMP 006F002F 
.text           C:\WINDOWS\System32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyW                                          77DD7946 5 Bytes  JMP 006F000A 
.text           C:\WINDOWS\System32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyExA                                      77DDE9F4 5 Bytes  JMP 006F0F97 
.text           C:\WINDOWS\System32\svchost.exe[848] ADVAPI32.dll!RegOpenKeyA                                          77DDEFC8 5 Bytes  JMP 006F0FEF 
.text           C:\WINDOWS\System32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyW                                        77DFBA55 2 Bytes  JMP 006F0FB2 
.text           C:\WINDOWS\System32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyW + 3                                    77DFBA58 2 Bytes  [8F, 88]
.text           C:\WINDOWS\System32\svchost.exe[848] ADVAPI32.dll!RegCreateKeyA                                        77DFBCF3 5 Bytes  JMP 006F0FCD 
.text           C:\WINDOWS\System32\svchost.exe[848] msvcrt.dll!_wsystem                                               77C2931E 5 Bytes  JMP 006E0031 
.text           C:\WINDOWS\System32\svchost.exe[848] msvcrt.dll!system                                                 77C293C7 5 Bytes  JMP 006E0F9C 
.text           C:\WINDOWS\System32\svchost.exe[848] msvcrt.dll!_creat                                                 77C2D40F 5 Bytes  JMP 006E000C 
.text           C:\WINDOWS\System32\svchost.exe[848] msvcrt.dll!_open                                                  77C2F566 5 Bytes  JMP 006E0FEF 
.text           C:\WINDOWS\System32\svchost.exe[848] msvcrt.dll!_wcreat                                                77C2FC9B 5 Bytes  JMP 006E0FAD 
.text           C:\WINDOWS\System32\svchost.exe[848] msvcrt.dll!_wopen                                                 77C30055 5 Bytes  JMP 006E0FD2 
.text           C:\WINDOWS\System32\svchost.exe[848] WS2_32.dll!socket                                                 71AB4211 5 Bytes  JMP 006D0FEF 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateFileA                                          7C801A28 5 Bytes  JMP 00BD0000 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!VirtualProtectEx                                     7C801A61 5 Bytes  JMP 00BD0F83 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!VirtualProtect                                       7C801AD4 5 Bytes  JMP 00BD0078 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryExW                                       7C801AF5 5 Bytes  JMP 00BD0F94 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryExA                                       7C801D53 5 Bytes  JMP 00BD0051 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryA                                         7C801D7B 5 Bytes  JMP 00BD0036 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!GetStartupInfoW                                      7C801E54 5 Bytes  JMP 00BD0F50 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!GetStartupInfoA                                      7C801EF2 5 Bytes  JMP 00BD0F61 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateProcessW                                       7C802336 5 Bytes  JMP 00BD00C4 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateProcessA                                       7C80236B 5 Bytes  JMP 00BD0F2B 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!GetProcAddress                                       7C80AE40 5 Bytes  JMP 00BD0F10 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryW                                         7C80AEEB 5 Bytes  JMP 00BD0FA5 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateFileW                                          7C810800 5 Bytes  JMP 00BD0FEF 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreatePipe                                           7C81D83F 5 Bytes  JMP 00BD0F72 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateNamedPipeW                                     7C82F0DD 5 Bytes  JMP 00BD0FCA 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateNamedPipeA                                     7C860CDC 5 Bytes  JMP 00BD001B 
.text           C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!WinExec                                              7C86250D 5 Bytes  JMP 00BD00B3 
.text           C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExW                                        77DD6AAF 5 Bytes  JMP 00BC0FCA 
.text           C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExW                                      77DD776C 5 Bytes  JMP 00BC0F72 
.text           C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyExA                                        77DD7852 5 Bytes  JMP 00BC001B 
.text           C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyW                                          77DD7946 5 Bytes  JMP 00BC0FE5 
.text           C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyExA                                      77DDE9F4 5 Bytes  JMP 00BC0F83 
.text           C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegOpenKeyA                                          77DDEFC8 5 Bytes  JMP 00BC0000 
.text           C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyW                                        77DFBA55 2 Bytes  JMP 00BC0F9E 
.text           C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyW + 3                                    77DFBA58 2 Bytes  [DC, 88]
.text           C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!RegCreateKeyA                                        77DFBCF3 5 Bytes  JMP 00BC0FB9 
.text           C:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!_wsystem                                               77C2931E 5 Bytes  JMP 00BB0FB2 
.text           C:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!system                                                 77C293C7 5 Bytes  JMP 00BB0FC3 
.text           C:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!_creat                                                 77C2D40F 5 Bytes  JMP 00BB0FEF 
.text           C:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!_open                                                  77C2F566 5 Bytes  JMP 00BB0000 
.text           C:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!_wcreat                                                77C2FC9B 5 Bytes  JMP 00BB0FDE 
.text           C:\WINDOWS\system32\svchost.exe[900] msvcrt.dll!_wopen                                                 77C30055 5 Bytes  JMP 00BB001D 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!CreateFileA                    7C801A28 5 Bytes  JMP 00DC0FEF 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!VirtualProtectEx               7C801A61 5 Bytes  JMP 00DC0F5C 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!VirtualProtect                 7C801AD4 5 Bytes  JMP 00DC0051 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!LoadLibraryExW                 7C801AF5 5 Bytes  JMP 00DC0040 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!LoadLibraryExA                 7C801D53 5 Bytes  JMP 00DC0F8D 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!LoadLibraryA                   7C801D7B 5 Bytes  JMP 00DC0FA8 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!GetStartupInfoW                7C801E54 5 Bytes  JMP 00DC0076 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!GetStartupInfoA                7C801EF2 5 Bytes  JMP 00DC0F3A 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!CreateProcessW                 7C802336 5 Bytes  JMP 00DC0091 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!CreateProcessA                 7C80236B 5 Bytes  JMP 00DC0F02 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!GetProcAddress                 7C80AE40 5 Bytes  JMP 00DC00A2 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!LoadLibraryW                   7C80AEEB 5 Bytes  JMP 00DC002F 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!CreateFileW                    7C810800 5 Bytes  JMP 00DC0000 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!CreatePipe                     7C81D83F 5 Bytes  JMP 00DC0F4B 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!CreateNamedPipeW               7C82F0DD 5 Bytes  JMP 00DC0FC3 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!CreateNamedPipeA               7C860CDC 5 Bytes  JMP 00DC0FD4 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] kernel32.dll!WinExec                        7C86250D 5 Bytes  JMP 00DC0F13 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] ADVAPI32.dll!RegOpenKeyExW                  77DD6AAF 5 Bytes  JMP 00DB0FC3 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] ADVAPI32.dll!RegCreateKeyExW                77DD776C 5 Bytes  JMP 00DB0054 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] ADVAPI32.dll!RegOpenKeyExA                  77DD7852 5 Bytes  JMP 00DB000A 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] ADVAPI32.dll!RegOpenKeyW                    77DD7946 5 Bytes  JMP 00DB0FD4 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] ADVAPI32.dll!RegCreateKeyExA                77DDE9F4 5 Bytes  JMP 00DB002F 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] ADVAPI32.dll!RegOpenKeyA                    77DDEFC8 5 Bytes  JMP 00DB0FE5 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] ADVAPI32.dll!RegCreateKeyW                  77DFBA55 2 Bytes  JMP 00DB0F97 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] ADVAPI32.dll!RegCreateKeyW + 3              77DFBA58 2 Bytes  [FB, 88]
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] ADVAPI32.dll!RegCreateKeyA                  77DFBCF3 5 Bytes  JMP 00DB0FB2 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] msvcrt.dll!_wsystem                         77C2931E 5 Bytes  JMP 00DA0033 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] msvcrt.dll!system                           77C293C7 5 Bytes  JMP 00DA0FB2 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] msvcrt.dll!_creat                           77C2D40F 5 Bytes  JMP 00DA0FDE 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] msvcrt.dll!_open                            77C2F566 5 Bytes  JMP 00DA0FEF 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] msvcrt.dll!_wcreat                          77C2FC9B 5 Bytes  JMP 00DA0FC3 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] msvcrt.dll!_wopen                           77C30055 5 Bytes  JMP 00DA000C 
.text           C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[928] WS2_32.dll!socket                           71AB4211 5 Bytes  JMP 00D90FEF 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateFileA                                         7C801A28 5 Bytes  JMP 00BE0000 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!VirtualProtectEx                                    7C801A61 5 Bytes  JMP 00BE0090 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!VirtualProtect                                      7C801AD4 5 Bytes  JMP 00BE007F 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExW                                      7C801AF5 5 Bytes  JMP 00BE0062 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExA                                      7C801D53 5 Bytes  JMP 00BE0FAF 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryA                                        7C801D7B 5 Bytes  JMP 00BE0FD1 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoW                                     7C801E54 5 Bytes  JMP 00BE00D2 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoA                                     7C801EF2 5 Bytes  JMP 00BE0F8A 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessW                                      7C802336 5 Bytes  JMP 00BE0123 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessA                                      7C80236B 5 Bytes  JMP 00BE0108 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetProcAddress                                      7C80AE40 5 Bytes  JMP 00BE0F6F 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryW                                        7C80AEEB 5 Bytes  JMP 00BE0FC0 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateFileW                                         7C810800 5 Bytes  JMP 00BE0011 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreatePipe                                          7C81D83F 5 Bytes  JMP 00BE00B5 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeW                                    7C82F0DD 5 Bytes  JMP 00BE0033 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeA                                    7C860CDC 5 Bytes  JMP 00BE0022 
.text           C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!WinExec                                             7C86250D 5 Bytes  JMP 00BE00F7 
.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExW                                       77DD6AAF 5 Bytes  JMP 00930FD4 
.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExW                                     77DD776C 5 Bytes  JMP 0093005B 
.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExA                                       77DD7852 5 Bytes  JMP 00930FE5 
.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyW                                         77DD7946 5 Bytes  JMP 00930011 
.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExA                                     77DDE9F4 5 Bytes  JMP 00930F9E 
.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyA                                         77DDEFC8 5 Bytes  JMP 00930000 
.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW                                       77DFBA55 2 Bytes  JMP 00930FAF 
.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW + 3                                   77DFBA58 2 Bytes  [B3, 88] {MOV BL, 0x88}
.text           C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyA                                       77DFBCF3 5 Bytes  JMP 00930040 
.text           C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wsystem                                              77C2931E 5 Bytes  JMP 0092005C 
.text           C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!system                                                77C293C7 5 Bytes  JMP 00920FD1 
.text           C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_creat                                                77C2D40F 5 Bytes  JMP 0092003A 
.text           C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_open                                                 77C2F566 5 Bytes  JMP 0092000C 
.text           C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wcreat                                               77C2FC9B 5 Bytes  JMP 0092004B 
.text           C:\WINDOWS\system32\svchost.exe[1172] msvcrt.dll!_wopen                                                77C30055 5 Bytes  JMP 0092001D 
.text           C:\WINDOWS\system32\svchost.exe[1172] WININET.dll!InternetOpenA                                        3D95D698 5 Bytes  JMP 00900FEF 
.text           C:\WINDOWS\system32\svchost.exe[1172] WININET.dll!InternetOpenW                                        3D95DB11 5 Bytes  JMP 00900FDE 
.text           C:\WINDOWS\system32\svchost.exe[1172] WININET.dll!InternetOpenUrlA                                     3D95F3AC 5 Bytes  JMP 00900FC3 
.text           C:\WINDOWS\system32\svchost.exe[1172] WININET.dll!InternetOpenUrlW                                     3D9A6D6F 5 Bytes  JMP 00900FB2 
.text           C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!socket                                                71AB4211 5 Bytes  JMP 00910000 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreateFileA                                        7C801A28 5 Bytes  JMP 00D30000 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!VirtualProtectEx                                   7C801A61 5 Bytes  JMP 00D30F7E 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!VirtualProtect                                     7C801AD4 5 Bytes  JMP 00D30073 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!LoadLibraryExW                                     7C801AF5 5 Bytes  JMP 00D30FA5 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!LoadLibraryExA                                     7C801D53 5 Bytes  JMP 00D30058 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!LoadLibraryA                                       7C801D7B 5 Bytes  JMP 00D30FB6 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!GetStartupInfoW                                    7C801E54 5 Bytes  JMP 00D3008E 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!GetStartupInfoA                                    7C801EF2 5 Bytes  JMP 00D30F46 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreateProcessW                                     7C802336 5 Bytes  JMP 00D30F10 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreateProcessA                                     7C80236B 5 Bytes  JMP 00D300B3 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!GetProcAddress                                     7C80AE40 5 Bytes  JMP 00D300C4 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!LoadLibraryW                                       7C80AEEB 5 Bytes  JMP 00D30047 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreateFileW                                        7C810800 5 Bytes  JMP 00D30011 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreatePipe                                         7C81D83F 5 Bytes  JMP 00D30F6D 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreateNamedPipeW                                   7C82F0DD 5 Bytes  JMP 00D30022 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!CreateNamedPipeA                                   7C860CDC 5 Bytes  JMP 00D30FDB 
.text           C:\WINDOWS\system32\services.exe[1548] kernel32.dll!WinExec                                            7C86250D 5 Bytes  JMP 00D30F2B 
.text           C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegOpenKeyExW                                      77DD6AAF 5 Bytes  JMP 00D20FB9 
.text           C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegCreateKeyExW                                    77DD776C 5 Bytes  JMP 00D20F68 
.text           C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegOpenKeyExA                                      77DD7852 5 Bytes  JMP 00D20000 
.text           C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegOpenKeyW                                        77DD7946 5 Bytes  JMP 00D20FD4 
.text           C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegCreateKeyExA                                    77DDE9F4 5 Bytes  JMP 00D2002F 
.text           C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegOpenKeyA                                        77DDEFC8 5 Bytes  JMP 00D20FEF 
.text           C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegCreateKeyW                                      77DFBA55 2 Bytes  JMP 00D20F8D 
.text           C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegCreateKeyW + 3                                  77DFBA58 2 Bytes  [F2, 88]
.text           C:\WINDOWS\system32\services.exe[1548] ADVAPI32.dll!RegCreateKeyA                                      77DFBCF3 5 Bytes  JMP 00D20F9E 
.text           C:\WINDOWS\system32\services.exe[1548] msvcrt.dll!_wsystem                                             77C2931E 5 Bytes  JMP 00D10F9C 
.text           C:\WINDOWS\system32\services.exe[1548] msvcrt.dll!system                                               77C293C7 5 Bytes  JMP 00D10027 
.text           C:\WINDOWS\system32\services.exe[1548] msvcrt.dll!_creat                                               77C2D40F 5 Bytes  JMP 00D10FB7 
.text           C:\WINDOWS\system32\services.exe[1548] msvcrt.dll!_open                                                77C2F566 5 Bytes  JMP 00D10FEF 
.text           C:\WINDOWS\system32\services.exe[1548] msvcrt.dll!_wcreat                                              77C2FC9B 5 Bytes  JMP 00D10016 
.text           C:\WINDOWS\system32\services.exe[1548] msvcrt.dll!_wopen                                               77C30055 5 Bytes  JMP 00D10FD2 
.text           C:\WINDOWS\system32\services.exe[1548] WS2_32.dll!socket                                               71AB4211 5 Bytes  JMP 00D00000 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!CreateFileA                                           7C801A28 5 Bytes  JMP 01010FEF 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!VirtualProtectEx                                      7C801A61 5 Bytes  JMP 01010F4D 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!VirtualProtect                                        7C801AD4 5 Bytes  JMP 01010F5E 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!LoadLibraryExW                                        7C801AF5 5 Bytes  JMP 01010F6F 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!LoadLibraryExA                                        7C801D53 5 Bytes  JMP 0101002C 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!LoadLibraryA                                          7C801D7B 5 Bytes  JMP 01010FA5 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!GetStartupInfoW                                       7C801E54 5 Bytes  JMP 01010069 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!GetStartupInfoA                                       7C801EF2 5 Bytes  JMP 01010F21 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!CreateProcessW                                        7C802336 5 Bytes  JMP 01010EEB 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!CreateProcessA                                        7C80236B 5 Bytes  JMP 0101007A 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!GetProcAddress                                        7C80AE40 5 Bytes  JMP 0101009F 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!LoadLibraryW                                          7C80AEEB 5 Bytes  JMP 01010F94 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!CreateFileW                                           7C810800 5 Bytes  JMP 01010000 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!CreatePipe                                            7C81D83F 5 Bytes  JMP 01010F32 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!CreateNamedPipeW                                      7C82F0DD 5 Bytes  JMP 0101001B 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!CreateNamedPipeA                                      7C860CDC 5 Bytes  JMP 01010FC0 
.text           C:\WINDOWS\system32\lsass.exe[1560] kernel32.dll!WinExec                                               7C86250D 5 Bytes  JMP 01010F06 
.text           C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegOpenKeyExW                                         77DD6AAF 5 Bytes  JMP 00FF0025 
.text           C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegCreateKeyExW                                       77DD776C 5 Bytes  JMP 00FF0FB9 
.text           C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegOpenKeyExA                                         77DD7852 5 Bytes  JMP 00FF000A 
.text           C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegOpenKeyW                                           77DD7946 5 Bytes  JMP 00FF0FDE 
.text           C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegCreateKeyExA                                       77DDE9F4 5 Bytes  JMP 00FF0076 
.text           C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegOpenKeyA                                           77DDEFC8 5 Bytes  JMP 00FF0FEF 
.text           C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegCreateKeyW                                         77DFBA55 5 Bytes  JMP 00FF005B 
.text           C:\WINDOWS\system32\lsass.exe[1560] ADVAPI32.dll!RegCreateKeyA                                         77DFBCF3 5 Bytes  JMP 00FF0040 
.text           C:\WINDOWS\system32\lsass.exe[1560] msvcrt.dll!_wsystem                                                77C2931E 5 Bytes  JMP 00FE0FBC 
.text           C:\WINDOWS\system32\lsass.exe[1560] msvcrt.dll!system                                                  77C293C7 5 Bytes  JMP 00FE0047 
.text           C:\WINDOWS\system32\lsass.exe[1560] msvcrt.dll!_creat                                                  77C2D40F 5 Bytes  JMP 00FE0011 
.text           C:\WINDOWS\system32\lsass.exe[1560] msvcrt.dll!_open                                                   77C2F566 5 Bytes  JMP 00FE0FEF 
.text           C:\WINDOWS\system32\lsass.exe[1560] msvcrt.dll!_wcreat                                                 77C2FC9B 5 Bytes  JMP 00FE002C 
.text           C:\WINDOWS\system32\lsass.exe[1560] msvcrt.dll!_wopen                                                  77C30055 5 Bytes  JMP 00FE0000 
.text           C:\WINDOWS\system32\lsass.exe[1560] WS2_32.dll!socket                                                  71AB4211 5 Bytes  JMP 00FD0000 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateFileA                                         7C801A28 5 Bytes  JMP 00AE0FEF 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!VirtualProtectEx                                    7C801A61 5 Bytes  JMP 00AE0F5E 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!VirtualProtect                                      7C801AD4 5 Bytes  JMP 00AE005D 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!LoadLibraryExW                                      7C801AF5 5 Bytes  JMP 00AE004C 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!LoadLibraryExA                                      7C801D53 5 Bytes  JMP 00AE0F8D 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!LoadLibraryA                                        7C801D7B 5 Bytes  JMP 00AE002F 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!GetStartupInfoW                                     7C801E54 5 Bytes  JMP 00AE0F3C 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!GetStartupInfoA                                     7C801EF2 5 Bytes  JMP 00AE0084 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateProcessW                                      7C802336 5 Bytes  JMP 00AE00A9 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateProcessA                                      7C80236B 5 Bytes  JMP 00AE0F10 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!GetProcAddress                                      7C80AE40 5 Bytes  JMP 00AE00BA 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!LoadLibraryW                                        7C80AEEB 5 Bytes  JMP 00AE0F9E 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateFileW                                         7C810800 5 Bytes  JMP 00AE0014 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreatePipe                                          7C81D83F 5 Bytes  JMP 00AE0F4D 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateNamedPipeW                                    7C82F0DD 5 Bytes  JMP 00AE0FC3 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!CreateNamedPipeA                                    7C860CDC 5 Bytes  JMP 00AE0FDE 
.text           C:\WINDOWS\system32\svchost.exe[1748] kernel32.dll!WinExec                                             7C86250D 5 Bytes  JMP 00AE0F2B 
.text           C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegOpenKeyExW                                       77DD6AAF 5 Bytes  JMP 00AD0FC3 
.text           C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegCreateKeyExW                                     77DD776C 5 Bytes  JMP 00AD0F83 
.text           C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegOpenKeyExA                                       77DD7852 5 Bytes  JMP 00AD0FDE 
.text           C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegOpenKeyW                                         77DD7946 5 Bytes  JMP 00AD000A 
.text           C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegCreateKeyExA                                     77DDE9F4 5 Bytes  JMP 00AD0F94 
.text           C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegOpenKeyA                                         77DDEFC8 5 Bytes  JMP 00AD0FEF 
.text           C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegCreateKeyW                                       77DFBA55 5 Bytes  JMP 00AD0040 
.text           C:\WINDOWS\system32\svchost.exe[1748] ADVAPI32.dll!RegCreateKeyA                                       77DFBCF3 5 Bytes  JMP 00AD002F 
.text           C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!_wsystem                                              77C2931E 5 Bytes  JMP 00AC0038 
.text           C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!system                                                77C293C7 5 Bytes  JMP 00AC0FAD 
.text           C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!_creat                                                77C2D40F 5 Bytes  JMP 00AC001D 
.text           C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!_open                                                 77C2F566 5 Bytes  JMP 00AC0FEF 
.text           C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!_wcreat                                               77C2FC9B 5 Bytes  JMP 00AC0FC8 
.text           C:\WINDOWS\system32\svchost.exe[1748] msvcrt.dll!_wopen                                                77C30055 5 Bytes  JMP 00AC000C 
.text           C:\WINDOWS\system32\svchost.exe[1748] WS2_32.dll!socket                                                71AB4211 5 Bytes  JMP 00AB0FEF 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateFileA                                         7C801A28 5 Bytes  JMP 00C20FEF 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!VirtualProtectEx                                    7C801A61 5 Bytes  JMP 00C20080 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!VirtualProtect                                      7C801AD4 5 Bytes  JMP 00C2006F 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryExW                                      7C801AF5 5 Bytes  JMP 00C20054 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryExA                                      7C801D53 5 Bytes  JMP 00C20FA1 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryA                                        7C801D7B 5 Bytes  JMP 00C20FC3 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!GetStartupInfoW                                     7C801E54 5 Bytes  JMP 00C200A5 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!GetStartupInfoA                                     7C801EF2 5 Bytes  JMP 00C20F53 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateProcessW                                      7C802336 5 Bytes  JMP 00C20F27 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateProcessA                                      7C80236B 5 Bytes  JMP 00C200C0 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!GetProcAddress                                      7C80AE40 5 Bytes  JMP 00C200D1 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!LoadLibraryW                                        7C80AEEB 5 Bytes  JMP 00C20FB2 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateFileW                                         7C810800 5 Bytes  JMP 00C2000A 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreatePipe                                          7C81D83F 5 Bytes  JMP 00C20F7A 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateNamedPipeW                                    7C82F0DD 5 Bytes  JMP 00C2002F 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!CreateNamedPipeA                                    7C860CDC 5 Bytes  JMP 00C20FD4 
.text           C:\WINDOWS\system32\svchost.exe[1844] kernel32.dll!WinExec                                             7C86250D 5 Bytes  JMP 00C20F38 
.text           C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyExW                                       77DD6AAF 5 Bytes  JMP 00C1002F 
.text           C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyExW                                     77DD776C 5 Bytes  JMP 00C10076 
.text           C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyExA                                       77DD7852 5 Bytes  JMP 00C1000A 
.text           C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyW                                         77DD7946 5 Bytes  JMP 00C10FD4 
.text           C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyExA                                     77DDE9F4 5 Bytes  JMP 00C1005B 
.text           C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegOpenKeyA                                         77DDEFC8 5 Bytes  JMP 00C10FEF 
.text           C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyW                                       77DFBA55 2 Bytes  JMP 00C10FC3 
.text           C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyW + 3                                   77DFBA58 2 Bytes  [E1, 88] {LOOPZ 0xffffffffffffff8a}
.text           C:\WINDOWS\system32\svchost.exe[1844] ADVAPI32.dll!RegCreateKeyA                                       77DFBCF3 5 Bytes  JMP 00C1004A 
.text           C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_wsystem                                              77C2931E 5 Bytes  JMP 00C00F95 
.text           C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!system                                                77C293C7 5 Bytes  JMP 00C00FB0 
.text           C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_creat                                                77C2D40F 5 Bytes  JMP 00C00FD2 
.text           C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_open                                                 77C2F566 5 Bytes  JMP 00C0000C 
.text           C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_wcreat                                               77C2FC9B 5 Bytes  JMP 00C00FC1 
.text           C:\WINDOWS\system32\svchost.exe[1844] msvcrt.dll!_wopen                                                77C30055 5 Bytes  JMP 00C00FEF 
.text           C:\WINDOWS\system32\svchost.exe[1844] WS2_32.dll!socket                                                71AB4211 5 Bytes  JMP 00BF0FEF 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!CreateFileA                                         7C801A28 5 Bytes  JMP 02340FEF 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!VirtualProtectEx                                    7C801A61 5 Bytes  JMP 02340F70 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!VirtualProtect                                      7C801AD4 5 Bytes  JMP 02340065 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!LoadLibraryExW                                      7C801AF5 5 Bytes  JMP 02340F97 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!LoadLibraryExA                                      7C801D53 5 Bytes  JMP 02340054 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!LoadLibraryA                                        7C801D7B 5 Bytes  JMP 02340FCD 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!GetStartupInfoW                                     7C801E54 5 Bytes  JMP 02340091 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!GetStartupInfoA                                     7C801EF2 5 Bytes  JMP 02340080 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!CreateProcessW                                      7C802336 5 Bytes  JMP 023400CE 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!CreateProcessA                                      7C80236B 5 Bytes  JMP 023400B3 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!GetProcAddress                                      7C80AE40 5 Bytes  JMP 02340F1A 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!LoadLibraryW                                        7C80AEEB 5 Bytes  JMP 02340FB2 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!CreateFileW                                         7C810800 5 Bytes  JMP 02340014 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!CreatePipe                                          7C81D83F 5 Bytes  JMP 02340F55 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!CreateNamedPipeW                                    7C82F0DD 5 Bytes  JMP 0234002F 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!CreateNamedPipeA                                    7C860CDC 5 Bytes  JMP 02340FDE 
.text           C:\WINDOWS\System32\svchost.exe[1884] kernel32.dll!WinExec                                             7C86250D 5 Bytes  JMP 023400A2 
.text           C:\WINDOWS\System32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyExW                                       77DD6AAF 5 Bytes  JMP 01DE0036 
.text           C:\WINDOWS\System32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyExW                                     77DD776C 5 Bytes  JMP 01DE0F9E 
.text           C:\WINDOWS\System32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyExA                                       77DD7852 5 Bytes  JMP 01DE0025 
.text           C:\WINDOWS\System32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyW                                         77DD7946 5 Bytes  JMP 01DE000A 
.text           C:\WINDOWS\System32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyExA                                     77DDE9F4 5 Bytes  JMP 01DE0FAF 
.text           C:\WINDOWS\System32\svchost.exe[1884] ADVAPI32.dll!RegOpenKeyA                                         77DDEFC8 5 Bytes  JMP 01DE0FEF 
.text           C:\WINDOWS\System32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyW                                       77DFBA55 5 Bytes  JMP 01DE0051 
.text           C:\WINDOWS\System32\svchost.exe[1884] ADVAPI32.dll!RegCreateKeyA                                       77DFBCF3 5 Bytes  JMP 01DE0FD4 
.text           C:\WINDOWS\System32\svchost.exe[1884] msvcrt.dll!_wsystem                                              77C2931E 5 Bytes  JMP 01DD0FAD 
.text           C:\WINDOWS\System32\svchost.exe[1884] msvcrt.dll!system                                                77C293C7 5 Bytes  JMP 01DD0038 
.text           C:\WINDOWS\System32\svchost.exe[1884] msvcrt.dll!_creat                                                77C2D40F 5 Bytes  JMP 01DD0FE3 
.text           C:\WINDOWS\System32\svchost.exe[1884] msvcrt.dll!_open                                                 77C2F566 5 Bytes  JMP 01DD0000 
.text           C:\WINDOWS\System32\svchost.exe[1884] msvcrt.dll!_wcreat                                               77C2FC9B 5 Bytes  JMP 01DD0FD2 
.text           C:\WINDOWS\System32\svchost.exe[1884] msvcrt.dll!_wopen                                                77C30055 5 Bytes  JMP 01DD001D 
.text           C:\WINDOWS\System32\svchost.exe[1884] WS2_32.dll!socket                                                71AB4211 5 Bytes  JMP 01DC0000 
.text           C:\WINDOWS\System32\svchost.exe[1884] WININET.dll!InternetOpenA                                        3D95D698 5 Bytes  JMP 01DB0000 
.text           C:\WINDOWS\System32\svchost.exe[1884] WININET.dll!InternetOpenW                                        3D95DB11 5 Bytes  JMP 01DB0FEF 
.text           C:\WINDOWS\System32\svchost.exe[1884] WININET.dll!InternetOpenUrlA                                     3D95F3AC 5 Bytes  JMP 01DB0FDE 
.text           C:\WINDOWS\System32\svchost.exe[1884] WININET.dll!InternetOpenUrlW                                     3D9A6D6F 5 Bytes  JMP 01DB002F 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2036] ntdll.dll!LdrLoadDll                                7C91632D 5 Bytes  JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!CreateFileA                                         7C801A28 5 Bytes  JMP 001A0000 
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!VirtualProtectEx                                    7C801A61 5 Bytes  JMP 001A0F99 
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!VirtualProtect                                      7C801AD4 5 Bytes  JMP 001A008E 
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!LoadLibraryExW                                      7C801AF5 5 Bytes  JMP 001A0073 
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!LoadLibraryExA                                      7C801D53 5 Bytes  JMP 001A0FB6 
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!LoadLibraryA                                        7C801D7B 5 Bytes  JMP 001A0047 
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!GetStartupInfoW                                     7C801E54 5 Bytes  JMP 001A00C6 
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!GetStartupInfoA                                     7C801EF2 5 Bytes  JMP 001A0F7E 
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!CreateProcessW                                      7C802336 5 Bytes  JMP 001A0F52 
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!CreateProcessA                                      7C80236B 5 Bytes  JMP 001A00E1 
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!GetProcAddress                                      7C80AE40 5 Bytes  JMP 001A0F2D 
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!LoadLibraryW                                        7C80AEEB 5 Bytes  JMP 001A0058 
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!CreateFileW                                         7C810800 5 Bytes  JMP 001A0011 
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!CreatePipe                                          7C81D83F 5 Bytes  JMP 001A00A9 
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!CreateNamedPipeW                                    7C82F0DD 5 Bytes  JMP 001A002C 
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!CreateNamedPipeA                                    7C860CDC 5 Bytes  JMP 001A0FDB 
.text           C:\WINDOWS\System32\svchost.exe[2568] kernel32.dll!WinExec                                             7C86250D 5 Bytes  JMP 001A0F63 
.text           C:\WINDOWS\System32\svchost.exe[2568] ADVAPI32.dll!RegOpenKeyExW                                       77DD6AAF 5 Bytes  JMP 00290FE5 
.text           C:\WINDOWS\System32\svchost.exe[2568] ADVAPI32.dll!RegCreateKeyExW                                     77DD776C 5 Bytes  JMP 0029006C 
.text           C:\WINDOWS\System32\svchost.exe[2568] ADVAPI32.dll!RegOpenKeyExA                                       77DD7852 5 Bytes  JMP 00290040 
.text           C:\WINDOWS\System32\svchost.exe[2568] ADVAPI32.dll!RegOpenKeyW                                         77DD7946 5 Bytes  JMP 0029001B 
.text           C:\WINDOWS\System32\svchost.exe[2568] ADVAPI32.dll!RegCreateKeyExA                                     77DDE9F4 5 Bytes  JMP 00290FAF 
.text           C:\WINDOWS\System32\svchost.exe[2568] ADVAPI32.dll!RegOpenKeyA                                         77DDEFC8 5 Bytes  JMP 00290000 
.text           C:\WINDOWS\System32\svchost.exe[2568] ADVAPI32.dll!RegCreateKeyW                                       77DFBA55 5 Bytes  JMP 00290051 
.text           C:\WINDOWS\System32\svchost.exe[2568] ADVAPI32.dll!RegCreateKeyA                                       77DFBCF3 5 Bytes  JMP 00290FD4 
.text           C:\WINDOWS\System32\svchost.exe[2568] msvcrt.dll!_wsystem                                              77C2931E 5 Bytes  JMP 003E0016 
.text           C:\WINDOWS\System32\svchost.exe[2568] msvcrt.dll!system                                                77C293C7 5 Bytes  JMP 003E0F8B 
.text           C:\WINDOWS\System32\svchost.exe[2568] msvcrt.dll!_creat                                                77C2D40F 5 Bytes  JMP 003E0FB7 
.text           C:\WINDOWS\System32\svchost.exe[2568] msvcrt.dll!_open                                                 77C2F566 5 Bytes  JMP 003E0FEF 
.text           C:\WINDOWS\System32\svchost.exe[2568] msvcrt.dll!_wcreat                                               77C2FC9B 5 Bytes  JMP 003E0FA6 
.text           C:\WINDOWS\System32\svchost.exe[2568] msvcrt.dll!_wopen                                                77C30055 5 Bytes  JMP 003E0FDE 
.text           C:\WINDOWS\System32\svchost.exe[2568] WS2_32.dll!socket                                                71AB4211 5 Bytes  JMP 009B0000 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!CreateFileA                                                 7C801A28 5 Bytes  JMP 001A0FEF 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!VirtualProtectEx                                            7C801A61 5 Bytes  JMP 001A0F46 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!VirtualProtect                                              7C801AD4 5 Bytes  JMP 001A0F57 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!LoadLibraryExW                                              7C801AF5 5 Bytes  JMP 001A003B 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!LoadLibraryExA                                              7C801D53 5 Bytes  JMP 001A0F72 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!LoadLibraryA                                                7C801D7B 5 Bytes  JMP 001A0014 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!GetStartupInfoW                                             7C801E54 5 Bytes  JMP 001A0098 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!GetStartupInfoA                                             7C801EF2 5 Bytes  JMP 001A007D 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!CreateProcessW                                              7C802336 5 Bytes  JMP 001A00C4 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!CreateProcessA                                              7C80236B 5 Bytes  JMP 001A00A9 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!GetProcAddress                                              7C80AE40 5 Bytes  JMP 001A00D5 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!LoadLibraryW                                                7C80AEEB 5 Bytes  JMP 001A0F8D 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!CreateFileW                                                 7C810800 5 Bytes  JMP 001A0FDE 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!CreatePipe                                                  7C81D83F 5 Bytes  JMP 001A0056 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!CreateNamedPipeW                                            7C82F0DD 5 Bytes  JMP 001A0FA8 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!CreateNamedPipeA                                            7C860CDC 5 Bytes  JMP 001A0FC3 
.text           C:\WINDOWS\Explorer.EXE[3348] kernel32.dll!WinExec                                                     7C86250D 5 Bytes  JMP 001A0F35 
.text           C:\WINDOWS\Explorer.EXE[3348] ADVAPI32.dll!RegOpenKeyExW                                               77DD6AAF 5 Bytes  JMP 0029001B 
.text           C:\WINDOWS\Explorer.EXE[3348] ADVAPI32.dll!RegCreateKeyExW                                             77DD776C 5 Bytes  JMP 0029005B 
.text           C:\WINDOWS\Explorer.EXE[3348] ADVAPI32.dll!RegOpenKeyExA                                               77DD7852 5 Bytes  JMP 00290FCA 
.text           C:\WINDOWS\Explorer.EXE[3348] ADVAPI32.dll!RegOpenKeyW                                                 77DD7946 5 Bytes  JMP 00290FDB 
.text           C:\WINDOWS\Explorer.EXE[3348] ADVAPI32.dll!RegCreateKeyExA                                             77DDE9F4 5 Bytes  JMP 00290F9E 
.text           C:\WINDOWS\Explorer.EXE[3348] ADVAPI32.dll!RegOpenKeyA                                                 77DDEFC8 5 Bytes  JMP 00290000 
.text           C:\WINDOWS\Explorer.EXE[3348] ADVAPI32.dll!RegCreateKeyW                                               77DFBA55 2 Bytes  JMP 00290FAF 
.text           C:\WINDOWS\Explorer.EXE[3348] ADVAPI32.dll!RegCreateKeyW + 3                                           77DFBA58 2 Bytes  [49, 88]
.text           C:\WINDOWS\Explorer.EXE[3348] ADVAPI32.dll!RegCreateKeyA                                               77DFBCF3 5 Bytes  JMP 00290040 
.text           C:\WINDOWS\Explorer.EXE[3348] msvcrt.dll!_wsystem                                                      77C2931E 5 Bytes  JMP 002A0038 
.text           C:\WINDOWS\Explorer.EXE[3348] msvcrt.dll!system                                                        77C293C7 5 Bytes  JMP 002A0027 
.text           C:\WINDOWS\Explorer.EXE[3348] msvcrt.dll!_creat                                                        77C2D40F 5 Bytes  JMP 002A0FD2 
.text           C:\WINDOWS\Explorer.EXE[3348] msvcrt.dll!_open                                                         77C2F566 5 Bytes  JMP 002A0000 
.text           C:\WINDOWS\Explorer.EXE[3348] msvcrt.dll!_wcreat                                                       77C2FC9B 5 Bytes  JMP 002A0FC1 
.text           C:\WINDOWS\Explorer.EXE[3348] msvcrt.dll!_wopen                                                        77C30055 5 Bytes  JMP 002A0FE3 
.text           C:\WINDOWS\Explorer.EXE[3348] WININET.dll!InternetOpenA                                                3D95D698 5 Bytes  JMP 002C0000 
.text           C:\WINDOWS\Explorer.EXE[3348] WININET.dll!InternetOpenW                                                3D95DB11 5 Bytes  JMP 002C0FEF 
.text           C:\WINDOWS\Explorer.EXE[3348] WININET.dll!InternetOpenUrlA                                             3D95F3AC 5 Bytes  JMP 002C001B 
.text           C:\WINDOWS\Explorer.EXE[3348] WININET.dll!InternetOpenUrlW                                             3D9A6D6F 5 Bytes  JMP 002C0FD4 
.text           C:\WINDOWS\Explorer.EXE[3348] WS2_32.dll!socket                                                        71AB4211 5 Bytes  JMP 02AF0FEF 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!CreateFileA                  7C801A28 5 Bytes  JMP 0027000A 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!VirtualProtectEx             7C801A61 5 Bytes  JMP 00270080 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!VirtualProtect               7C801AD4 5 Bytes  JMP 0027005B 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!LoadLibraryExW               7C801AF5 5 Bytes  JMP 00270F81 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!LoadLibraryExA               7C801D53 5 Bytes  JMP 00270FA8 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!LoadLibraryA                 7C801D7B 5 Bytes  JMP 00270FD4 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!GetStartupInfoW              7C801E54 5 Bytes  JMP 00270F44 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!GetStartupInfoA              7C801EF2 5 Bytes  JMP 00270F55 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!CreateProcessW               7C802336 5 Bytes  JMP 00270F07 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!CreateProcessA               7C80236B 5 Bytes  JMP 00270F22 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!GetProcAddress               7C80AE40 5 Bytes  JMP 002700BB 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!LoadLibraryW                 7C80AEEB 5 Bytes  JMP 00270FB9 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!CreateFileW                  7C810800 5 Bytes  JMP 0027001B 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!CreatePipe                   7C81D83F 5 Bytes  JMP 00270F66 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!CreateNamedPipeW             7C82F0DD 5 Bytes  JMP 00270FE5 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!SetUnhandledExceptionFilter  7C84495D 5 Bytes  JMP 39008487 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!CreateNamedPipeA             7C860CDC 5 Bytes  JMP 0027002C 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] kernel32.dll!WinExec                      7C86250D 5 Bytes  JMP 00270F33 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] ADVAPI32.dll!RegOpenKeyExW                77DD6AAF 5 Bytes  JMP 00360FCA 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] ADVAPI32.dll!RegCreateKeyExW              77DD776C 5 Bytes  JMP 00360F83 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] ADVAPI32.dll!RegOpenKeyExA                77DD7852 5 Bytes  JMP 0036001B 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] ADVAPI32.dll!RegOpenKeyW                  77DD7946 5 Bytes  JMP 00360000 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] ADVAPI32.dll!RegCreateKeyExA              77DDE9F4 5 Bytes  JMP 00360F94 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] ADVAPI32.dll!RegOpenKeyA                  77DDEFC8 5 Bytes  JMP 00360FE5 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] ADVAPI32.dll!RegCreateKeyW                77DFBA55 5 Bytes  JMP 00360040 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] ADVAPI32.dll!RegCreateKeyA                77DFBCF3 5 Bytes  JMP 00360FAF 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] msvcrt.dll!_wsystem                       77C2931E 5 Bytes  JMP 00370042 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] msvcrt.dll!system                         77C293C7 5 Bytes  JMP 00370FB7 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] msvcrt.dll!_creat                         77C2D40F 5 Bytes  JMP 00370FE3 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] msvcrt.dll!_open                          77C2F566 5 Bytes  JMP 00370000 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] msvcrt.dll!_wcreat                        77C2FC9B 5 Bytes  JMP 00370FD2 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] msvcrt.dll!_wopen                         77C30055 5 Bytes  JMP 0037001D 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] ole32.dll!OleLoadFromStream               7752981B 5 Bytes  JMP 39501F41 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] WS2_32.dll!socket                         71AB4211 5 Bytes  JMP 0704000A 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] WININET.dll!InternetOpenA                 3D95D698 5 Bytes  JMP 06C60FEF 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] WININET.dll!InternetOpenW                 3D95DB11 5 Bytes  JMP 06C60FDE 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] WININET.dll!InternetOpenUrlA              3D95F3AC 5 Bytes  JMP 06C60014 
.text           C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE[3364] WININET.dll!InternetOpenUrlW              3D9A6D6F 5 Bytes  JMP 06C6002F 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3704] USER32.dll!SetWindowLongA                  7E42C29D 5 Bytes  JMP 106AA800 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3704] USER32.dll!SetWindowLongW                  7E42C2BB 5 Bytes  JMP 106AA792 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3704] USER32.dll!GetWindowInfo                   7E42C49C 5 Bytes  JMP 104B229C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[3704] USER32.dll!TrackPopupMenu                  7E46531E 5 Bytes  JMP 104B2861 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!CreateFileA                    7C801A28 5 Bytes  JMP 00270FEF 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!VirtualProtectEx               7C801A61 5 Bytes  JMP 002700A1 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!VirtualProtect                 7C801AD4 5 Bytes  JMP 00270090 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!LoadLibraryExW                 7C801AF5 5 Bytes  JMP 00270FB6 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!LoadLibraryExA                 7C801D53 5 Bytes  JMP 00270073 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!LoadLibraryA                   7C801D7B 5 Bytes  JMP 0027003D 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!GetStartupInfoW                7C801E54 5 Bytes  JMP 00270F6A 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!GetStartupInfoA                7C801EF2 5 Bytes  JMP 00270F91 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!CreateProcessW                 7C802336 5 Bytes  JMP 00270103 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!CreateProcessA                 7C80236B 5 Bytes  JMP 002700E8 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!GetProcAddress                 7C80AE40 5 Bytes  JMP 00270F4F 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!LoadLibraryW                   7C80AEEB 5 Bytes  JMP 00270058 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!CreateFileW                    7C810800 5 Bytes  JMP 00270000 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!CreatePipe                     7C81D83F 5 Bytes  JMP 002700BC 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!CreateNamedPipeW               7C82F0DD 5 Bytes  JMP 0027002C 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!SetUnhandledExceptionFilter    7C84495D 5 Bytes  JMP 39008487 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!CreateNamedPipeA               7C860CDC 5 Bytes  JMP 00270011 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] kernel32.dll!WinExec                        7C86250D 5 Bytes  JMP 002700CD 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] ADVAPI32.dll!RegOpenKeyExW                  77DD6AAF 5 Bytes  JMP 0036002C 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] ADVAPI32.dll!RegCreateKeyExW                77DD776C 5 Bytes  JMP 00360F8A 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] ADVAPI32.dll!RegOpenKeyExA                  77DD7852 5 Bytes  JMP 00360FE5 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] ADVAPI32.dll!RegOpenKeyW                    77DD7946 5 Bytes  JMP 0036001B 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] ADVAPI32.dll!RegCreateKeyExA                77DDE9F4 5 Bytes  JMP 00360051 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] ADVAPI32.dll!RegOpenKeyA                    77DDEFC8 5 Bytes  JMP 00360000 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] ADVAPI32.dll!RegCreateKeyW                  77DFBA55 2 Bytes  JMP 00360FA5 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] ADVAPI32.dll!RegCreateKeyW + 3              77DFBA58 2 Bytes  [56, 88]
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] ADVAPI32.dll!RegCreateKeyA                  77DFBCF3 5 Bytes  JMP 00360FCA 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] ole32.dll!OleLoadFromStream                 7752981B 5 Bytes  JMP 39501F41 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] msvcrt.dll!_wsystem                         77C2931E 5 Bytes  JMP 00370FA8 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] msvcrt.dll!system                           77C293C7 5 Bytes  JMP 00370033 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] msvcrt.dll!_creat                           77C2D40F 5 Bytes  JMP 00370FD4 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] msvcrt.dll!_open                            77C2F566 5 Bytes  JMP 00370FEF 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] msvcrt.dll!_wcreat                          77C2FC9B 5 Bytes  JMP 00370FC3 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] msvcrt.dll!_wopen                           77C30055 5 Bytes  JMP 00370018 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] WININET.dll!InternetOpenA                   3D95D698 5 Bytes  JMP 07570000 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] WININET.dll!InternetOpenW                   3D95DB11 5 Bytes  JMP 0757001B 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] WININET.dll!InternetOpenUrlA                3D95F3AC 5 Bytes  JMP 0757002C 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] WININET.dll!InternetOpenUrlW                3D9A6D6F 5 Bytes  JMP 07570FE5 
.text           C:\Program Files\Microsoft Office\Office14\EXCEL.EXE[4052] WS2_32.dll!socket                           71AB4211 5 Bytes  JMP 09ED0FEF 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                               mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                              mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                              mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                            mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

Not sure where to go from here. Is there anything out there than can read the DLL's that windows services are running?

Thanks for the help!

Aaron

Attached File(s)

attach.txt (14.68K)
Number of downloads: 0

#2 greenrubberducky

Member

Group: Members
Posts: 28
Joined: 23-December 06

Posted 03 October 2011 - 10:23 AM

Ran Malwarebytes just to see if it noticed anything...found a trojan..

PUM.Hijack.Desktop

Searched the forum here and found nothing on this one. As I suspected, Malwarebytes was unable to remove it and the trojan has restarted after my system restarted. I'll keep searching.

#3 HelpBot

Bleepin' Binary Bot

Group: Bots
Posts: 5,607
Joined: 05-October 07
Gender:Male

Posted 05 October 2011 - 03:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421294 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
- Please do this even if you have previously posted logs for us.
- If you were unable to produce the logs originally please try once more.
- If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
Please tell us if you have your original Windows CD/DVD available.
Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 09 October 2011 - 08:02 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Please run aswMBR

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#5 greenrubberducky

Member

Group: Members
Posts: 28
Joined: 23-December 06

Posted 09 October 2011 - 09:40 AM

M0le, thank you for starting into my issue. The issue is still occurring. Here is the result of my aswMBR scan:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-09 10:36:33
-----------------------------
10:36:33.265    OS Version: Windows 5.1.2600 Service Pack 3
10:36:33.265    Number of processors: 2 586 0x1706
10:36:33.265    ComputerName: XP-KURCHEVA  UserName: KurchevA
10:36:36.718    Initialize success
10:36:41.968    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:36:41.968    Disk 0 Vendor: Hitachi_ FC4O Size: 305245MB BusType: 3
10:36:41.984    Disk 0 MBR read successfully
10:36:41.984    Disk 0 MBR scan
10:36:41.984    Disk 0 Windows VISTA default MBR code
10:36:41.984    Disk 0 scanning sectors +625139712
10:36:42.062    Disk 0 scanning C:\WINDOWS\system32\drivers
10:36:49.640    Service scanning
10:36:50.968    Modules scanning
10:37:00.531    Disk 0 trace - called modules:
10:37:00.578    ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys iaStor.sys 
10:37:00.578    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acc2868]
10:37:00.578    3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> [0x8acc2020]
10:37:00.578    5 hpdskflt.sys[b83314e6] -> nt!IofCallDriver -> \Device\00000094[0x8ace8320]
10:37:00.578    7 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a701028]
10:37:00.578    Scan finished successfully
10:37:12.875    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\KurchevA\Desktop\MBR.dat"
10:37:12.953    The log file has been saved successfully to "C:\Documents and Settings\KurchevA\Desktop\aswMBR.txt"

#6 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 09 October 2011 - 04:54 PM

Please run MBAM and SAS next

Please download Posted Image

Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
On the Scanner tab:
- Make sure the "Perform Full Scan" option is selected.
- Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Then SAS

Download Superantispyware

Load Superantispyware and click the check for updates button.
Once the update is finished click the scan your computer button.
Check Perform Complete Scan and then next.
Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
Make sure that they all have a check next to them and press next.
Click finish and you will be taken back to the main interface.
Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
Copy and paste the log onto the forum.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#7 greenrubberducky

Member

Group: Members
Posts: 28
Joined: 23-December 06

Posted 10 October 2011 - 11:33 AM

My MBAM log (it did find something):

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7910

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/9/2011 10:03:08 PM
mbam-log-2011-10-09 (22-03-04).txt

Scan type: Full scan (C:\|)
Objects scanned: 405487
Time elapsed: 43 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (PUM.Hijack.Desktop) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

My SAS log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/10/2011 at 12:30 PM

Application Version : 5.0.1128

Core Rules Database Version : 7774
Trace Rules Database Version: 5586

Scan type       : Complete Scan
Total Scan Time : 00:37:40

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 768
Memory threats detected   : 0
Registry items scanned    : 37905
Registry threats detected : 0
File items scanned        : 66558
File threats detected     : 487

Adware.Tracking Cookie
	C:\Documents and Settings\KurchevA\Cookies\kurcheva@ad.wsod[2].txt [ /ad.wsod ]
	C:\Documents and Settings\KurchevA\Cookies\kurcheva@atdmt[1].txt [ /atdmt ]
	C:\Documents and Settings\KurchevA\Cookies\kurcheva@doubleclick[1].txt [ /doubleclick ]
	C:\DOCUMENTS AND SETTINGS\HELPDESK\Cookies\helpdesk@msnportal.112.2o7[1].txt [ Cookie:helpdesk@msnportal.112.2o7.net/ ]
	C:\DOCUMENTS AND SETTINGS\HELPDESK\Cookies\helpdesk@atdmt[1].txt [ Cookie:helpdesk@atdmt.com/ ]
	C:\DOCUMENTS AND SETTINGS\HELPDESK\Cookies\helpdesk@doubleclick[1].txt [ Cookie:helpdesk@doubleclick.net/ ]
	C:\DOCUMENTS AND SETTINGS\HELPDESK.GOJO-NET\Cookies\helpdesk@atdmt[2].txt [ Cookie:helpdesk@atdmt.com/ ]
	C:\DOCUMENTS AND SETTINGS\HELPDESK.GOJO-NET\Cookies\helpdesk@doubleclick[1].txt [ Cookie:helpdesk@doubleclick.net/ ]
	accounts.key.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2YV3EPME ]
	ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2YV3EPME ]
	cdn.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2YV3EPME ]
	ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2YV3EPME ]
	media.movieweb.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2YV3EPME ]
	s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2YV3EPME ]
	secure-uk.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2YV3EPME ]
	secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2YV3EPME ]
	www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.getclicky.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.static.getclicky.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.viewablemedia.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.t.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.driverside.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6ael4egdjclq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.paypal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	www.findchips.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	www.googleadservices.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wak4cjcjogq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.adlegend.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.adlegend.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.zedo.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	server.iad.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.pubads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.ru4.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.pro-market.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.anrtx.tacoda.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	findarticles.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	findarticles.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	findarticles.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.findarticles.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.findarticles.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.findarticles.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.findarticles.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.findarticles.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.findarticles.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.findarticles.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.findarticles.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	findarticles.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	findarticles.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	findarticles.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	findarticles.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DP7GEU2N.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.e-2dj6wjkouhcpegp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.kontera.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mlbam.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ihg.db.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trafficformula2.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trafficformula2.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trafficformula2.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.e-2dj6wfk4wjcpgbp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.e-2dj6wjkoundjglo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ru4.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.sussexim.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.sussexim.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.sussexim.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.e-2dj6aekoupdzaeo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.e-2dj6aeliwmcpcap.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.e-2dj6wdliggcpokq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.e-2dj6wjnyajdjedo.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.burstbeacon.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.burstnet.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adtech.de [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ru4.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.thinkgeek.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.apmebf.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adxpose.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.e-2dj6wfkienazcdq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.e-2dj6wfkyqkdzakp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.specificclick.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media.adfrontiers.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.clickfuse.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media.adfrontiers.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.premierfarnell.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.yadro.ru [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stat.onestat.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stat.onestat.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adserv.sagainteractive.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.fastclick.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	in.getclicky.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	fr.sitestat.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	fr.sitestat.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adinterax.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.fastclick.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	portagecountyauditor.org [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adserver.adtechus.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.lfstmedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.andomedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	counter.adcourier.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.paypal.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	citi.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	citi.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	citi.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	citi.bridgetrack.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.microsoftsto.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.portagecountyevents.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.portagecountyevents.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.portagecountyevents.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	stats.manticoretechnology.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adserver.darnell.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.keybank.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	adserving.autotrader.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.e-2dj6aeliuld5kbq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.stats.paypal.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.key.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	tracking.waterfrontmedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ad.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.intermundomedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.intermundomedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.intermundomedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.trackmania-carpark.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.trackmania-carpark.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.trackmania-carpark.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trackmania-carpark.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trackmania-carpark.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trackmania-carpark.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	www.partsexpress.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.overture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.overture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ads.neudesicmediagroup.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ads.neudesicmediagroup.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ads.neudesicmediagroup.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.anrtx.tacoda.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediabrandsww.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ru4.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ru4.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.nextag.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.nextag.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.nextag.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.nextag.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.burstnet.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.accounting-financial-tax.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.accounting-financial-tax.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.accounting-financial-tax.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	statse.webtrendslive.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adlegend.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adlegend.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.247realmedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.pro-market.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.histats.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.histats.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.statcounter.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.xiti.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tacoda.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ar.atwola.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.revsci.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.e-2dj6wjnyohd5kfp.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.viewablemedia.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ads.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.pointroll.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.casalemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.lucidmedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.zedo.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	network.realmedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adbrite.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.eyewonder.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.questionmarket.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.legolas-media.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	sales.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.liveperson.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.r1-ads.ace.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.a1.interclick.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.interclick.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.trafficmp.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.fastclick.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.advertising.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.e-2dj6wfkickd5cco.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.e-2dj6wjnyukdjiko.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.e-2dj6wdk4ojc5mbq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.mediaplex.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.collective-media.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.medicaldevicelink.112.2o7.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ru4.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ru4.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ru4.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.ru4.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.googleads.g.doubleclick.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	accounts.google.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.adinterax.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.yieldmanager.net [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	ad.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\KURCHEVA\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

#8 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 10 October 2011 - 02:33 PM

Quote

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (PUM.Hijack.Desktop) -> Bad: (1) Good: (0) -> No action taken.

Did you make sure action was taken on this? If not...

Can you run MBAM again but make sure that everything is checked, and click Remove Selected

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#9 greenrubberducky

Member

Group: Members
Posts: 28
Joined: 23-December 06

Posted 11 October 2011 - 01:36 PM

Sorry...missed the "remove selected" step.

Reran MBAM and removed everything.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7910

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/11/2011 11:54:11 AM
mbam-log-2011-10-11 (11-54-11).txt

Scan type: Full scan (C:\|)
Objects scanned: 406021
Time elapsed: 41 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (PUM.Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 11 October 2011 - 08:12 PM

Let's do an online scan with ESET now

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Under scan settings, check and check Remove found threats
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
Copy and paste the resulting log in your next reply

If no log is generated that means nothing was found. Please let me know if this happens.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#11 greenrubberducky

Member

Group: Members
Posts: 28
Joined: 23-December 06

Posted 12 October 2011 - 11:26 AM

Okay...ESET found one other threat.

C:\Documents and Settings\KurchevA\Application Data\Sun\Java\Deployment\cache\6.0\4\38ee7204-16fa6467	multiple threats	deleted - quarantined

It wasn't a log file as such. This was the only thing it had to output. Told it to quarantine and delete.

#12 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 12 October 2011 - 04:34 PM

Good, so the machine is clean. What's happening with the wscript problem now?

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#13 greenrubberducky

Member

Group: Members
Posts: 28
Joined: 23-December 06

Posted 14 October 2011 - 12:01 PM

wscript.exe is still running. That and the other dll-related service programs (service.exe and svchost.exe) are combining to eat up 50% of the CPU process. It will run from startup until I kill the process. It does not start itself back up. It seems to me that a DLL is in the startup list that I don't want in there. Can you recommend a good tool to or effective way to figure out what DLL is causing the problem?

#14 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 14 October 2011 - 05:37 PM

Yes.

Please download and run Process Explorer

If Process explorer won't execute rename it Iexplore.exe

Under File and Save As, create a log and post here

Copy and paste the log into your next reply

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#15 greenrubberducky

Member

Group: Members
Posts: 28
Joined: 23-December 06

Posted 14 October 2011 - 08:57 PM

That's a cool program...I'm stashing it in the permanent toolbox.

This is my work laptop. Of course, when I fire it up at home, the issue isn't occurring. It may be something on the network in the office. I'll keep Process Explorer on the desktop and grab a log file from it when the issue is in effect.