Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop ICONS Gone & System Frozen


  • This topic is locked This topic is locked
9 replies to this topic

#1 denfin

denfin

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 10 March 2011 - 12:16 PM

I have recently encountered an issue on my desktop at home where the desktop ICONs disappear and I have no ability to launch task manager, the START menu or any other function. The entire system freezes and the only way out is to force power off the system. I had my daughter's laptop sitting around (she moved to the MAC world), so I thought I'd configure that to use while I figured out what was wrong with my desktop. Since the laptop had been sitting idle for several months, upon power up it identified several of my software items had expired (McAfee Security Suite, WebRoot Spyware, etc). I was able to download and install current versions of those software items and once operational on the network, Windows identified 69 updates it needed to install. Once those were installed, the laptop started experiencing the exact same symptoms as my desktop - desktop ICONS disappear and I'm unable to launch anything.

As info, I ran full scans through both McAfee and SpySweeper and although neither detected any really malicious items, the few cookies that were flagged I quarantined, then removed. Now I can only power up either the desktop or the laptop and wait a few minutes for each to lose the desktop ICONs and freeze.

Any ideas or assistance to resolve thsi growing problem would be appreciated.

Edited by hamluis, 10 March 2011 - 02:25 PM.
Moved from XP forum to Am I Infected.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:49 PM

Posted 10 March 2011 - 12:27 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#3 denfin

denfin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 11 March 2011 - 11:00 AM

I have completed the first two of the three steps you requested so far. Both found many threats that I since quarantined/removed. I have not yet had a chance to perform the 3rd step (GMER). I hope to complete that this evening or over the weekend. I will post all results and logs as soon as I complete the 3rd step, as long as that laptop will remain operational and connect to the internet without failing.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:49 PM

Posted 11 March 2011 - 02:56 PM

Can you post the logs?

#5 denfin

denfin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 12 March 2011 - 10:09 AM

Here are the logs.

GMER log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-12 09:47:53
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK6032GSX rev.AS312D
Running: gms2cbkn.exe; Driver: C:\DOCUME~1\Manda\LOCALS~1\Temp\pwtdrpob.sys


---- System - GMER 1.0.15 ----

SSDT 86DE0650 ZwAllocateVirtualMemory
SSDT 86DAA160 ZwCreateKey
SSDT 86DCA1E8 ZwCreateProcess
SSDT 86D8D238 ZwCreateProcessEx
SSDT 86D6E208 ZwCreateThread
SSDT 86D63EC8 ZwDeleteKey
SSDT 86DA30F8 ZwDeleteValueKey
SSDT 86DDF878 ZwOpenKey
SSDT 86DE06C8 ZwQueueApcThread
SSDT 86DE0560 ZwReadVirtualMemory
SSDT 86D8D300 ZwRenameKey
SSDT 86DA4398 ZwSetContextThread
SSDT 86DAC140 ZwSetInformationKey
SSDT 86DA2268 ZwSetInformationProcess
SSDT 86D70760 ZwSetInformationThread
SSDT 86DC45A8 ZwSetValueKey
SSDT 86D6E280 ZwSuspendProcess
SSDT 86DA4320 ZwSuspendThread
SSDT 86D70A28 ZwTerminateProcess
SSDT 86D707D8 ZwTerminateThread
SSDT 86DE05D8 ZwWriteVirtualMemory

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF73E616E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF73E60A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF73E60B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF73E6144]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF73E6184]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF73E6158]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CA0 8050453C 8 Bytes CALL B8D721E2

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[324] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[324] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007B0000
.text C:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[460] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007B001B
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007A0FE5
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007A007F
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007A0F80
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007A0F9B
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007A0058
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007A002C
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007A00B7
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007A009A
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007A0F25
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007A00C8
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007A00D9
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007A0047
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007A0FCA
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007A0F6F
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007A001B
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007A0000
.text C:\WINDOWS\system32\svchost.exe[460] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007A0F4A
.text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00790011
.text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0079003D
.text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00790FCA
.text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00790FE5
.text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0079002C
.text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00790000
.text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00790F8A
.text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [99, 88]
.text C:\WINDOWS\system32\svchost.exe[460] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00790F9B
.text C:\WINDOWS\system32\svchost.exe[460] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007D0042
.text C:\WINDOWS\system32\svchost.exe[460] msvcrt.dll!system 77C293C7 5 Bytes JMP 007D0027
.text C:\WINDOWS\system32\svchost.exe[460] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007D0FC1
.text C:\WINDOWS\system32\svchost.exe[460] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007D0FEF
.text C:\WINDOWS\system32\svchost.exe[460] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007D0016
.text C:\WINDOWS\system32\svchost.exe[460] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007D0FDE
.text C:\WINDOWS\system32\svchost.exe[460] WS2_32.dll!socket 71AB4211 5 Bytes JMP 007C0FEF
.text C:\WINDOWS\system32\svchost.exe[748] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009F0FEF
.text C:\WINDOWS\system32\svchost.exe[748] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009F0025
.text C:\WINDOWS\system32\svchost.exe[748] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009E0F48
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009E0F63
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009E003D
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009E002C
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009E0FA5
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009E0F2D
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009E0075
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009E0F08
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009E00A1
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009E0EF7
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009E0F94
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009E0011
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009E0058
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009E0FB6
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009E0FD1
.text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009E0090
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009D0025
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009D0073
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009D0FD4
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009D0062
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009D0FE5
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009D0051
.text C:\WINDOWS\system32\svchost.exe[748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009D0040
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A50FAA
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A5003F
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A5001D
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A5000C
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A5002E
.text C:\WINDOWS\system32\svchost.exe[748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A50FEF
.text C:\WINDOWS\system32\svchost.exe[748] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A00FEF
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA0014
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BA0FDE
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B90F65
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F80
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B9005A
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B9003D
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B9001B
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90F3E
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90090
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B90EED
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B90F08
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B900A1
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B9002C
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FE5
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90075
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FB9
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90FCA
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B90F2D
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B80022
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B80FA2
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B80011
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B80FE5
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B8005F
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B8004E
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B8003D
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70FB9
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B70044
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B70022
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70000
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70033
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B70011
.text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B60000
.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0093001B
.text C:\WINDOWS\system32\svchost.exe[1196] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00920FEF
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00920F74
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00920069
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00920F8F
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00920058
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00920036
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00920097
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00920F4F
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00920F34
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009200C3
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009200E8
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00920047
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00920FCA
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0092007A
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0092001B
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009200B2
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00910036
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00910FAF
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0091001B
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00910FC0
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00910FEF
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00910062
.text C:\WINDOWS\system32\svchost.exe[1196] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00910051
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C4002C
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C40FAB
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C4000A
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C40FEF
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C4001B
.text C:\WINDOWS\system32\svchost.exe[1196] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C40FC6
.text C:\WINDOWS\system32\svchost.exe[1196] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900FEF
.text C:\WINDOWS\system32\svchost.exe[1196] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900FCA
.text C:\WINDOWS\system32\svchost.exe[1196] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00900FB9
.text C:\WINDOWS\system32\svchost.exe[1196] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\svchost.exe[1196] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\services.exe[1484] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[1484] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0005002C
.text C:\WINDOWS\system32\services.exe[1484] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00050011
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00040F2B
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040F46
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040F61
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00040F72
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00040F9E
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00040F04
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00040056
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00040071
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00040ED8
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00040082
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00040F83
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00040FCA
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0004003B
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00040FB9
.text C:\WINDOWS\system32\services.exe[1484] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00040EE9
.text C:\WINDOWS\system32\services.exe[1484] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 006F0FE5
.text C:\WINDOWS\system32\services.exe[1484] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 006F009B
.text C:\WINDOWS\system32\services.exe[1484] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 006F0036
.text C:\WINDOWS\system32\services.exe[1484] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 006F001B
.text C:\WINDOWS\system32\services.exe[1484] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 006F0080
.text C:\WINDOWS\system32\services.exe[1484] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\services.exe[1484] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 006F0065
.text C:\WINDOWS\system32\services.exe[1484] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 006F0FD4
.text C:\WINDOWS\system32\services.exe[1484] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0007003F
.text C:\WINDOWS\system32\services.exe[1484] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070FBE
.text C:\WINDOWS\system32\services.exe[1484] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0007001D
.text C:\WINDOWS\system32\services.exe[1484] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0007000C
.text C:\WINDOWS\system32\services.exe[1484] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0007002E
.text C:\WINDOWS\system32\services.exe[1484] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1484] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\lsass.exe[1496] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\lsass.exe[1496] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F60025
.text C:\WINDOWS\system32\lsass.exe[1496] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F5000A
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F50F9C
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F5009B
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F50080
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F50065
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F50FCD
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F50F75
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F500BD
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F50104
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F500F3
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F50F50
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F50054
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F500AC
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F50039
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F50FDE
.text C:\WINDOWS\system32\lsass.exe[1496] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F500E2
.text C:\WINDOWS\system32\lsass.exe[1496] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F90036
.text C:\WINDOWS\system32\lsass.exe[1496] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F90073
.text C:\WINDOWS\system32\lsass.exe[1496] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F9001B
.text C:\WINDOWS\system32\lsass.exe[1496] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F90FE5
.text C:\WINDOWS\system32\lsass.exe[1496] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F90062
.text C:\WINDOWS\system32\lsass.exe[1496] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F90000
.text C:\WINDOWS\system32\lsass.exe[1496] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F90FC0
.text C:\WINDOWS\system32\lsass.exe[1496] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [19, 89]
.text C:\WINDOWS\system32\lsass.exe[1496] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F90047
.text C:\WINDOWS\system32\lsass.exe[1496] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F8007A
.text C:\WINDOWS\system32\lsass.exe[1496] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F8005F
.text C:\WINDOWS\system32\lsass.exe[1496] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F80029
.text C:\WINDOWS\system32\lsass.exe[1496] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F8000C
.text C:\WINDOWS\system32\lsass.exe[1496] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F80044
.text C:\WINDOWS\system32\lsass.exe[1496] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\lsass.exe[1496] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F50FCD
.text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F50FDE
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F40FE5
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F40075
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F40F8A
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F40064
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F40047
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F40FAF
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F40F54
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F40F65
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F400D2
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F40F2F
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F400E3
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F40036
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F40000
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F40086
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F40FC0
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F4001B
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F400AD
.text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F80FB9
.text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F8002F
.text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F8000A
.text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F80FDE
.text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F80F7C
.text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F80FEF
.text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F80F97
.text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [18, 89]
.text C:\WINDOWS\system32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F80FA8
.text C:\WINDOWS\system32\svchost.exe[1704] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F70081
.text C:\WINDOWS\system32\svchost.exe[1704] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F70070
.text C:\WINDOWS\system32\svchost.exe[1704] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F7003A
.text C:\WINDOWS\system32\svchost.exe[1704] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\svchost.exe[1704] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F70055
.text C:\WINDOWS\system32\svchost.exe[1704] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F7001D
.text C:\WINDOWS\system32\svchost.exe[1704] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A5000A
.text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A50FE5
.text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A5001B
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A40F66
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40F8B
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A40065
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40FA8
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A40FC3
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A4009D
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A4008C
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A400D3
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A400C2
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A40F1F
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A4004A
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40F55
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A4002F
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A40FDE
.text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A40F44
.text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC003D
.text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC0FB6
.text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC0022
.text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC0011
.text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC0FC7
.text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AC0073
.text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC004E
.text C:\WINDOWS\system32\svchost.exe[1808] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A7002E
.text C:\WINDOWS\system32\svchost.exe[1808] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A7001D
.text C:\WINDOWS\system32\svchost.exe[1808] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A70FC8
.text C:\WINDOWS\system32\svchost.exe[1808] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A70000
.text C:\WINDOWS\system32\svchost.exe[1808] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A70FAD
.text C:\WINDOWS\system32\svchost.exe[1808] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A70FE3
.text C:\WINDOWS\system32\svchost.exe[1808] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A60FE5
.text C:\WINDOWS\System32\svchost.exe[1848] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 03FF0FEF
.text C:\WINDOWS\System32\svchost.exe[1848] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 03FF0014
.text C:\WINDOWS\System32\svchost.exe[1848] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 03FF0FDE
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03FE0000
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03FE0F6D
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03FE0F7E
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03FE0062
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03FE0FA5
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 03FE0051
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03FE00AE
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03FE0087
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03FE00E4
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03FE00BF
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03FE0F30
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03FE0FC0
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03FE0011
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 03FE0F5C
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03FE0FDB
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03FE0036
.text C:\WINDOWS\System32\svchost.exe[1848] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 03FE0F41
.text C:\WINDOWS\System32\svchost.exe[1848] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 04030FC0
.text C:\WINDOWS\System32\svchost.exe[1848] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 04030047
.text C:\WINDOWS\System32\svchost.exe[1848] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 04030011
.text C:\WINDOWS\System32\svchost.exe[1848] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 04030000
.text C:\WINDOWS\System32\svchost.exe[1848] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 04030F8A
.text C:\WINDOWS\System32\svchost.exe[1848] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 04030FE5
.text C:\WINDOWS\System32\svchost.exe[1848] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 04030036
.text C:\WINDOWS\System32\svchost.exe[1848] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 04030FA5
.text C:\WINDOWS\System32\svchost.exe[1848] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 04020F9A
.text C:\WINDOWS\System32\svchost.exe[1848] msvcrt.dll!system 77C293C7 5 Bytes JMP 04020FAB
.text C:\WINDOWS\System32\svchost.exe[1848] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 04020FCD
.text C:\WINDOWS\System32\svchost.exe[1848] msvcrt.dll!_open 77C2F566 5 Bytes JMP 04020FEF
.text C:\WINDOWS\System32\svchost.exe[1848] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 04020FBC
.text C:\WINDOWS\System32\svchost.exe[1848] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 04020FDE
.text C:\WINDOWS\System32\svchost.exe[1848] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0401000A
.text C:\WINDOWS\System32\svchost.exe[1848] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 04000FEF
.text C:\WINDOWS\System32\svchost.exe[1848] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 04000FD4
.text C:\WINDOWS\System32\svchost.exe[1848] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0400000A
.text C:\WINDOWS\System32\svchost.exe[1848] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 04000FC3
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[2236] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 50367370 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSUDLL.dll
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[2236] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 000160B0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[2236] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00014930 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[2236] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000152F0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[2236] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes [33, C0, C2, 0C, 00] {XOR EAX, EAX; RET 0xc}
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[2236] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 000152A0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[2236] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 000152D0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\WINDOWS\Explorer.EXE[2804] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 06450FEF
.text C:\WINDOWS\Explorer.EXE[2804] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0645002F
.text C:\WINDOWS\Explorer.EXE[2804] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0645000A
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 06440000
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 064400A7
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 06440096
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0644007B
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 06440054
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 06440FCD
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 06440F84
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 064400CC
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 06440F62
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 06440F73
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 06440F3D
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 06440FBC
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 06440025
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 06440FA1
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 06440FDE
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 06440FEF
.text C:\WINDOWS\Explorer.EXE[2804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 064400F1
.text C:\WINDOWS\Explorer.EXE[2804] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0643001B
.text C:\WINDOWS\Explorer.EXE[2804] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0643006C
.text C:\WINDOWS\Explorer.EXE[2804] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 06430000
.text C:\WINDOWS\Explorer.EXE[2804] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 06430FD4
.text C:\WINDOWS\Explorer.EXE[2804] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 06430051
.text C:\WINDOWS\Explorer.EXE[2804] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 06430FE5
.text C:\WINDOWS\Explorer.EXE[2804] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 06430040
.text C:\WINDOWS\Explorer.EXE[2804] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 06430FB9
.text C:\WINDOWS\Explorer.EXE[2804] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 06420F90
.text C:\WINDOWS\Explorer.EXE[2804] msvcrt.dll!system 77C293C7 5 Bytes JMP 06420FAB
.text C:\WINDOWS\Explorer.EXE[2804] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 06420011
.text C:\WINDOWS\Explorer.EXE[2804] msvcrt.dll!_open 77C2F566 5 Bytes JMP 06420000
.text C:\WINDOWS\Explorer.EXE[2804] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 06420FBC
.text C:\WINDOWS\Explorer.EXE[2804] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 06420FD7
.text C:\WINDOWS\Explorer.EXE[2804] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 06400FEF
.text C:\WINDOWS\Explorer.EXE[2804] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0640000A
.text C:\WINDOWS\Explorer.EXE[2804] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 06400025
.text C:\WINDOWS\Explorer.EXE[2804] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 06400FD4
.text C:\WINDOWS\Explorer.EXE[2804] WS2_32.dll!socket 71AB4211 5 Bytes JMP 06410FE5
.text C:\WINDOWS\system32\dllhost.exe[3868] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F10FE5
.text C:\WINDOWS\system32\dllhost.exe[3868] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F1000A
.text C:\WINDOWS\system32\dllhost.exe[3868] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F10FD4
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00000
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00F92
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F00087
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00076
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00FB9
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F00040
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00F81
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F000BD
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F00106
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F000F5
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F00F52
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F0005B
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F00FE5
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F000AC
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F00025
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F00FD4
.text C:\WINDOWS\system32\dllhost.exe[3868] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F000E4
.text C:\WINDOWS\system32\dllhost.exe[3868] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00EE006E
.text C:\WINDOWS\system32\dllhost.exe[3868] msvcrt.dll!system 77C293C7 5 Bytes JMP 00EE0049
.text C:\WINDOWS\system32\dllhost.exe[3868] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00EE001D
.text C:\WINDOWS\system32\dllhost.exe[3868] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00EE000C
.text C:\WINDOWS\system32\dllhost.exe[3868] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00EE0038
.text C:\WINDOWS\system32\dllhost.exe[3868] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00EE0FE3
.text C:\WINDOWS\system32\dllhost.exe[3868] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF0FCD
.text C:\WINDOWS\system32\dllhost.exe[3868] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0F6B
.text C:\WINDOWS\system32\dllhost.exe[3868] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF0FDE
.text C:\WINDOWS\system32\dllhost.exe[3868] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF0014
.text C:\WINDOWS\system32\dllhost.exe[3868] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0F7C
.text C:\WINDOWS\system32\dllhost.exe[3868] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF0FEF
.text C:\WINDOWS\system32\dllhost.exe[3868] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00EF0F8D
.text C:\WINDOWS\system32\dllhost.exe[3868] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [0F, 89]
.text C:\WINDOWS\system32\dllhost.exe[3868] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0FB2
.text C:\WINDOWS\system32\dllhost.exe[3868] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00ED0000

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 86D8BD48
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 86DE04E8
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 86DE04E8
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 86D8BD48
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 86D8BD48
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 86DE04E8
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 86DE04E8
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 86D8BD48
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 86DE04E8
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 86D8BD48
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 86DE04E8
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 86D8BD48
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 86DE04E8
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 86DE04E8
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 86D8BD48

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\mfevtps.exe[512] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\WINDOWS\system32\mfevtps.exe[512] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

Device \Driver\Tcpip \Device\Ip 86271E88
Device \Driver\Tcpip \Device\Ip 86374A38

AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp 86271E88
Device \Driver\Tcpip \Device\Tcp 86374A38

AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\Udp 86271E88
Device \Driver\Tcpip \Device\Udp 86374A38

AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\RawIp 86271E88
Device \Driver\Tcpip \Device\RawIp 86374A38

AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\Tcpip \Device\IPMULTICAST 86271E88
Device \Driver\Tcpip \Device\IPMULTICAST 86374A38
Device \FileSystem\Fastfat \Fat A7C3ED20

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----


SuperAntiSpyware Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/11/2011 at 00:43 AM

Application Version : 4.49.1000

Core Rules Database Version : 6573
Trace Rules Database Version: 4385

Scan type : Complete Scan
Total Scan Time : 03:52:43

Memory items scanned : 306
Memory threats detected : 0
Registry items scanned : 6880
Registry threats detected : 132
File items scanned : 100973
File threats detected : 405

Adware.MyWebSearch
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

Adware.Tracking Cookie
C:\Documents and Settings\Manda\Cookies\manda@files.youporn[3].txt
C:\Documents and Settings\Manda\Cookies\manda@interclick[3].txt
C:\Documents and Settings\Manda\Cookies\manda@kontera[1].txt
C:\Documents and Settings\Manda\Cookies\manda@media.ntsserve[2].txt
C:\Documents and Settings\Manda\Cookies\manda@northshore.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@collective-media[3].txt
C:\Documents and Settings\Manda\Cookies\manda@dominionenterprises.112.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@media6degrees[3].txt
C:\Documents and Settings\Manda\Cookies\manda@dmtracker[1].txt
C:\Documents and Settings\Manda\Cookies\manda@checkstat[3].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.cluster01.oasis.zmh.zope[1].txt
C:\Documents and Settings\Manda\Cookies\manda@richmedia.yahoo[1].txt
C:\Documents and Settings\Manda\Cookies\manda@youporn[3].txt
C:\Documents and Settings\Manda\Cookies\manda@ge.112.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@borders.112.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@kelleybluebook.112.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@toyota.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@CA31KQGQ.txt
C:\Documents and Settings\Manda\Cookies\manda@stat.youku[1].txt
C:\Documents and Settings\Manda\Cookies\manda@adbrite[3].txt
C:\Documents and Settings\Manda\Cookies\manda@livenation.122.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Manda\Cookies\manda@snapfish.112.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@insightexpressai[3].txt
C:\Documents and Settings\Manda\Cookies\manda@eyewonder[1].txt
C:\Documents and Settings\Manda\Cookies\manda@media.mtvnservices[3].txt
C:\Documents and Settings\Manda\Cookies\manda@marketlive.122.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.us.e-planning[2].txt
C:\Documents and Settings\Manda\Cookies\manda@cbs.112.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@tracking.keywordmax[1].txt
C:\Documents and Settings\Manda\Cookies\manda@convert.convert2media[2].txt
C:\Documents and Settings\Manda\Cookies\manda@adserver.adtechus[2].txt
C:\Documents and Settings\Manda\Cookies\manda@adopt.euroclick[3].txt
C:\Documents and Settings\Manda\Cookies\manda@msnportal.112.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@revsci[2].txt
C:\Documents and Settings\Manda\Cookies\manda@fastclick[2].txt
C:\Documents and Settings\Manda\Cookies\manda@112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@viamtvnvideo.112.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@chitika[1].txt
C:\Documents and Settings\Manda\Cookies\manda@CA4E640V.txt
C:\Documents and Settings\Manda\Cookies\manda@ads.tnt[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads-dev.youporn[3].txt
C:\Documents and Settings\Manda\Cookies\manda@cmtvia.112.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@z.blogads[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.foodbuzz[2].txt
C:\Documents and Settings\Manda\Cookies\manda@hearstugo.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@msnbc.112.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@newyorkandcompany.112.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@webroot.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.bridgetrack[3].txt
C:\Documents and Settings\Manda\Cookies\manda@specificmedia[2].txt
C:\Documents and Settings\Manda\Cookies\manda@sales.liveperson[9].txt
C:\Documents and Settings\Manda\Cookies\manda@CAC6FKTR.txt
C:\Documents and Settings\Manda\Cookies\manda@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\Manda\Cookies\manda@CA52JAWE.txt
C:\Documents and Settings\Manda\Cookies\manda@CA7O79UC.txt
C:\Documents and Settings\Manda\Cookies\manda@atdmt[1].txt
C:\Documents and Settings\Manda\Cookies\manda@leeenterprises.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@hulu.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@traffic.jostens[2].txt
C:\Documents and Settings\Manda\Cookies\manda@socialmedia[2].txt
C:\Documents and Settings\Manda\Cookies\manda@sec1.liveperson[2].txt
C:\Documents and Settings\Manda\Cookies\manda@www.addfreestats[1].txt
C:\Documents and Settings\Manda\Cookies\manda@twilightthesoundtrack[2].txt
C:\Documents and Settings\Manda\Cookies\manda@indextools[1].txt
C:\Documents and Settings\Manda\Cookies\manda@alexanderinteractive.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@adserver.easyadult[1].txt
C:\Documents and Settings\Manda\Cookies\manda@webstatsmaster[1].txt
C:\Documents and Settings\Manda\Cookies\manda@onetoone.112.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.lucidmedia[2].txt
C:\Documents and Settings\Manda\Cookies\manda@brownshoe.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@dc.tremormedia[2].txt
C:\Documents and Settings\Manda\Cookies\manda@login.tracking101[3].txt
C:\Documents and Settings\Manda\Cookies\manda@sales.liveperson[10].txt
C:\Documents and Settings\Manda\Cookies\manda@paypal.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@discountuggboots[2].txt
C:\Documents and Settings\Manda\Cookies\manda@whitehorse.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.socialreach[1].txt
C:\Documents and Settings\Manda\Cookies\manda@findcostume[1].txt
C:\Documents and Settings\Manda\Cookies\manda@sec1.liveperson[3].txt
C:\Documents and Settings\Manda\Cookies\manda@ad.fed.msn[1].txt
C:\Documents and Settings\Manda\Cookies\manda@pittsburgh.apartmentfinder[3].txt
C:\Documents and Settings\Manda\Cookies\manda@linksynergy[2].txt
C:\Documents and Settings\Manda\Cookies\manda@donerus.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@CA2HK0I0.txt
C:\Documents and Settings\Manda\Cookies\manda@www.server1-jbmultimedia[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.widgetbucks[2].txt
C:\Documents and Settings\Manda\Cookies\manda@invitemedia[1].txt
C:\Documents and Settings\Manda\Cookies\manda@imc2.122.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@apartmentfinder[3].txt
C:\Documents and Settings\Manda\Cookies\manda@lstat.youku[2].txt
C:\Documents and Settings\Manda\Cookies\manda@roiservice[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.nba[1].txt
C:\Documents and Settings\Manda\Cookies\manda@questionmarket[2].txt
C:\Documents and Settings\Manda\Cookies\manda@www.googleadservices[5].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.dixcom[2].txt
C:\Documents and Settings\Manda\Cookies\manda@media.expedia[2].txt
C:\Documents and Settings\Manda\Cookies\manda@CA8P82AS.txt
C:\Documents and Settings\Manda\Cookies\manda@content.yieldmanager[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.tangowire[2].txt
C:\Documents and Settings\Manda\Cookies\manda@samsclub.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@hearstmagazines.112.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@precisiondialogue.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@a1.interclick[1].txt
C:\Documents and Settings\Manda\Cookies\manda@stats.paypal[2].txt
C:\Documents and Settings\Manda\Cookies\manda@www.clickmanage[3].txt
C:\Documents and Settings\Manda\Cookies\manda@advertising[2].txt
C:\Documents and Settings\Manda\Cookies\manda@rezidor.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@track.bestbuy[3].txt
C:\Documents and Settings\Manda\Cookies\manda@audiag.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@gmgmacfs.112.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@sales.liveperson[11].txt
C:\Documents and Settings\Manda\Cookies\manda@creditcardscom.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@niagara21stgroup.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.financialcontent[1].txt
C:\Documents and Settings\Manda\Cookies\manda@warnerbros.112.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@lfstmedia[1].txt
C:\Documents and Settings\Manda\Cookies\manda@webstat[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ad.yieldmanager[2].txt
C:\Documents and Settings\Manda\Cookies\manda@thomasvillefurniture.122.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@sales.liveperson[5].txt
C:\Documents and Settings\Manda\Cookies\manda@CAB66010.txt
C:\Documents and Settings\Manda\Cookies\manda@doubleclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adbrite[2].txt
C:\Documents and Settings\Guest\Cookies\guest@ads.bridgetrack[2].txt
C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt
C:\Documents and Settings\Guest\Cookies\guest@interclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@revsci[1].txt
C:\Documents and Settings\Guest\Cookies\guest@sales.liveperson[1].txt
C:\Documents and Settings\Guest\Cookies\guest@sales.liveperson[3].txt
C:\Documents and Settings\Guest\Cookies\guest@socialmedia[2].txt
C:\Documents and Settings\Guest\Cookies\guest@specificmedia[1].txt
247realmedia.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
a.ads1.msn.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
acvs.mediaonenetwork.net [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
ads1.msn.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
b.ads1.msn.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
cp.media.cfsm1.cedarfair.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
files.youporn.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
interclick.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
kerb.memecounter.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
m1.2mdn.net [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
macromedia.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
media.jambocast.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
media.moblyng.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
media.resulthost.org [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
media.scanscout.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
media.socialvibe.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
media.tattomedia.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
media.thewb.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
media01.kyte.tv [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
media1.break.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
msnbcmedia.msn.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
objects.tremormedia.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
oddcast.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
static.youporn.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
track.trackads.net [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
trackads.net [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
udn.specificclick.net [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
vhss-a.oddcast.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
vidego.multicastmedia.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
wdpromedia.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
wdw1.wdpromedia.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
wdw2.wdpromedia.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
www.blogsmithmedia.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
www.pornotube.com [ C:\Documents and Settings\Manda\Application Data\Macromedia\Flash Player\#SharedObjects\3MT8UPKT ]
C:\Documents and Settings\Manda\Cookies\manda@4.adbrite[1].txt
C:\Documents and Settings\Manda\Cookies\manda@aarf.122.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@account.live[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ad.contentmedianetwork[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ad.flux[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ad.lookery[2].txt
C:\Documents and Settings\Manda\Cookies\manda@adbrite[2].txt
C:\Documents and Settings\Manda\Cookies\manda@adinterax[2].txt
C:\Documents and Settings\Manda\Cookies\manda@adopt.euroclick[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ads-dev.youporn[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.apn.co[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.associatedcontent[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.blog[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.boardgamegeek[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.bridgetrack[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.clubplanet[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.cluster02.oasis.zmh.zope[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.cnn[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.expedia[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.lasvegas[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.realtechnetwork[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.realtechnetwork[3].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.revsci[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.shopthescene[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.showbizspy[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.thesmokinggun[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.traderonline[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.us.e-planning[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.vegas[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.widgetbucks[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ads.worldgolfchampionships[2].txt
C:\Documents and Settings\Manda\Cookies\manda@adserv.ebizprogram[1].txt
C:\Documents and Settings\Manda\Cookies\manda@adserver.adtechus[1].txt
C:\Documents and Settings\Manda\Cookies\manda@adserver.easyad[1].txt
C:\Documents and Settings\Manda\Cookies\manda@adserver.revision3[2].txt
C:\Documents and Settings\Manda\Cookies\manda@adserver1.teracent[1].txt
C:\Documents and Settings\Manda\Cookies\manda@adultvideotube[1].txt
C:\Documents and Settings\Manda\Cookies\manda@americanskiingco.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@angieslist.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@apartmentfinder[1].txt
C:\Documents and Settings\Manda\Cookies\manda@apnonline.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ascendapartners.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@aws.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ballyfitness.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@bbos.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@bestsexworld[1].txt
C:\Documents and Settings\Manda\Cookies\manda@borders.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@brightcove.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@buildabear.122.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@buycom.122.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@buzznet.112.2o7[2].txt
C:\Documents and Settings\Manda\Cookies\manda@campaign.indieclick[1].txt
C:\Documents and Settings\Manda\Cookies\manda@cbs.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@cbsdigitalmedia.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@celebrateexpress.122.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@charmingshoppes.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@chinman.sitetracker[2].txt
C:\Documents and Settings\Manda\Cookies\manda@chitika[2].txt
C:\Documents and Settings\Manda\Cookies\manda@citi.bridgetrack[2].txt
C:\Documents and Settings\Manda\Cookies\manda@classifiedventures1.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@click.interactivebrands[2].txt
C:\Documents and Settings\Manda\Cookies\manda@clickaider[1].txt
C:\Documents and Settings\Manda\Cookies\manda@clicks.emarketmakers[1].txt
C:\Documents and Settings\Manda\Cookies\manda@cmtvia.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@collective-media[2].txt
C:\Documents and Settings\Manda\Cookies\manda@consumergain[1].txt
C:\Documents and Settings\Manda\Cookies\manda@coxtravelchannel.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@csc.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@csi.valueclick[1].txt
C:\Documents and Settings\Manda\Cookies\manda@dominionenterprises.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@e-2dj6wbl4gidpiho.stats.esomniture[2].txt
C:\Documents and Settings\Manda\Cookies\manda@e-2dj6wbmycjajehp.stats.esomniture[1].txt
C:\Documents and Settings\Manda\Cookies\manda@e-2dj6wfk4enc5kbo.stats.esomniture[2].txt
C:\Documents and Settings\Manda\Cookies\manda@e-2dj6wfk4wldpceo.stats.esomniture[1].txt
C:\Documents and Settings\Manda\Cookies\manda@e-2dj6wfkysjdpegq.stats.esomniture[2].txt
C:\Documents and Settings\Manda\Cookies\manda@e-2dj6wflosicpicp.stats.esomniture[2].txt
C:\Documents and Settings\Manda\Cookies\manda@e-2dj6wjkocnajckp.stats.esomniture[2].txt
C:\Documents and Settings\Manda\Cookies\manda@e-2dj6wjkokocjofo.stats.esomniture[2].txt
C:\Documents and Settings\Manda\Cookies\manda@e-2dj6wjliqmcjglq.stats.esomniture[2].txt
C:\Documents and Settings\Manda\Cookies\manda@e-2dj6wjloahazchq.stats.esomniture[2].txt
C:\Documents and Settings\Manda\Cookies\manda@e-2dj6wjmigidzmho.stats.esomniture[2].txt
C:\Documents and Settings\Manda\Cookies\manda@e-2dj6wjnyokajseo.stats.esomniture[2].txt
C:\Documents and Settings\Manda\Cookies\manda@e-2dj6wjnyqldjkap.stats.esomniture[1].txt
C:\Documents and Settings\Manda\Cookies\manda@etoys.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@eyewonder[2].txt
C:\Documents and Settings\Manda\Cookies\manda@fastclick[1].txt
C:\Documents and Settings\Manda\Cookies\manda@files.youporn[1].txt
C:\Documents and Settings\Manda\Cookies\manda@findlocation[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ford.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@freecodesource.advertserve[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ge.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@gmgmacfs.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@go.ennecttrack[1].txt
C:\Documents and Settings\Manda\Cookies\manda@hearstmagazines.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@highbeam.122.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@hollywoodentertainment.122.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@homestore.122.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@hornytoad[2].txt
C:\Documents and Settings\Manda\Cookies\manda@hospitalityebusiness.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@icc.intellisrv[1].txt
C:\Documents and Settings\Manda\Cookies\manda@insightexpressai[2].txt
C:\Documents and Settings\Manda\Cookies\manda@insightfirst[2].txt
C:\Documents and Settings\Manda\Cookies\manda@interclick[2].txt
C:\Documents and Settings\Manda\Cookies\manda@kaboose.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@kanoodle[1].txt
C:\Documents and Settings\Manda\Cookies\manda@kelleybluebook.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@keywordmax[1].txt
C:\Documents and Settings\Manda\Cookies\manda@kontera[2].txt
C:\Documents and Settings\Manda\Cookies\manda@link.mercent[2].txt
C:\Documents and Settings\Manda\Cookies\manda@linkstattrack[1].txt
C:\Documents and Settings\Manda\Cookies\manda@livenation.122.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@login.tracking101[2].txt
C:\Documents and Settings\Manda\Cookies\manda@lynxtrack[1].txt
C:\Documents and Settings\Manda\Cookies\manda@marketlive.122.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@mcclatchy.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@media.hotels[1].txt
C:\Documents and Settings\Manda\Cookies\manda@media.mtvnservices[2].txt
C:\Documents and Settings\Manda\Cookies\manda@media1.break[2].txt
C:\Documents and Settings\Manda\Cookies\manda@media6degrees[1].txt
C:\Documents and Settings\Manda\Cookies\manda@mediacollege[1].txt
C:\Documents and Settings\Manda\Cookies\manda@mediaonenetwork[1].txt
C:\Documents and Settings\Manda\Cookies\manda@microsoftwlspacesmkt.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@msnbc.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@msnportal.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@msnportalbeetsearchapr2007.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@newyorkandcompany.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@nhl.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@nintendo.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@onetoone.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@optimost[1].txt
C:\Documents and Settings\Manda\Cookies\manda@partner2profit[2].txt
C:\Documents and Settings\Manda\Cookies\manda@partners.tattomedia[2].txt
C:\Documents and Settings\Manda\Cookies\manda@pittsburgh.apartmentfinder[2].txt
C:\Documents and Settings\Manda\Cookies\manda@pornotube[1].txt
C:\Documents and Settings\Manda\Cookies\manda@precisionclick[1].txt
C:\Documents and Settings\Manda\Cookies\manda@pt.crossmediaservices[1].txt
C:\Documents and Settings\Manda\Cookies\manda@qnsr[1].txt
C:\Documents and Settings\Manda\Cookies\manda@relocationcentral.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@revsci[1].txt
C:\Documents and Settings\Manda\Cookies\manda@reztrack[2].txt
C:\Documents and Settings\Manda\Cookies\manda@richmedia.yahoo[2].txt
C:\Documents and Settings\Manda\Cookies\manda@roiservice[1].txt
C:\Documents and Settings\Manda\Cookies\manda@s.clickability[2].txt
C:\Documents and Settings\Manda\Cookies\manda@sales.liveperson[1].txt
C:\Documents and Settings\Manda\Cookies\manda@sales.liveperson[2].txt
C:\Documents and Settings\Manda\Cookies\manda@sales.liveperson[3].txt
C:\Documents and Settings\Manda\Cookies\manda@sales.liveperson[4].txt
C:\Documents and Settings\Manda\Cookies\manda@sales.liveperson[6].txt
C:\Documents and Settings\Manda\Cookies\manda@sales.liveperson[7].txt
C:\Documents and Settings\Manda\Cookies\manda@sales.liveperson[8].txt
C:\Documents and Settings\Manda\Cookies\manda@sec1.liveperson[1].txt
C:\Documents and Settings\Manda\Cookies\manda@server2.bkvtrack[2].txt
C:\Documents and Settings\Manda\Cookies\manda@shopping.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@sitestat.mayoclinic[2].txt
C:\Documents and Settings\Manda\Cookies\manda@smartmoney.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@smileycentral[2].txt
C:\Documents and Settings\Manda\Cookies\manda@snapfish.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@socialmedia[1].txt
C:\Documents and Settings\Manda\Cookies\manda@spafinders[2].txt
C:\Documents and Settings\Manda\Cookies\manda@spreadshirtag.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@stats.manticoretechnology[1].txt
C:\Documents and Settings\Manda\Cookies\manda@Stats[2].txt
C:\Documents and Settings\Manda\Cookies\manda@ticketsnow.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@ticketsnow[1].txt
C:\Documents and Settings\Manda\Cookies\manda@track.bestbuy[1].txt
C:\Documents and Settings\Manda\Cookies\manda@track.trackads[1].txt
C:\Documents and Settings\Manda\Cookies\manda@tracking.foxnews[2].txt
C:\Documents and Settings\Manda\Cookies\manda@traffic.buyservices[1].txt
C:\Documents and Settings\Manda\Cookies\manda@traffic.jostens[1].txt
C:\Documents and Settings\Manda\Cookies\manda@trafficdashboard[1].txt
C:\Documents and Settings\Manda\Cookies\manda@traffic[1].txt
C:\Documents and Settings\Manda\Cookies\manda@uclick[1].txt
C:\Documents and Settings\Manda\Cookies\manda@underarmour.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@valueclick[1].txt
C:\Documents and Settings\Manda\Cookies\manda@vhost.oddcast[2].txt
C:\Documents and Settings\Manda\Cookies\manda@viamtvcom.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@viamtvnvideo.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@viavh1video.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@virginamerica.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@volkswagen.122.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@warnerbros.112.2o7[1].txt
C:\Documents and Settings\Manda\Cookies\manda@www.anycountrymusiclyrics[2].txt
C:\Documents and Settings\Manda\Cookies\manda@www.apartmentfinder[2].txt
C:\Documents and Settings\Manda\Cookies\manda@www.clickmanage[2].txt
C:\Documents and Settings\Manda\Cookies\manda@www.fatpenguinmedia[2].txt
C:\Documents and Settings\Manda\Cookies\manda@www.googleadservices[1].txt
C:\Documents and Settings\Manda\Cookies\manda@www.googleadservices[2].txt
C:\Documents and Settings\Manda\Cookies\manda@www.googleadservices[4].txt
C:\Documents and Settings\Manda\Cookies\manda@www.hornytoad[1].txt
C:\Documents and Settings\Manda\Cookies\manda@www.mlsfinder[1].txt
C:\Documents and Settings\Manda\Cookies\manda@www.mlsfinder[2].txt
C:\Documents and Settings\Manda\Cookies\manda@www.mlsfinder[4].txt
C:\Documents and Settings\Manda\Cookies\manda@www.myaccount.cingular[1].txt
C:\Documents and Settings\Manda\Cookies\manda@www.myaccount.cingular[2].txt
C:\Documents and Settings\Manda\Cookies\manda@www.precisioncounter[1].txt
C:\Documents and Settings\Manda\Cookies\manda@www.spafinders[1].txt
C:\Documents and Settings\Manda\Cookies\manda@www.ticketsnow[2].txt
C:\Documents and Settings\Manda\Cookies\manda@www.yourdailymedia[1].txt
C:\Documents and Settings\Manda\Cookies\manda@www5.addfreestats[1].txt
C:\Documents and Settings\Manda\Cookies\manda@youporncocks[1].txt
C:\Documents and Settings\Manda\Cookies\manda@youporngay[1].txt
C:\Documents and Settings\Manda\Cookies\manda@youporn[2].txt
C:\Documents and Settings\Manda\Cookies\manda@yourdailymedia[1].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@2o7[1].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@ad.yieldmanager[2].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@adopt.euroclick[1].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@adopt.specificclick[1].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@adrevolver[1].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@collective-media[1].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@interclick[1].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@keywordmax[1].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@media.adrevolver[2].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@msnportal.112.2o7[1].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@mywebsearch[1].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@perf.overture[1].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@realmedia[2].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@revsci[2].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@server.iad.liveperson[1].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@specificclick[1].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@statcounter[1].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@tacoda[2].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@trafficmp[1].txt
C:\Documents and Settings\Manda\Local Settings\Temp\Cookies\manda@zedo[2].txt
C:\WINDOWS\Temp\Cookies\manda@statse.webtrendslive[2].txt

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-3066892022-3465986173-4109860311-1006\SOFTWARE\FunWebProducts
HKU\.DEFAULT\SOFTWARE\MyWebSearch
HKU\S-1-5-18\SOFTWARE\MyWebSearch
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version
C:\WINDOWS\SYSTEM32\F3PSSAVR.SCR

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE


MalwareBytes log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6014

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

3/10/2011 8:15:50 PM
mbam-log-2011-03-10 (20-15-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 270262
Time elapsed: 40 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 110
Registry Values Infected: 10
Registry Data Items Infected: 2
Folders Infected: 21
Files Infected: 74

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2EFF3CF7-99C1-4c29-BC2B-68E057E22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{621FEACD-8857-43A6-AE26-451D670D5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763E333-B168-41A0-A112-D35F96F410C0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.ShellViewControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.ShellViewControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2EFF3CF7-99C1-4C29-BC2B-68E057E22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A6573479-9075-4A65-98A6-19FD29CF7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{98635087-3F5D-418F-990C-B1EFE0797A3B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38A7C9DA-8DB7-4D0F-A7B1-C4B1A305BDDB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.BrowserOverlayEmbed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.BrowserOverlayEmbed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A6573479-9075-4A65-98A6-19FD29CF7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D778513B-1C40-4819-B0C5-49E40B39AFD0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.BrowserOverlayBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.BrowserOverlayBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\Manda\application data\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\Manda\application data\funwebproducts\Data (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\documents and settings\Manda\application data\funwebproducts\Data\Manda (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\SrchAstt\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\1.bin\F3REPROX.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\documents and settings\Manda\application data\funwebproducts\Data\Manda\avatar.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images\00296C8D.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\avatarsmallbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\cursormaniabtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\myfuncardsimbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\smileycentralbtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared\Cache\webfettibtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\m3ffxtbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\m3ntstbr.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00041171 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\00046483.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\000AE8D8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\000AEABD.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\000AEC05.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\000AF8C6.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\000AFA6C.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\000D59A9.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\000D5A55.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\000D5C2A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\000D689E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\000D6A92 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\002CEA0C (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:49 PM

Posted 12 March 2011 - 01:58 PM

Are your icons still missing?

#7 denfin

denfin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 13 March 2011 - 07:41 AM

No. Actually, the laptop seems to be working fine now. Is there anything else you believe I need to do to completely clean up the laptop or should we be "good to go" from here.

May I attempt to pursue the same actions on the desktop that originally had this problem and still does, if I can find a way to get the code on it?

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:03:49 PM

Posted 13 March 2011 - 01:21 PM

Yeah, you can use the same tools on the desktop. To give the complete clean and good to go you may want to consider the following:

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#9 denfin

denfin
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:49 AM

Posted 14 March 2011 - 09:20 PM

New topic created. Here is the link:

http://www.bleepingcomputer.com/forums/topic385054.html

At this point, unless there is something specific I still need to do, other than possibly implementing some of the suggestions in the Guide, I believe my issue on both the laptop and the desktop have been resolved. I thank you very much for your assistance.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:49 AM

Posted 14 March 2011 - 09:47 PM

Hello, your new log topic is here. http://www.bleepingcomputer.com/forums/topic385054.html

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users