Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect


  • This topic is locked This topic is locked
5 replies to this topic

#1 Prof.Parry

Prof.Parry

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 05 May 2011 - 11:51 PM

Hello,

I seem to have some kind of malware on my machine which has affected the machine performance and also has the internet browsers redirecting to unknown, generally embarrassing websites. I have Malwarebytes Anti-Malware which has not resolved the redirecting issue. Also I keep getting a generic host win32 error every time I am browsing and at times the appearance of the Windows style suddenly changes from Windows XP to Classic.

Please help resolve this annoyance.

Thank you.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:58 AM

Posted 06 May 2011 - 12:02 AM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Can you please post the logs from Malwarebytes?

SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#3 Prof.Parry

Prof.Parry
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 10 May 2011 - 11:48 PM

Hi Cryptodan,

Thanks for your reply and your advice. I have followed the steps you asked for. My machine seems to be severely affected as I had a lot of trouble running the scans. Hence the delay in answering back. Thanks for your help with this.

Here are the logs as requested.

Note: The redirect still happen despite the scans and cleanups.

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-10 23:17:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 Hitachi_HTS541680J9SA00 rev.SB2OC74P
Running: gmer.exe; Driver: C:\DOCUME~1\Gaurang\LOCALS~1\Temp\fgtyapog.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9E9F0E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9E9F0F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9E9F120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9E9F176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9E9F0CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9E9F0A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9E9F0B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9E9F10A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9E9F14C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9E9F136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9E9F1A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9E9F18C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9E9F160]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 8050225C 7 Bytes JMP B9E9F164 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805A75C4 7 Bytes JMP B9E9F17A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A83DA 5 Bytes JMP B9E9F190 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetSecurityObject 805B6114 5 Bytes JMP B9E9F150 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C13F8 5 Bytes JMP B9E9F0A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C1684 5 Bytes JMP B9E9F0BC mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8DA6 5 Bytes JMP B9E9F1A4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 8061925E 7 Bytes JMP B9E9F13A mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 8061A70E 7 Bytes JMP B9E9F10E mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateKey 8061ACEC 5 Bytes JMP B9E9F0E4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8061B188 7 Bytes JMP B9E9F0F8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 8061B358 7 Bytes JMP B9E9F124 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwOpenKey 8061C0CA 5 Bytes JMP B9E9F0D0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[624] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe[624] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00040FE5
.text C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0004001B
.text C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A00FE5
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A00F72
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A0005D
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A00F83
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A00036
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A00F9E
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A0009D
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A00F55
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A00F1F
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A00F3A
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A00F0E
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A00025
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A0008C
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A00FB9
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A00FD4
.text C:\WINDOWS\system32\services.exe[1100] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A000AE
.text C:\WINDOWS\system32\services.exe[1100] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F0051
.text C:\WINDOWS\system32\services.exe[1100] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F009B
.text C:\WINDOWS\system32\services.exe[1100] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F0036
.text C:\WINDOWS\system32\services.exe[1100] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F001B
.text C:\WINDOWS\system32\services.exe[1100] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009F0FD4
.text C:\WINDOWS\system32\services.exe[1100] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\services.exe[1100] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009F0FE5
.text C:\WINDOWS\system32\services.exe[1100] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BF, 88]
.text C:\WINDOWS\system32\services.exe[1100] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009F0062
.text C:\WINDOWS\system32\services.exe[1100] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070F9C
.text C:\WINDOWS\system32\services.exe[1100] msvcrt.dll!system 77C293C7 5 Bytes JMP 00070031
.text C:\WINDOWS\system32\services.exe[1100] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0007000C
.text C:\WINDOWS\system32\services.exe[1100] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070FE3
.text C:\WINDOWS\system32\services.exe[1100] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00070FB7
.text C:\WINDOWS\system32\services.exe[1100] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070FD2
.text C:\WINDOWS\system32\services.exe[1100] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00050FE5
.text C:\WINDOWS\system32\services.exe[1100] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00050FD4
.text C:\WINDOWS\system32\services.exe[1100] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[1100] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00050011
.text C:\WINDOWS\system32\services.exe[1100] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D00000
.text C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D00036
.text C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D0001B
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FA0FEF
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FA0F6D
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FA0F88
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FA006C
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FA0051
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FA0FCA
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FA0F3F
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FA0F50
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FA00A9
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FA0098
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FA00BA
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FA0FAF
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FA0014
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FA007D
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FA0036
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FA0025
.text C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FA0F1A
.text C:\WINDOWS\system32\lsass.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D6000A
.text C:\WINDOWS\system32\lsass.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D60F68
.text C:\WINDOWS\system32\lsass.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D60FC3
.text C:\WINDOWS\system32\lsass.exe[1112] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D60FDE
.text C:\WINDOWS\system32\lsass.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D6002F
.text C:\WINDOWS\system32\lsass.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\lsass.exe[1112] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00D60F8D
.text C:\WINDOWS\system32\lsass.exe[1112] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [F6, 88]
.text C:\WINDOWS\system32\lsass.exe[1112] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D60F9E
.text C:\WINDOWS\system32\lsass.exe[1112] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D30042
.text C:\WINDOWS\system32\lsass.exe[1112] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D30FB7
.text C:\WINDOWS\system32\lsass.exe[1112] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D30FD2
.text C:\WINDOWS\system32\lsass.exe[1112] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D30FEF
.text C:\WINDOWS\system32\lsass.exe[1112] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D30027
.text C:\WINDOWS\system32\lsass.exe[1112] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D3000C
.text C:\WINDOWS\system32\lsass.exe[1112] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D20000
.text C:\WINDOWS\system32\lsass.exe[1112] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\system32\lsass.exe[1112] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D1000A
.text C:\WINDOWS\system32\lsass.exe[1112] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D10FCA
.text C:\WINDOWS\system32\lsass.exe[1112] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00D10FAF
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 025E0000
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 025E0FE5
.text C:\WINDOWS\system32\svchost.exe[1268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 025E001B
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02630FEF
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02630F68
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02630F83
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02630F94
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02630047
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02630FB9
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02630F30
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02630082
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 026300C2
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026300A7
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02630F0E
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02630036
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0263000A
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02630F57
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02630025
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02630FCA
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02630F1F
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02620FD4
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02620FAF
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02620FEF
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02620025
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02620062
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02620000
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02620047
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02620036
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02610F8B
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!system 77C293C7 5 Bytes JMP 02610FA6
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02610FD2
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02610000
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02610FB7
.text C:\WINDOWS\system32\svchost.exe[1268] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02610FE3
.text C:\WINDOWS\system32\svchost.exe[1268] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 025F0FE5
.text C:\WINDOWS\system32\svchost.exe[1268] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 025F0000
.text C:\WINDOWS\system32\svchost.exe[1268] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 025F0FD4
.text C:\WINDOWS\system32\svchost.exe[1268] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 025F0FB9
.text C:\WINDOWS\system32\svchost.exe[1268] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02600FEF
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00F20FE5
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00F2000A
.text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F20FD4
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70000
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70F52
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70F6D
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70F8A
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70047
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F7002C
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F70F12
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70F2D
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F70EF7
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F70086
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F70EE6
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70FA5
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F7001B
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70058
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F70FCA
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F70FE5
.text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F70075
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F60FB9
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F60F68
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60FCA
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F60F79
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F60F8A
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [16, 89]
.text C:\WINDOWS\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F6001B
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50042
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F50031
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50FD2
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F50FB7
.text C:\WINDOWS\system32\svchost.exe[1356] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50000
.text C:\WINDOWS\system32\svchost.exe[1356] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\system32\svchost.exe[1356] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00F30000
.text C:\WINDOWS\system32\svchost.exe[1356] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00F30FCA
.text C:\WINDOWS\system32\svchost.exe[1356] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00F30FAF
.text C:\WINDOWS\system32\svchost.exe[1356] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 041F0FE5
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 041F000A
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 041F0FD4
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CF000A
.text C:\WINDOWS\System32\svchost.exe[1396] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CD000C
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 04240FE5
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 04240F7C
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 04240F97
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 04240071
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 04240FA8
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 04240025
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 04240F61
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 042400B3
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 042400DF
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 042400C4
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 042400FA
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 04240040
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 04240000
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0424008C
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 04240FB9
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 04240FCA
.text C:\WINDOWS\System32\svchost.exe[1396] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 04240F46
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0423001E
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 04230F7C
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 04230FCD
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 04230FDE
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 04230039
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 04230FEF
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 04230FA1
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [43, 8C]
.text C:\WINDOWS\System32\svchost.exe[1396] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 04230FB2
.text C:\WINDOWS\System32\svchost.exe[1396] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00D0000A
.text C:\WINDOWS\System32\svchost.exe[1396] ole32.dll!CoCreateInstance 774FF1AC 3 Bytes JMP 00DB000A
.text C:\WINDOWS\System32\svchost.exe[1396] ole32.dll!CoCreateInstance + 4 774FF1B0 1 Byte [89]
.text C:\WINDOWS\System32\svchost.exe[1396] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 04220FBE
.text C:\WINDOWS\System32\svchost.exe[1396] msvcrt.dll!system 77C293C7 5 Bytes JMP 04220049
.text C:\WINDOWS\System32\svchost.exe[1396] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 04220038
.text C:\WINDOWS\System32\svchost.exe[1396] msvcrt.dll!_open 77C2F566 5 Bytes JMP 04220000
.text C:\WINDOWS\System32\svchost.exe[1396] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 04220FE3
.text C:\WINDOWS\System32\svchost.exe[1396] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0422001D
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 04200FEF
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0420000A
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0420001B
.text C:\WINDOWS\System32\svchost.exe[1396] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 04200040
.text C:\WINDOWS\System32\svchost.exe[1396] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0421000A
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 001D0000
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 001D0036
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001D001B
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A30000
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A30058
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A30F63
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A30F8A
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A30047
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A3002C
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A30F21
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A30069
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A30084
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A30EEB
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A30095
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A30FA5
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A30011
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A30F48
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A30FC0
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A30FDB
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A30F06
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A20FCA
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A20F9E
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A2001B
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A2000A
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A2005B
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00A20FAF
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [C2, 88]
.text C:\WINDOWS\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A20036
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A10FAD
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A10FC8
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A10FE3
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A10038
.text C:\WINDOWS\system32\svchost.exe[1564] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A1001D
.text C:\WINDOWS\system32\svchost.exe[1564] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 009F0000
.text C:\WINDOWS\system32\svchost.exe[1564] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 009F0FE5
.text C:\WINDOWS\system32\svchost.exe[1564] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 009F001B
.text C:\WINDOWS\system32\svchost.exe[1564] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 009F0036
.text C:\WINDOWS\system32\svchost.exe[1564] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 001D000A
.text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 001D002C
.text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001D001B
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E40051
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E40F5C
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E40F83
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E40036
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E40FB9
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E40F24
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E40F35
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E40098
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E40EFF
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E400B3
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E40F94
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E40FEF
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E40062
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E40FCA
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E40025
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E4007D
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E30025
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E30065
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E3000A
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E30FD4
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E30FA8
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E30FB9
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [03, 89]
.text C:\WINDOWS\system32\svchost.exe[1632] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E30036
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E2005F
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E20FD4
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E20033
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E20000
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E20044
.text C:\WINDOWS\system32\svchost.exe[1632] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E20FEF
.text C:\WINDOWS\system32\svchost.exe[1632] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E00FEF
.text C:\WINDOWS\system32\svchost.exe[1632] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E00FD4
.text C:\WINDOWS\system32\svchost.exe[1632] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E00FC3
.text C:\WINDOWS\system32\svchost.exe[1632] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00E00FA8
.text C:\WINDOWS\system32\svchost.exe[1632] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E1000A
.text C:\WINDOWS\Explorer.EXE[1748] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02440FEF
.text C:\WINDOWS\Explorer.EXE[1748] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02440FDE
.text C:\WINDOWS\Explorer.EXE[1748] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0244000A
.text C:\WINDOWS\Explorer.EXE[1748] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C7000A
.text C:\WINDOWS\Explorer.EXE[1748] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C5000C
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02E5000A
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02E50F5F
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02E50054
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02E50F7C
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02E50F97
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02E50FCD
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02E50F33
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02E50F4E
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02E500BB
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02E500A0
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02E500D6
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02E50FA8
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02E50FEF
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02E5006F
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02E50FDE
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02E50025
.text C:\WINDOWS\Explorer.EXE[1748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02E50F22
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02E30036
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02E3007D
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02E30025
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02E3000A
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02E30FCA
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02E30FE5
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02E3006C
.text C:\WINDOWS\Explorer.EXE[1748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02E30051
.text C:\WINDOWS\Explorer.EXE[1748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02E0006B
.text C:\WINDOWS\Explorer.EXE[1748] msvcrt.dll!system 77C293C7 5 Bytes JMP 02E0005A
.text C:\WINDOWS\Explorer.EXE[1748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02E0002E
.text C:\WINDOWS\Explorer.EXE[1748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02E00000
.text C:\WINDOWS\Explorer.EXE[1748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02E00049
.text C:\WINDOWS\Explorer.EXE[1748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02E0001D
.text C:\WINDOWS\Explorer.EXE[1748] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02450FEF
.text C:\WINDOWS\Explorer.EXE[1748] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0245000A
.text C:\WINDOWS\Explorer.EXE[1748] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02450FCA
.text C:\WINDOWS\Explorer.EXE[1748] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 0245001B
.text C:\WINDOWS\Explorer.EXE[1748] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02DF0FE5
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 001B001B
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0078
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F83
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0051
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0F9E
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0025
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF00BF
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF00AE
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0F55
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF00EE
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF0113
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0040
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF0093
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0FC3
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF0FD4
.text C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF0F66
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BE0FC0
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BE0F6F
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BE001B
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BE0F8A
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BE0000
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00BE0F9B
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [DE, 88]
.text C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BE002C
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BD005F
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BD004E
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BD0FDE
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BD000C
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BD0033
.text C:\WINDOWS\system32\svchost.exe[1924] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BD0FEF
.text C:\WINDOWS\system32\svchost.exe[1924] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 001D0FEF
.text C:\WINDOWS\system32\svchost.exe[1924] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 001D0FDE
.text C:\WINDOWS\system32\svchost.exe[1924] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 001D0FCD
.text C:\WINDOWS\system32\svchost.exe[1924] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 001D001E
.text C:\WINDOWS\system32\svchost.exe[1924] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[2200] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00D80FE5
.text C:\WINDOWS\system32\svchost.exe[2200] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00D80FCA
.text C:\WINDOWS\system32\svchost.exe[2200] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D80000
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DD0000
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DD0067
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DD0056
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DD0F7C
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DD0F8D
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DD0FAF
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DD0F3F
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DD0F50
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DD00B3
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DD0F1A
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DD00C4
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DD0F9E
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DD001B
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DD0F61
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DD0FCA
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DD0FDB
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DD0098
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DC0036
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DC008E
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DC001B
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DC0FE5
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DC007D
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DC0000
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00DC0062
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DC0051
.text C:\WINDOWS\system32\svchost.exe[2200] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00DB0F92
.text C:\WINDOWS\system32\svchost.exe[2200] msvcrt.dll!system 77C293C7 5 Bytes JMP 00DB0FAD
.text C:\WINDOWS\system32\svchost.exe[2200] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00DB001D
.text C:\WINDOWS\system32\svchost.exe[2200] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[2200] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00DB0FBE
.text C:\WINDOWS\system32\svchost.exe[2200] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00DB000C
.text C:\WINDOWS\system32\svchost.exe[2200] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D90000
.text C:\WINDOWS\system32\svchost.exe[2200] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D90FE5
.text C:\WINDOWS\system32\svchost.exe[2200] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D9001B
.text C:\WINDOWS\system32\svchost.exe[2200] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 00D90FD4
.text C:\WINDOWS\system32\svchost.exe[2200] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00DA0000
.text C:\WINDOWS\System32\svchost.exe[3912] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0009000A
.text C:\WINDOWS\System32\svchost.exe[3912] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00090025
.text C:\WINDOWS\System32\svchost.exe[3912] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00090FEF
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00310FEF
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00310047
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00310F52
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0031002C
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0031001B
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00310F94
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00310F10
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00310058
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0031009F
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00310084
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00310EEB
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00310F79
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00310FD4
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00310F2D
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00310FAF
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00310000
.text C:\WINDOWS\System32\svchost.exe[3912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00310069
.text C:\WINDOWS\System32\svchost.exe[3912] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00400FCA
.text C:\WINDOWS\System32\svchost.exe[3912] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00400F94
.text C:\WINDOWS\System32\svchost.exe[3912] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00400FDB
.text C:\WINDOWS\System32\svchost.exe[3912] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0040001B
.text C:\WINDOWS\System32\svchost.exe[3912] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00400051
.text C:\WINDOWS\System32\svchost.exe[3912] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0040000A
.text C:\WINDOWS\System32\svchost.exe[3912] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00400036
.text C:\WINDOWS\System32\svchost.exe[3912] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00400FB9
.text C:\WINDOWS\System32\svchost.exe[3912] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00550069
.text C:\WINDOWS\System32\svchost.exe[3912] msvcrt.dll!system 77C293C7 5 Bytes JMP 00550FDE
.text C:\WINDOWS\System32\svchost.exe[3912] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00550029
.text C:\WINDOWS\System32\svchost.exe[3912] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00550FEF
.text C:\WINDOWS\System32\svchost.exe[3912] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00550044
.text C:\WINDOWS\System32\svchost.exe[3912] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0055000C
.text C:\WINDOWS\System32\svchost.exe[3912] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002B0FE5
.text C:\WINDOWS\System32\svchost.exe[3912] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\System32\svchost.exe[3912] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002B0000
.text C:\WINDOWS\System32\svchost.exe[3912] WININET.dll!InternetOpenUrlW 3D9A6D77 5 Bytes JMP 002B0FAF
.text C:\WINDOWS\System32\svchost.exe[3912] WS2_32.dll!socket 71AB4211 5 Bytes JMP 002C0FE5

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Apoint\Apntex.exe[124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AC2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\Apntex.exe[124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AC2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\Apntex.exe[124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AC2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\Apntex.exe[124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AC2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BB2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BB2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BB2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BB2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[700] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[700] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Apoint\HidFind.exe[2076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AC2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\HidFind.exe[2076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AC2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\HidFind.exe[2076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AC2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\HidFind.exe[2076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AC2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009F2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009F2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009F2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[3296] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [013A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[3296] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [013A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[3296] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [013A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[3296] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [013A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[3464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[3464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[3464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[3464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D52F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D52CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D52D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D52CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E02F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E02CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E02D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[3616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E02CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[3760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[3760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[3760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxsrvc.exe[3760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee.com\Agent\mcagent.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F22F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee.com\Agent\mcagent.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F22CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee.com\Agent\mcagent.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F22D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\McAfee.com\Agent\mcagent.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F22CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\Apoint.exe[3832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AE2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\Apoint.exe[3832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AE2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\Apoint.exe[3832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AE2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Apoint\Apoint.exe[3832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AE2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3884] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F52F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3884] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F52CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3884] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F52D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3884] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F52CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3920] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Gaurang\Desktop\gmer.exe[3964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Gaurang\Desktop\gmer.exe[3964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Gaurang\Desktop\gmer.exe[3964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Gaurang\Desktop\gmer.exe[3964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01002F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01002CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01002D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01002CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89D2257B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 89D2257B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89D2257B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 89D2257B

AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

MALWAREBYTES ANTI-MALWARE SCAN LOG

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6529

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/8/2011 3:32:17 AM
mbam-log-2011-05-08 (03-32-17).txt

Scan type: Full scan (C:\|)
Objects scanned: 277972
Time elapsed: 1 hour(s), 51 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERANTISPYWARE SCAN LOG


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/09/2011 at 05:27 AM

Application Version : 4.52.1000

Core Rules Database Version : 7015
Trace Rules Database Version: 4827

Scan type : Complete Scan
Total Scan Time : 07:25:53

Memory items scanned : 291
Memory threats detected : 0
Registry items scanned : 7353
Registry threats detected : 2
File items scanned : 129952
File threats detected : 938

Trojan.Hugipon
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters
HKLM\System\CURRENTCONTROLSET\SERVICES\6TO4\Parameters#ServiceDll

Rogue.AntiMalwareDoctor
C:\Documents and Settings\Gaurang\Application Data\D10BBEC5E30920561ACC8769169CD12E

Adware.Tracking Cookie
a.ads2.msads.net [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
ads2.msads.net [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
ads3.richmedia.in [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
api.indieclicktv.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
broadcast.piximedia.fr [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
cache.specificmedia.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
card.cricket.timesofindia.indiatimes.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
cdn4.specificclick.net [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
core.insightexpressai.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
crackle.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
d8.zedo.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
ds.serving-sys.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
ec.atdmt.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
hottraffic.nl [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
ia.media-imdb.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
ictv-bd-ec.indieclicktv.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
imagec05.247realmedia.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
interclick.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
m1.2mdn.net [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
macromedia.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
media.ign.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
media.kohls.com.edgesuite.net [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
media.kyte.tv [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
media.monster.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
media.movieweb.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
media.mtvnservices.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
media.scanscout.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
media.thewb.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
media.vmixcore.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
media1.break.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
media2.firstshowing.net [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
msnbcmedia.msn.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
msntest.serving-sys.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
naiadsystems.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
objects.tremormedia.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
s0.2mdn.net [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
serving-sys.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
spe.atdmt.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
static.2mdn.net [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
timesofindia.indiatimes.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
tracker.dominos.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
udn.specificclick.net [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
video.redorbit.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
www.crackle.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
www.naiadsystems.com [ C:\Documents and Settings\Gaurang\Application Data\Macromedia\Flash Player\#SharedObjects\4S4J558Z ]
.specificclick.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
clients.pointroll.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
segment-pixel.invitemedia.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
sales.liveperson.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
sales.liveperson.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.stopzilla.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
www.stopzilla.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
sdesapio-conversiontracker.appspot.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
g-pixel.invitemedia.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
dc.tremormedia.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\Gaurang\Application Data\Mozilla\Firefox\Profiles\yo1cv3hz.default\cookies.sqlite ]
C:\Documents and Settings\Gaurang\Cookies\gaurang@a1.interclick[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@accountonline[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ad.wsod[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ad.yieldmanager[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ad.yieldmanager[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ad.yieldmanager[3].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@adbrite[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@adbureau[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@adecn[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ads.ad4game[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ads.addynamix[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ads.associatedcontent[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ads.audxch[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ads.bootcampmedia[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ads.foodbuzz[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ads.gamersmedia[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ads.monster[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ads.nascar[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ads.pointroll[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ads.tmnetads[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ads.undertone[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@adserver.adreactor[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@adserver.adtechus[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@adtech[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@adultadworld[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@adv.dmv[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@adv.exbii[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@advertising[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@adxpose[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@amazonservices.122.2o7[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@answerstv.112.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@apmebf[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@associatedcontent.112.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@at.atwola[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@atdmt[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@azjmp[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@banner.adchemy[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@banners.audioholics[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@bannertgt[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@bluestreak[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@bs.serving-sys[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@burstbeacon[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@businessfind[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@camdenproperty.122.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@careers.peopleclick[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@casalemedia[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@cb.adbureau[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@cdn4.specificclick[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@chitika[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@citi.bridgetrack[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@click.mediadome[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@clicksor[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@clickthrough.kanoodle[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@clickz.lonelycheatingwives[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@collective-media[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@content.yieldmanager[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@content.yieldmanager[3].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@counter.hitslink[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@counter.surfcounters[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@csc.112.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@data.coremetrics[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@dc.tremormedia[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@divx.112.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@dmtracker[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@edge.ru4[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@edgeadx[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ehg-ccbn.hitbox[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ehg-equifax.hitbox[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ehg-techtarget.hitbox[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@equifax.adbureau[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@eyewonder[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@fastclick[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ge.112.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@genentech.122.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@google.lucidmedia[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@harrenmedianetwork[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@healthgrades.112.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@hitbox[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@homestore.122.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@imagevenue.advertserve[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@imrworldwide[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@in.getclicky[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@incentaclick[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@insightexpressai[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@interclick[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@intermundomedia[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@invitemedia[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@invitemedia[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@kontera[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@leeenterprises.112.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@legolas-media[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@lfstmedia[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@liveperson[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@liveperson[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@liveperson[3].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@liveperson[5].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@liveperson[6].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@liveperson[7].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@liveperson[8].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@lucidmedia[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@media.adfrontiers[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@media6degrees[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@mediafire[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@mediaplex[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@microsoftsto.112.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@msnportal.112.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@myroitracking[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@network.realmedia[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@novonordiskas.112.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@oasn04.247realmedia[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@overture[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@pfizer.122.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@pointroll[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@pro-market[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@qnsr[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@questionmarket[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@realmedia[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@rediffcom.122.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@revenue[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@revsci[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@revsci[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@richmedia.yahoo[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@rotator.adjuggler[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@ru4[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@sales.liveperson[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@sales.liveperson[4].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@server.cpmstar[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@serving-sys[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@specificclick[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@specificmedia[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@statcounter[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@stats-newyork1.bloxcms[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@stats.camdenliving[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@statse.webtrendslive[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@t4.trackalyzer[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@tacoda[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@target.db.advertising[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@test.coremetrics[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@timesofindia.indiatimes[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@trackalyzer[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@tracking.realtor[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@trafficmp[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@transunioninteractive.122.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@traveladvertising[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@tribalfusion[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@tribalfusion[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@trvlnet.adbureau[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@usairways.112.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@usairways.112.2o7[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@valueclick[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@videoegg.adbureau[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@walmart.112.2o7[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@www.accountonline[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@www.addfreestats[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@www.burstbeacon[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@www.burstbeacon[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@www.burstnet[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@www.googleadservices[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@www.googleadservices[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@www.googleadservices[3].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@www.googleadservices[4].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@www.incentaclick[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@www.mediafire[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@www8.addfreestats[1].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@xm.xtendmedia[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@yadro[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@yieldmanager[2].txt
C:\Documents and Settings\Gaurang\Cookies\gaurang@zedo[1].txt
crackle.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\862H27ZZ ]
media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\862H27ZZ ]
media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\862H27ZZ ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\862H27ZZ ]
s0.2mdn.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\862H27ZZ ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\862H27ZZ ]
stat.easydate.biz [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\862H27ZZ ]
C:\Documents and Settings\LocalService\Cookies\system@2o7[1].txt
C:\Documents and Settings\LocalService\Cookies\system@a1.interclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[3].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[4].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[3].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[4].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.bighealthtree[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.cpxcenter[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.financialcontent[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.glispa[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.lycos[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.pointroll[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.pointroll[2].txt
C:\Documents and Settings\LocalService\Cookies\system@adserver.adtechus[1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertise[1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertise[3].txt
C:\Documents and Settings\LocalService\Cookies\system@advertising[1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertising[2].txt
C:\Documents and Settings\LocalService\Cookies\system@advertising[3].txt
C:\Documents and Settings\LocalService\Cookies\system@advertising[4].txt
C:\Documents and Settings\LocalService\Cookies\system@advertising[5].txt
C:\Documents and Settings\LocalService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adxpose[2].txt
C:\Documents and Settings\LocalService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\LocalService\Cookies\system@apmebf[2].txt
C:\Documents and Settings\LocalService\Cookies\system@apmebf[3].txt
C:\Documents and Settings\LocalService\Cookies\system@apmebf[4].txt
C:\Documents and Settings\LocalService\Cookies\system@ar.atwola[1].txt
C:\Documents and Settings\LocalService\Cookies\system@at.atwola[1].txt
C:\Documents and Settings\LocalService\Cookies\system@at.atwola[2].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[3].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[4].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[5].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[6].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[8].txt
C:\Documents and Settings\LocalService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@bizzclick[3].txt
C:\Documents and Settings\LocalService\Cookies\system@bizzclick[4].txt
C:\Documents and Settings\LocalService\Cookies\system@casalemedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@cdn.jemamedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@cdn.jemamedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@citi.bridgetrack[1].txt
C:\Documents and Settings\LocalService\Cookies\system@citi.bridgetrack[2].txt
C:\Documents and Settings\LocalService\Cookies\system@collective-media[1].txt
C:\Documents and Settings\LocalService\Cookies\system@collective-media[2].txt
C:\Documents and Settings\LocalService\Cookies\system@collective-media[4].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[1].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[4].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[5].txt
C:\Documents and Settings\LocalService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@dc.tremormedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@dc.tremormedia[4].txt
C:\Documents and Settings\LocalService\Cookies\system@dc.tremormedia[5].txt
C:\Documents and Settings\LocalService\Cookies\system@dc.tremormedia[6].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[3].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[4].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[5].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[6].txt
C:\Documents and Settings\LocalService\Cookies\system@eyewonder[2].txt
C:\Documents and Settings\LocalService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@fastclick[4].txt
C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[3].txt
C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[4].txt
C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[5].txt
C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[6].txt
C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[7].txt
C:\Documents and Settings\LocalService\Cookies\system@imrworldwide[8].txt
C:\Documents and Settings\LocalService\Cookies\system@insightexpressai[1].txt
C:\Documents and Settings\LocalService\Cookies\system@interclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[3].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[4].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[5].txt
C:\Documents and Settings\LocalService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@lucidmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@lucidmedia[3].txt
C:\Documents and Settings\LocalService\Cookies\system@lucidmedia[4].txt
C:\Documents and Settings\LocalService\Cookies\system@lucidmedia[5].txt
C:\Documents and Settings\LocalService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\LocalService\Cookies\system@media6degrees[3].txt
C:\Documents and Settings\LocalService\Cookies\system@mediabrandsww[1].txt
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[3].txt
C:\Documents and Settings\LocalService\Cookies\system@mediatraffic[1].txt
C:\Documents and Settings\LocalService\Cookies\system@mm.chitika[1].txt
C:\Documents and Settings\LocalService\Cookies\system@myroitracking[1].txt
C:\Documents and Settings\LocalService\Cookies\system@myroitracking[2].txt
C:\Documents and Settings\LocalService\Cookies\system@network.realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@network.realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@network.realmedia[3].txt
C:\Documents and Settings\LocalService\Cookies\system@network.realmedia[4].txt
C:\Documents and Settings\LocalService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\LocalService\Cookies\system@pointroll[3].txt
C:\Documents and Settings\LocalService\Cookies\system@pointroll[4].txt
C:\Documents and Settings\LocalService\Cookies\system@pro-market[1].txt
C:\Documents and Settings\LocalService\Cookies\system@questionmarket[1].txt
C:\Documents and Settings\LocalService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\LocalService\Cookies\system@questionmarket[3].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[3].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[4].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[5].txt
C:\Documents and Settings\LocalService\Cookies\system@ru4[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ru4[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ru4[3].txt
C:\Documents and Settings\LocalService\Cookies\system@ru4[4].txt
C:\Documents and Settings\LocalService\Cookies\system@ru4[5].txt
C:\Documents and Settings\LocalService\Cookies\system@search.clickcheer[1].txt
C:\Documents and Settings\LocalService\Cookies\system@searchnet.chitika[2].txt
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[4].txt
C:\Documents and Settings\LocalService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@specificmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@statcounter[1].txt
C:\Documents and Settings\LocalService\Cookies\system@statcounter[2].txt
C:\Documents and Settings\LocalService\Cookies\system@tacoda.at.atwola[1].txt
C:\Documents and Settings\LocalService\Cookies\system@trafficengine[1].txt
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[3].txt
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[5].txt
C:\Documents and Settings\LocalService\Cookies\system@www.find-quick-results[1].txt
C:\Documents and Settings\LocalService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\LocalService\Cookies\system@zedo[1].txt
convoad.technoratimedia.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KBLAU47H ]
crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KBLAU47H ]
media.heavy.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KBLAU47H ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KBLAU47H ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KBLAU47H ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KBLAU47H ]
msnbcmedia.msn.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KBLAU47H ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KBLAU47H ]
s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KBLAU47H ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KBLAU47H ]
serving-sys.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KBLAU47H ]
stat.easydate.biz [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KBLAU47H ]
static.cdn.360.sorensonmedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\KBLAU47H ]
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@24hdomainstats[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[11].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@adjuggler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adlegend[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adlegend[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adlegend[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@admarketplace[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.addynamix[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.addynamix[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.adk2[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.adk2[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bighealthtree[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bighealthtree[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bighealthtree[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.blogtalkradio[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.financialcontent[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.financialcontent[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.inextmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.lycos[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[11].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.ppgpubs[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.react2media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.roiserver[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserv.brandaffinity[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.valwa[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserving.localpages[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserving.localpages[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserving.versaneeds[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserving.versaneeds[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserving.versaneeds[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adultfriendfinder[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertisefirst[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertisefirst[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[11].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[11].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@adx.bidsystem[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@andomedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[11].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@ar.atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ar.atwola[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[11].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atwola[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@beacon.dmsinsights[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@bridge2.admarketplace[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn1.trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn1.trafficmp[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@citi.bridgetrack[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.blue-square-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickbank[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickbank[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickbank[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickkick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickkick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickpayz1.91462.expand-search-goals[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickpayz10.91497.information-seeking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickpayz9.91462.expand-search-goals[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicksaudit[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicksor[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicksor[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickthrough.kanoodle[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickthrough.kanoodle[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickthrough.kanoodle[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[11].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@counters.gigya[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@crackle[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@crackle[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@crackle[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[11].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@digitalentertainment.122.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@educationcom.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@educationcom.112.2o7[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ehg-players.hitbox[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@enhance[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[11].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@fidelity.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@fidelity.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@harrenmedianetwork[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@hitbox[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@homestore.122.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@homestore.122.2o7[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@in.getclicky[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@indianfriendfinder[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@indieclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[11].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@m1.mediasrv[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media.adfrontiers[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media.adfrontiers[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaservices-d.openxenterprise[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediatraffic[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediatraffic[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediatraffic[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@mm.chitika[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@optimize.indieclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@overture[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@p373t1s2853432.kronos.bravenetmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pixel.invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pixel.invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@platform.revenuestreet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[11].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@qa.adserver.adbull[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[11].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[11].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@rotator.adjuggler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@rotator.adjuggler[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.boltfind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.boltfind[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clickbowl[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksare[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksare[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksfind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksthe[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksthis[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clickwhale[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.findsmy[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.findtopresults[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.findxml[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.hippofind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.hippofind[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.seekfinds[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.toseeking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.toseeking[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.toseeking[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[11].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@stats.justhost[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@stats.supergreenhosting[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@statse.webtrendslive[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@t.pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tacoda.at.atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tacoda.at.atwola[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tacoda.at.atwola[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@tacoda.at.atwola[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@tacoda.at.atwola[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@tacoda.at.atwola[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@technoratimedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[10].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[11].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[9].txt
C:\Documents and Settings\NetworkService\Cookies\system@uiadserver[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@uiadserver[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@uiadserver[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@user.lucidmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@user.lucidmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@user.lucidmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@viacom.adbureau[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@viacom.adbureau[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@vidasco.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@viewablemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@wstat.wibiya[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.find-quick-results[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.find-quick-results[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.find-quick-results[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.findeven[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.finditquick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.finditquick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.findsearchengineresults[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.findstuff[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.serafind[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.trackimizer[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[5].txt

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:58 AM

Posted 11 May 2011 - 01:42 PM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#5 Prof.Parry

Prof.Parry
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 11 May 2011 - 09:09 PM

Hi Cryptodan,

I have created a new topic as suggested. Here is the link to the topic.

http://www.bleepingcomputer.com/forums/topic396873.html

Thanks much for your assistance.

#6 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:58 AM

Posted 11 May 2011 - 09:56 PM

Hello,

Now for the hard and frustrating part: waiting.

Now that you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users