Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Windows Command processor virus


  • Please log in to reply
11 replies to this topic

#1 Guest_dxpoo_*

Guest_dxpoo_*

  • Guests
  • OFFLINE
  •  

Posted 04 April 2012 - 03:02 PM

I was on the internet and a pop up came up. I thought I clicked off it, but it must not have been the case. Rapport real time detected this, as I have this installed. It said it had removed it, but this Windows Command Processor virus keeps asking for permission. I cannot click cancel, it keeps popping up.

I cannot access google chrome anymore, because it keeps crashing, i managed to install malwarebytes, but it wont open, (i am using modzilla at the moment)

Please help me, thanks.

Edited by dxpoo, 04 April 2012 - 03:11 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md

Posted 04 April 2012 - 03:42 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can. If you have performed any of the scans below post the logs for those scans, and then perform the ones you have not done.

Please download and run Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#3 Guest_dxpoo_*

Guest_dxpoo_*

  • Guests
  • OFFLINE
  •  

Posted 05 April 2012 - 11:57 AM

Ok here is the Security Check logs.

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee Total Protection
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

TuneUp Companion 2.2.7
Java™ 6 Update 20
Java version out of date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (3.6.24) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

by the way i will be updating mcafee soon, i just need to renew it.

and here are the malware bytes logs, i managed to earlier then read this post, i managed to do a full scan but i had to abort the first scan since i needed to go sleep due to work early in the morning, so here is the aborted scan which removed 2 things.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.04.08

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Jasmine :: JASMINE-PC [administrator]

04/04/2012 21:15:23
mbam-log-2012-04-04 (21-15-23).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 128702
Time elapsed: 43 minute(s), 48 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files\BT Business Broadband Desktop Help\btbb\OCB\79d05009-4b36-41ec-bf32-463e84b98ed6\l81xGvue (Virus.Ramnit) -> Quarantined and deleted successfully.
C:\Users\Jasmine\ms.exe (Virus.Ramnit) -> Quarantined and deleted successfully.

(end)


and here is the full scan i did before the security check.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.04.08

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Jasmine :: JASMINE-PC [administrator]

05/04/2012 16:08:08
mbam-log-2012-04-05 (16-08-08).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 347174
Time elapsed: 1 hour(s), 32 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


here is the SUPERAntiSpyware logs

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/05/2012 at 06:58 PM

Application Version : 5.0.1146

Core Rules Database Version : 8419
Trace Rules Database Version: 6231

Scan type : Complete Scan
Total Scan Time : 00:49:56

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Limited User (Administrator User)

Memory items scanned : 775
Memory threats detected : 0
Registry items scanned : 37300
Registry threats detected : 0
File items scanned : 49476
File threats detected : 225

Adware.Tracking Cookie
C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Cookies\jasmine@atdmt.combing[1].txt [ /atdmt.combing ]
C:\Users\Jasmine\AppData\Roaming\Microsoft\Windows\Cookies\jasmine@atdmt[1].txt [ /atdmt ]
C:\USERS\JASMINE\AppData\Roaming\Microsoft\Windows\Cookies\Low\jasmine@revsci[1].txt [ Cookie:jasmine@revsci.net/ ]
C:\USERS\JASMINE\AppData\Roaming\Microsoft\Windows\Cookies\Low\jasmine@doubleclick[1].txt [ Cookie:jasmine@doubleclick.net/ ]
C:\USERS\JASMINE\AppData\Roaming\Microsoft\Windows\Cookies\Low\jasmine@imrworldwide[2].txt [ Cookie:jasmine@imrworldwide.com/cgi-bin ]
C:\USERS\JASMINE\AppData\Roaming\Microsoft\Windows\Cookies\Low\jasmine@invitemedia[2].txt [ Cookie:jasmine@invitemedia.com/ ]
C:\USERS\JASMINE\AppData\Roaming\Microsoft\Windows\Cookies\Low\jasmine@mediaplex[1].txt [ Cookie:jasmine@mediaplex.com/ ]
C:\USERS\JASMINE\AppData\Roaming\Microsoft\Windows\Cookies\Low\jasmine@adbrite[2].txt [ Cookie:jasmine@adbrite.com/ ]
C:\USERS\JASMINE\AppData\Roaming\Microsoft\Windows\Cookies\Low\jasmine@casalemedia[2].txt [ Cookie:jasmine@casalemedia.com/ ]
C:\USERS\JASMINE\AppData\Roaming\Microsoft\Windows\Cookies\Low\jasmine@tribalfusion[1].txt [ Cookie:jasmine@tribalfusion.com/ ]
C:\USERS\JASMINE\AppData\Roaming\Microsoft\Windows\Cookies\Low\jasmine@adform[1].txt [ Cookie:jasmine@adform.net/ ]
C:\USERS\JASMINE\AppData\Roaming\Microsoft\Windows\Cookies\Low\jasmine@bs.serving-sys[1].txt [ Cookie:jasmine@bs.serving-sys.com/ ]
C:\USERS\JASMINE\AppData\Roaming\Microsoft\Windows\Cookies\Low\jasmine@at.atwola[1].txt [ Cookie:jasmine@at.atwola.com/ ]
C:\USERS\JASMINE\Cookies\jasmine@atdmt.combing[1].txt [ Cookie:jasmine@atdmt.combing.com/ ]
.atdmt.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
advancedsearch.virginmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
advancedsearch.virginmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.virginmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.clicksor.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.adviva.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.countrywidefarmers.co.uk [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.www.countrywidefarmers.co.uk [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.www.countrywidefarmers.co.uk [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
counter.hitslink.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
ad1.emediate.dk [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.careers.peopleclick.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.standardcharteredbank.122.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.trinitymirror.112.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.122.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.paypal.112.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.msnportal.112.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.popcapgames.122.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.trackalyzer.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.bluestreak.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.thegroup.112.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
stats.eon-uk.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.gradcracker.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
stats.matraxis.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.virginmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.accstandardbank.112.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.stats.paypal.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.mediametrics.mpsa.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.riverisland.122.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.newlook.112.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.newsquestdigitalmedia.122.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wfkoelajcho.stats.esomniture.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
int.sitestat.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
adserve.podaddies.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
timesofindia.indiatimes.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.ufi.122.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
tracking.decorativecoatings.biz [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.findaproperty.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
int.sitestat.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.goldmansachs.122.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.guava.122.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
identity.virginmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
identity.virginmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.virginmedia.112.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.shop.virginmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.virginmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.virginmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
selfcare.virginmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
selfcare.virginmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
www7.addfreestats.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.discount-voucher.co.uk [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.thefitfinder.co.uk [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.debenhams.122.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.kantarmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.beiersdorf.122.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
www.youraccount.orange.co.uk [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.www.youraccount.orange.co.uk [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
eas.apm.emediate.eu [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.siemens.112.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
tracker.roitesting.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.mckinseyknowledge.122.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
test.coremetrics.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.s.clickability.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.acronymfinder.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.avgtechnologies.112.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
www.latestdiscountvouchers.co.uk [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.latestdiscountvouchers.co.uk [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.lfstmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.findfreegraphics.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.findfreegraphics.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
www.ontoplist.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
p122t1s1611319.kronos.bravenetmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
27002.t10-click.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.adtechus.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.orionmedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.myticketmarket.112.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.livenation.122.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.haymarketbusinesspublications.122.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
uk.sitestat.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
media.ford.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
media.ford.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.media.ford.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.clickandbuy.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.clickandbuy.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.overture.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.liveperson.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.azjmp.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
www.googleadservices.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FWUULYQU.DEFAULT\COOKIES.SQLITE ]
art.aim4media.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QDJYRYEJ ]
ec.atdmt.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QDJYRYEJ ]
ia.media-imdb.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QDJYRYEJ ]
media.heavy.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QDJYRYEJ ]
media.kyte.tv [ C:\USERS\JASMINE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QDJYRYEJ ]
media.whosay.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QDJYRYEJ ]
msnbcmedia.msn.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QDJYRYEJ ]
s0.2mdn.net [ C:\USERS\JASMINE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QDJYRYEJ ]
secure-us.imrworldwide.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QDJYRYEJ ]
spe.atdmt.com [ C:\USERS\JASMINE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QDJYRYEJ ]
stat.easydate.biz [ C:\USERS\JASMINE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\QDJYRYEJ ]

Trojan.Agent/Gen-FraudLoad
D:\SAMSUNG R710 DRIVER PK\BASW-00849A\SOUNDDRV\CHCFG.EXE


and finally, GMER logs.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-05 21:03:42
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 FUJITSU_ rev.0000
Running: rdgcmftl.exe; Driver: C:\Users\Jasmine\AppData\Local\Temp\pxdirfoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x91743086]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x91743BE4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x91743DDC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x917475B2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x917475E4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x91747746]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x91743CFC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x917431FC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x917433F0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x91743522]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x917476BC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x91747626]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x91747658]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x9174768A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x9174302C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x91743E82]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x9174754A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x91742FC6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateProcess [0x91742EEE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x91742F36]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys ZwCreateThreadEx [0x913E0640]

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8B8FF498]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8B8FF4AE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8B8FF484]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 83478C4A 5 Bytes JMP 8B8FF488 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntoskrnl.exe!KeInsertQueue + 381 834B3948 4 Bytes [86, 30, 74, 91] {XCHG [EAX], DH; JZ 0xffffffffffffff95}
.text ntoskrnl.exe!KeInsertQueue + 3C9 834B3990 4 Bytes [E4, 3B, 74, 91] {IN AL, 0x3b; JZ 0xffffffffffffff95}
.text ntoskrnl.exe!KeInsertQueue + 4C1 834B3A88 8 Bytes [DC, 3D, 74, 91, B2, 75, 74, ...] {FDIVR QWORD [0x75b29174]; JZ 0xffffffffffffff99}
.text ntoskrnl.exe!KeInsertQueue + 4D2 834B3A99 3 Bytes [75, 74, 91] {JNZ 0x76; XCHG ECX, EAX}
.text ntoskrnl.exe!KeInsertQueue + 571 834B3B38 4 Bytes [46, 77, 74, 91] {INC ESI; JA 0x77; XCHG ECX, EAX}
.text ...
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8364FA10 5 Bytes JMP 8B8FF4B2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 8364FD99 7 Bytes JMP 8B8FF49C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[512] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 00170000
.text C:\Windows\system32\svchost.exe[512] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 00170FC0
.text C:\Windows\system32\svchost.exe[512] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 00170FE5
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 001C0F2C
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 001C0068
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 001C0F00
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 001C0097
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 001C0F62
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 001C0FBC
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!LoadLibraryExW 75BD374A 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 001C0F7F
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 001C0F9A
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 001C0F51
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 001C003C
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 001C0FAB
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 001C0057
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 001C0EEF
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 001C0FDE
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 001C0FCD
.text C:\Windows\system32\svchost.exe[512] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 001C0F1B
.text C:\Windows\system32\svchost.exe[512] msvcrt.dll!_wsystem 75F28A47 5 Bytes JMP 00220047
.text C:\Windows\system32\svchost.exe[512] msvcrt.dll!system 75F28B63 5 Bytes JMP 0022002C
.text C:\Windows\system32\svchost.exe[512] msvcrt.dll!_creat 75F2C6F1 5 Bytes JMP 00220FBC
.text C:\Windows\system32\svchost.exe[512] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 00220FE3
.text C:\Windows\system32\svchost.exe[512] msvcrt.dll!_wcreat 75F2DC9E 5 Bytes JMP 00220011
.text C:\Windows\system32\svchost.exe[512] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[512] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 00230FB6
.text C:\Windows\system32\svchost.exe[512] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 00230047
.text C:\Windows\system32\svchost.exe[512] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 00230000
.text C:\Windows\system32\svchost.exe[512] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 00230058
.text C:\Windows\system32\svchost.exe[512] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 00230073
.text C:\Windows\system32\svchost.exe[512] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 0023001B
.text C:\Windows\system32\svchost.exe[512] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 00230FE5
.text C:\Windows\system32\svchost.exe[512] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 0023002C
.text C:\Windows\system32\svchost.exe[512] WS2_32.dll!socket 75E436D1 5 Bytes JMP 0021000A
.text C:\Windows\system32\wuauclt.exe[608] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 0004000A
.text C:\Windows\system32\wuauclt.exe[608] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 00040036
.text C:\Windows\system32\wuauclt.exe[608] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 0004001B
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 000100D5
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 000100BA
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 00010F3E
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 00010F4F
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 00010084
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 00010FDB
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 00010069
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 00010047
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 00010095
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 00010058
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 00010FB6
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 00010F8F
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 00010F2D
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 0001001B
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 0001000A
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 0001002C
.text C:\Windows\system32\wuauclt.exe[608] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 00010F74
.text C:\Windows\system32\wuauclt.exe[608] msvcrt.dll!_wsystem 75F28A47 5 Bytes JMP 00070038
.text C:\Windows\system32\wuauclt.exe[608] msvcrt.dll!system 75F28B63 5 Bytes JMP 00070FAD
.text C:\Windows\system32\wuauclt.exe[608] msvcrt.dll!_creat 75F2C6F1 5 Bytes JMP 0007001D
.text C:\Windows\system32\wuauclt.exe[608] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 0007000C
.text C:\Windows\system32\wuauclt.exe[608] msvcrt.dll!_wcreat 75F2DC9E 5 Bytes JMP 00070FBE
.text C:\Windows\system32\wuauclt.exe[608] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 00070FE3
.text C:\Windows\system32\wuauclt.exe[608] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 00080FC0
.text C:\Windows\system32\wuauclt.exe[608] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 00080047
.text C:\Windows\system32\wuauclt.exe[608] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 00080000
.text C:\Windows\system32\wuauclt.exe[608] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 00080062
.text C:\Windows\system32\wuauclt.exe[608] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 0008007D
.text C:\Windows\system32\wuauclt.exe[608] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 0008001B
.text C:\Windows\system32\wuauclt.exe[608] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 00080FEF
.text C:\Windows\system32\wuauclt.exe[608] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 0008002C
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[696] ntdll.dll!KiUserApcDispatcher 770A9598 5 Bytes JMP 00444990 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[696] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 75BD31BD 4 Bytes JMP 71AC000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[696] USER32.dll!PostQuitMessage + 81F 75B1F802 6 Bytes JMP 71AE001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[696] WS2_32.dll!getaddrinfo 75E4418A 5 Bytes JMP 71A20022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[696] WS2_32.dll!gethostbyname 75E562D4 5 Bytes JMP 71A60022
.text C:\Windows\system32\services.exe[812] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 00320FEF
.text C:\Windows\system32\services.exe[812] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 00320FCD
.text C:\Windows\system32\services.exe[812] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 00320FDE
.text C:\Windows\system32\services.exe[812] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 00330F1A
.text C:\Windows\system32\services.exe[812] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 00330F3F
.text C:\Windows\system32\services.exe[812] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 003300B1
.text C:\Windows\system32\services.exe[812] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 00330096
.text C:\Windows\system32\services.exe[812] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 00330060
.text C:\Windows\system32\services.exe[812] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 00330FCA
.text C:\Windows\system32\services.exe[812] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 00330F7C
.text C:\Windows\system32\services.exe[812] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 00330F9E
.text C:\Windows\system32\services.exe[812] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 00330F6B
.text C:\Windows\system32\services.exe[812] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 00330F8D
.text C:\Windows\system32\services.exe[812] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 00330FAF
.text C:\Windows\system32\services.exe[812] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 00330F50
.text C:\Windows\system32\services.exe[812] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 003300CC
.text C:\Windows\system32\services.exe[812] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 0033000A
.text C:\Windows\system32\services.exe[812] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 00330FEF
.text C:\Windows\system32\services.exe[812] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 0033001B
.text C:\Windows\system32\services.exe[812] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 00330085
.text C:\Windows\system32\services.exe[812] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 00520054
.text C:\Windows\system32\services.exe[812] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 00520FC3
.text C:\Windows\system32\services.exe[812] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 00520FEF
.text C:\Windows\system32\services.exe[812] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 00520FA8
.text C:\Windows\system32\services.exe[812] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 00520065
.text C:\Windows\system32\services.exe[812] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 0052000A
.text C:\Windows\system32\services.exe[812] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 00520FDE
.text C:\Windows\system32\services.exe[812] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 00520025
.text C:\Windows\system32\services.exe[812] msvcrt.dll!_wsystem 75F28A47 5 Bytes JMP 00350FC8
.text C:\Windows\system32\services.exe[812] msvcrt.dll!system 75F28B63 5 Bytes JMP 00350053
.text C:\Windows\system32\services.exe[812] msvcrt.dll!_creat 75F2C6F1 5 Bytes JMP 00350027
.text C:\Windows\system32\services.exe[812] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 00350000
.text C:\Windows\system32\services.exe[812] msvcrt.dll!_wcreat 75F2DC9E 5 Bytes JMP 00350042
.text C:\Windows\system32\services.exe[812] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 00350FE3
.text C:\Windows\system32\services.exe[812] WS2_32.dll!socket 75E436D1 5 Bytes JMP 00340FEF
.text C:\Windows\system32\lsass.exe[824] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 001B000A
.text C:\Windows\system32\lsass.exe[824] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 001B0025
.text C:\Windows\system32\lsass.exe[824] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 001B0FEF
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 003A0F41
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 003A0087
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 003A00C4
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 003A00B3
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 003A0F6D
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 003A0FB9
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 003A0F8A
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 003A002C
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!VirtualProtectEx 75BD8F5E 1 Byte [E9]
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 003A0062
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 003A0047
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 003A001B
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 003A0F5C
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 003A00D5
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 003A0FCA
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 003A0FE5
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 003A000A
.text C:\Windows\system32\lsass.exe[824] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 003A0098
.text C:\Windows\system32\lsass.exe[824] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 0041006C
.text C:\Windows\system32\lsass.exe[824] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 00410040
.text C:\Windows\system32\lsass.exe[824] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 0041000A
.text C:\Windows\system32\lsass.exe[824] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 0041005B
.text C:\Windows\system32\lsass.exe[824] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 00410FAF
.text C:\Windows\system32\lsass.exe[824] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 00410025
.text C:\Windows\system32\lsass.exe[824] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 00410FEF
.text C:\Windows\system32\lsass.exe[824] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 00410FD4
.text C:\Windows\system32\lsass.exe[824] msvcrt.dll!_wsystem 75F28A47 5 Bytes JMP 003C005D
.text C:\Windows\system32\lsass.exe[824] msvcrt.dll!system 75F28B63 5 Bytes JMP 003C004C
.text C:\Windows\system32\lsass.exe[824] msvcrt.dll!_creat 75F2C6F1 5 Bytes JMP 003C0027
.text C:\Windows\system32\lsass.exe[824] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 003C0000
.text C:\Windows\system32\lsass.exe[824] msvcrt.dll!_wcreat 75F2DC9E 5 Bytes JMP 003C0FD2
.text C:\Windows\system32\lsass.exe[824] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 003C0FE3
.text C:\Windows\system32\lsass.exe[824] WS2_32.dll!socket 75E436D1 5 Bytes JMP 003B000A
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 00610000
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 00610FE5
.text C:\Windows\system32\svchost.exe[980] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 0061001B
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 001C0F2B
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 001C0071
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 001C009D
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 001C008C
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 001C0F61
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 001C0FC3
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 001C0F72
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 001C002F
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 001C0F46
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 001C0F83
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 001C0FA8
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 001C0060
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 001C0EEB
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 001C0000
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 001C0FD4
.text C:\Windows\system32\svchost.exe[980] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 001C0F06
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wsystem 75F28A47 5 Bytes JMP 00220058
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!system 75F28B63 5 Bytes JMP 0022003D
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_creat 75F2C6F1 5 Bytes JMP 00220FDE
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 00220FEF
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wcreat 75F2DC9E 5 Bytes JMP 00220FCD
.text C:\Windows\system32\svchost.exe[980] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 0022000C
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 00230FA5
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 00230FD1
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 00230000
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 00230FB6
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 00230062
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 00230022
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 00230011
.text C:\Windows\system32\svchost.exe[980] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 0023003D
.text C:\Windows\system32\svchost.exe[980] WS2_32.dll!socket 75E436D1 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 001D0FE5
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 001D0FB9
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 001D0FD4
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 001F0F9E
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 001F00EE
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 001F0F61
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 001F0F7C
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 001F0093
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 001F0FCA
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 001F0082
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 001F005B
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 001F00AE
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 001F0FB9
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 001F0036
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 001F00D3
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 001F0F50
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 001F0FE5
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 001F001B
.text C:\Windows\system32\svchost.exe[1052] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 001F0F8D
.text C:\Windows\system32\svchost.exe[1052] msvcrt.dll!_wsystem 75F28A47 5 Bytes JMP 00210F90
.text C:\Windows\system32\svchost.exe[1052] msvcrt.dll!system 75F28B63 5 Bytes JMP 00210FA1
.text C:\Windows\system32\svchost.exe[1052] msvcrt.dll!_creat 75F2C6F1 5 Bytes JMP 00210011
.text C:\Windows\system32\svchost.exe[1052] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 00210000
.text C:\Windows\system32\svchost.exe[1052] msvcrt.dll!_wcreat 75F2DC9E 5 Bytes JMP 00210FBC
.text C:\Windows\system32\svchost.exe[1052] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 00210FE3
.text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 00220047
.text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 00220036
.text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 00220FAF
.text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 00220062
.text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 00220FCA
.text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 00220FDB
.text C:\Windows\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 0022001B
.text C:\Windows\system32\svchost.exe[1052] WS2_32.dll!socket 75E436D1 5 Bytes JMP 00200FEF
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1144] ntdll.dll!KiUserApcDispatcher 770A9598 5 Bytes JMP 00414DA0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1144] kernel32.dll!GetConsoleScreenBufferInfoEx + 132 75BD31BD 4 Bytes JMP 71AA000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1144] WS2_32.dll!getaddrinfo 75E4418A 5 Bytes JMP 71A40022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1144] WS2_32.dll!gethostbyname 75E562D4 5 Bytes JMP 71AD0022
.text C:\Windows\System32\svchost.exe[1320] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 00A4000A
.text C:\Windows\System32\svchost.exe[1320] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 00A40025
.text C:\Windows\System32\svchost.exe[1320] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 00A40FEF
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 00A500DE
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 00A500C3
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 00A50F73
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 00A50114
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 00A50FA9
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 00A50033
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 00A50081
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 00A50055
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 00A50F98
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 00A50066
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 00A50044
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 00A500B2
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 00A50125
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 00A50011
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 00A50000
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 00A50022
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 00A500F9
.text C:\Windows\System32\svchost.exe[1320] msvcrt.dll!_wsystem 75F28A47 5 Bytes JMP 00EC0058
.text C:\Windows\System32\svchost.exe[1320] msvcrt.dll!system 75F28B63 5 Bytes JMP 00EC003D
.text C:\Windows\System32\svchost.exe[1320] msvcrt.dll!_creat 75F2C6F1 5 Bytes JMP 00EC0022
.text C:\Windows\System32\svchost.exe[1320] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 00EC0FEF
.text C:\Windows\System32\svchost.exe[1320] msvcrt.dll!_wcreat 75F2DC9E 5 Bytes JMP 00EC0FCD
.text C:\Windows\System32\svchost.exe[1320] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 00EC0FDE
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 00ED0FC0
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 00ED0062
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 00ED0000
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 00ED0FDB
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 00ED007D
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 00ED002C
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 00ED0011
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 00ED0051
.text C:\Windows\System32\svchost.exe[1320] WS2_32.dll!socket 75E436D1 5 Bytes JMP 00A60000
.text C:\Windows\System32\svchost.exe[1344] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 00D9000A
.text C:\Windows\System32\svchost.exe[1344] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 00D9002F
.text C:\Windows\System32\svchost.exe[1344] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 00D90FEF
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 00DA0F57
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 00DA009D
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 00DA00DD
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 00DA0F46
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 00DA0F7C
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 00DA0FCA
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 00DA0F8D
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 00DA0040
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 00DA0071
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 00DA0F9E
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 00DA0FAF
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 00DA0082
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 00DA00EE
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 00DA0FEF
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 00DA0000
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 00DA001B
.text C:\Windows\System32\svchost.exe[1344] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 00DA00B8
.text C:\Windows\System32\svchost.exe[1344] msvcrt.dll!_wsystem 75F28A47 5 Bytes JMP 00DC0FCA
.text C:\Windows\System32\svchost.exe[1344] msvcrt.dll!system 75F28B63 5 Bytes JMP 00DC0055
.text C:\Windows\System32\svchost.exe[1344] msvcrt.dll!_creat 75F2C6F1 5 Bytes JMP 00DC0FE5
.text C:\Windows\System32\svchost.exe[1344] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 00DC0000
.text C:\Windows\System32\svchost.exe[1344] msvcrt.dll!_wcreat 75F2DC9E 5 Bytes JMP 00DC003A
.text C:\Windows\System32\svchost.exe[1344] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 00DC001D
.text C:\Windows\System32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 00FE0FD1
.text C:\Windows\System32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 00FE0058
.text C:\Windows\System32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 00FE0000
.text C:\Windows\System32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 00FE0073
.text C:\Windows\System32\svchost.exe[1344] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 00FE0FC0
.text C:\Windows\System32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 00FE002C
.text C:\Windows\System32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 00FE001B
.text C:\Windows\System32\svchost.exe[1344] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 00FE0047
.text C:\Windows\System32\svchost.exe[1344] WS2_32.dll!socket 75E436D1 5 Bytes JMP 00DB000A
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 00E80FE5
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 00E80FCA
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 00E80000
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 00E90F52
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 00E90F63
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 00E900E9
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 00E900CE
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 00E9006C
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 00E90FD1
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 00E90F88
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 00E90FB6
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 00E9007D
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 00E90FA5
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 00E90047
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 00E90098
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 00E900FA
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 00E9001B
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 00E90000
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 00E9002C
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 00E900BD
.text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wsystem 75F28A47 5 Bytes JMP 00FF005D
.text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!system 75F28B63 5 Bytes JMP 00FF0042
.text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_creat 75F2C6F1 5 Bytes JMP 00FF001D
.text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 00FF0000
.text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wcreat 75F2DC9E 5 Bytes JMP 00FF0FD2
.text C:\Windows\system32\svchost.exe[1356] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 00FF0FE3
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 0140006C
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 01400FC0
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 01400000
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 01400051
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 0140007D
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 01400FE5
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 01400011
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 0140002C
.text C:\Windows\system32\svchost.exe[1356] WS2_32.dll!socket 75E436D1 5 Bytes JMP 00FE0000
.text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 001D0040
.text C:\Windows\system32\svchost.exe[1508] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 001D0025
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 00E900C6
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 00E900B5
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 00E90106
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 00E90F65
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 00E90FAF
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 00E90025
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 00E90087
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 00E90051
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 00E90F94
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 00E90076
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 00E90036
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 00E900A4
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 00E90F4A
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 00E9000A
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 00E90FEF
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 00E90FD4
.text C:\Windows\system32\svchost.exe[1508] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 00E900E1
.text C:\Windows\system32\svchost.exe[1508] msvcrt.dll!_wsystem 75F28A47 5 Bytes JMP 00EF0033
.text C:\Windows\system32\svchost.exe[1508] msvcrt.dll!system 75F28B63 5 Bytes JMP 00EF0FA8
.text C:\Windows\system32\svchost.exe[1508] msvcrt.dll!_creat 75F2C6F1 5 Bytes JMP 00EF0FDE
.text C:\Windows\system32\svchost.exe[1508] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 00EF0000
.text C:\Windows\system32\svchost.exe[1508] msvcrt.dll!_wcreat 75F2DC9E 5 Bytes JMP 00EF0FC3
.text C:\Windows\system32\svchost.exe[1508] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 00EF0FEF
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 00F0005B
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 00F00036
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 00F0000A
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 00F00FB9
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 00F00F94
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 00F0001B
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 00F00FE5
.text C:\Windows\system32\svchost.exe[1508] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 00F00FCA
.text C:\Windows\system32\svchost.exe[1508] WS2_32.dll!socket 75E436D1 5 Bytes JMP 00EA0FEF
.text C:\Windows\system32\svchost.exe[1508] WinInet.dll!InternetOpenA 75920A4D 5 Bytes JMP 00E80FEF
.text C:\Windows\system32\svchost.exe[1508] WinInet.dll!InternetOpenUrlA 75922713 5 Bytes JMP 00E8002F
.text C:\Windows\system32\svchost.exe[1508] WinInet.dll!InternetOpenW 759230C8 5 Bytes JMP 00E8000A
.text C:\Windows\system32\svchost.exe[1508] WinInet.dll!InternetOpenUrlW 75978515 5 Bytes JMP 00E80040
.text C:\Windows\system32\svchost.exe[1616] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 00D9000A
.text C:\Windows\system32\svchost.exe[1616] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 00D90FE5
.text C:\Windows\system32\svchost.exe[1616] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 00D9001B
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 00DC00A8
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 00DC0097
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 00DC0F40
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 00DC0F51
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 00DC0075
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 00DC0FCA
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 00DC0058
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 00DC0F9B
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 00DC0086
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 00DC003D
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 00DC002C
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 00DC0F76
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 00DC0F1B
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 00DC0000
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 00DC0FEF
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 00DC001B
.text C:\Windows\system32\svchost.exe[1616] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 00DC00CD
.text C:\Windows\system32\svchost.exe[1616] msvcrt.dll!_wsystem 75F28A47 5 Bytes JMP 00E60FC0
.text C:\Windows\system32\svchost.exe[1616] msvcrt.dll!system 75F28B63 5 Bytes JMP 00E60055
.text C:\Windows\system32\svchost.exe[1616] msvcrt.dll!_creat 75F2C6F1 5 Bytes JMP 00E60FEF
.text C:\Windows\system32\svchost.exe[1616] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 00E6000C
.text C:\Windows\system32\svchost.exe[1616] msvcrt.dll!_wcreat 75F2DC9E 5 Bytes JMP 00E60044
.text C:\Windows\system32\svchost.exe[1616] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 00E60029
.text C:\Windows\system32\svchost.exe[1616] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 00F30065
.text C:\Windows\system32\svchost.exe[1616] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 00F3004A
.text C:\Windows\system32\svchost.exe[1616] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 00F30FEF
.text C:\Windows\system32\svchost.exe[1616] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 00F30FC3
.text C:\Windows\system32\svchost.exe[1616] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 00F30076
.text C:\Windows\system32\svchost.exe[1616] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 00F30014
.text C:\Windows\system32\svchost.exe[1616] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 00F30FDE
.text C:\Windows\system32\svchost.exe[1616] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 00F30039
.text C:\Windows\system32\svchost.exe[1616] WS2_32.dll!socket 75E436D1 5 Bytes JMP 00DD0000
.text C:\Windows\Explorer.EXE[2008] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 03360000
.text C:\Windows\Explorer.EXE[2008] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 03360FD4
.text C:\Windows\Explorer.EXE[2008] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 03360FE5
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 03410F35
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 03410071
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 03410F09
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 034100A0
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 03410F7C
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 0341002C
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 03410F8D
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 03410FB9
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 03410F57
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 03410F9E
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 03410FCA
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 03410F46
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 03410EEE
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 03410FE5
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 03410000
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 0341001B
.text C:\Windows\Explorer.EXE[2008] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 03410F24
.text C:\Windows\Explorer.EXE[2008] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 03480047
.text C:\Windows\Explorer.EXE[2008] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 0348001B
.text C:\Windows\Explorer.EXE[2008] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 0348000A
.text C:\Windows\Explorer.EXE[2008] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 0348002C
.text C:\Windows\Explorer.EXE[2008] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 03480F8A
.text C:\Windows\Explorer.EXE[2008] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 03480FD4
.text C:\Windows\Explorer.EXE[2008] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 03480FE5
.text C:\Windows\Explorer.EXE[2008] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 03480FB9
.text C:\Windows\Explorer.EXE[2008] msvcrt.dll!_wsystem 75F28A47 5 Bytes JMP 03430053
.text C:\Windows\Explorer.EXE[2008] msvcrt.dll!system 75F28B63 5 Bytes JMP 03430042
.text C:\Windows\Explorer.EXE[2008] msvcrt.dll!_creat 75F2C6F1 5 Bytes JMP 0343000C
.text C:\Windows\Explorer.EXE[2008] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 03430FEF
.text C:\Windows\Explorer.EXE[2008] msvcrt.dll!_wcreat 75F2DC9E 5 Bytes JMP 03430027
.text C:\Windows\Explorer.EXE[2008] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 03430FD2
.text C:\Windows\Explorer.EXE[2008] WS2_32.dll!socket 75E436D1 5 Bytes JMP 03420FEF
.text C:\Windows\Explorer.EXE[2008] WININET.dll!InternetOpenA 75920A4D 5 Bytes JMP 03400000
.text C:\Windows\Explorer.EXE[2008] WININET.dll!InternetOpenUrlA 75922713 5 Bytes JMP 03400025
.text C:\Windows\Explorer.EXE[2008] WININET.dll!InternetOpenW 759230C8 5 Bytes JMP 03400FEF
.text C:\Windows\Explorer.EXE[2008] WININET.dll!InternetOpenUrlW 75978515 5 Bytes JMP 03400FD4
.text C:\Windows\system32\svchost.exe[2176] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 00070FE5
.text C:\Windows\system32\svchost.exe[2176] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 00070FC3
.text C:\Windows\system32\svchost.exe[2176] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 00070FD4
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 00080080
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 00080F3A
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 00080EFD
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 00080F0E
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 00080F66
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 00080025
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 00080F77
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 00080036
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 0008005B
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 00080F94
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 00080FB9
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 00080F55
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 00080EE2
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 00080FEF
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 0008000A
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 00080FDE
.text C:\Windows\system32\svchost.exe[2176] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 00080F1F
.text C:\Windows\system32\svchost.exe[2176] msvcrt.dll!_wsystem 75F28A47 5 Bytes JMP 000A0FB7
.text C:\Windows\system32\svchost.exe[2176] msvcrt.dll!system 75F28B63 5 Bytes JMP 000A0042
.text C:\Windows\system32\svchost.exe[2176] msvcrt.dll!_creat 75F2C6F1 5 Bytes JMP 000A0027
.text C:\Windows\system32\svchost.exe[2176] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 000A0FE3
.text C:\Windows\system32\svchost.exe[2176] msvcrt.dll!_wcreat 75F2DC9E 5 Bytes JMP 000A0FD2
.text C:\Windows\system32\svchost.exe[2176] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 000A0000
.text C:\Windows\system32\svchost.exe[2176] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 000C0F9E
.text C:\Windows\system32\svchost.exe[2176] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 000C0025
.text C:\Windows\system32\svchost.exe[2176] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[2176] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 000C0040
.text C:\Windows\system32\svchost.exe[2176] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 000C0F83
.text C:\Windows\system32\svchost.exe[2176] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 000C0FD4
.text C:\Windows\system32\svchost.exe[2176] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 000C0FE5
.text C:\Windows\system32\svchost.exe[2176] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 000C0FC3
.text C:\Windows\system32\svchost.exe[2176] WS2_32.dll!socket 75E436D1 5 Bytes JMP 00090000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2460] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 6E639A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2460] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 6E6399A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 00F70FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 00F70FC3
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 00F70FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 00F800E1
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 00F80F9B
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 00F80117
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 00F80F80
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 00F8009A
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 00F80FDB
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 00F80089
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 00F80FC0
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 00F800B5
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 00F80062
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 00F80051
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 00F800C6
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 00F80F65
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 00F8001B
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 00F80000
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 00F8002C
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 00F800F2
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] msvcrt.dll!_wsystem 75F28A47 5 Bytes JMP 00FA0058
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] msvcrt.dll!system 75F28B63 5 Bytes JMP 00FA0033
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] msvcrt.dll!_creat 75F2C6F1 5 Bytes JMP 00FA0FDE
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 00FA0FEF
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] msvcrt.dll!_wcreat 75F2DC9E 5 Bytes JMP 00FA0FCD
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 00FA000C
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 4D3D0051
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 4D3D002F
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 4D3D0000
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 4D3D0040
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 4D3D006C
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 4D3D0FD4
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 4D3D0FE5
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 4D3D0FC3
.text C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[2596] WS2_32.dll!socket 75E436D1 5 Bytes JMP 00F90FEF
.text C:\Windows\system32\svchost.exe[2652] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 00200000
.text C:\Windows\system32\svchost.exe[2652] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 00200FD4
.text C:\Windows\system32\svchost.exe[2652] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 00200FE5
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 002300BD
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 002300AC
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 00230F4B
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 002300E2
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 00230087
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 00230FDB
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 00230FB9
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 00230FCA
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 00230F9C
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 00230076
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 00230047
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 00230F8B
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 00230F3A
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 0023001B
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 00230000
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 0023002C
.text C:\Windows\system32\svchost.exe[2652] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 00230F5C
.text C:\Windows\system32\svchost.exe[2652] msvcrt.dll!_wsystem 75F28A47 5 Bytes JMP 00270FA1
.text C:\Windows\system32\svchost.exe[2652] msvcrt.dll!system 75F28B63 5 Bytes JMP 00270022
.text C:\Windows\system32\svchost.exe[2652] msvcrt.dll!_creat 75F2C6F1 5 Bytes JMP 00270FC6
.text C:\Windows\system32\svchost.exe[2652] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 00270000
.text C:\Windows\system32\svchost.exe[2652] msvcrt.dll!_wcreat 75F2DC9E 5 Bytes JMP 00270011
.text C:\Windows\system32\svchost.exe[2652] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 00270FD7
.text C:\Windows\system32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 002C0065
.text C:\Windows\system32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 002C0FCD
.text C:\Windows\system32\svchost.exe[2652] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 002C0000
.text C:\Windows\system32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 002C0054
.text C:\Windows\system32\svchost.exe[2652] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 002C0FB2
.text C:\Windows\system32\svchost.exe[2652] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 002C0FDE
.text C:\Windows\system32\svchost.exe[2652] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 002C0FEF
.text C:\Windows\system32\svchost.exe[2652] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 002C002F
.text C:\Windows\system32\svchost.exe[2652] WS2_32.dll!socket 75E436D1 5 Bytes JMP 00260FEF
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[2892] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 00210FD4
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 00220F59
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 00220F74
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 00220F23
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 00220F3E
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 00220084
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 00220FB6
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 00220069
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 0022003D
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 00220F8F
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 00220058
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 0022002C
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 00220095
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 002200D5
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 00220000
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 00220FE5
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 00220011
.text C:\Windows\system32\svchost.exe[2892] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 002200BA
.text C:\Windows\system32\svchost.exe[2892] msvcrt.dll!_wsystem 75F28A47 3 Bytes JMP 007E0F8D
.text C:\Windows\system32\svchost.exe[2892] msvcrt.dll!_wsystem + 4 75F28A4B 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[2892] msvcrt.dll!system 75F28B63 3 Bytes JMP 007E0FA8
.text C:\Windows\system32\svchost.exe[2892] msvcrt.dll!system + 4 75F28B67 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[2892] msvcrt.dll!_creat 75F2C6F1 3 Bytes JMP 007E0018
.text C:\Windows\system32\svchost.exe[2892] msvcrt.dll!_creat + 4 75F2C6F5 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[2892] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 007E0FEF
.text C:\Windows\system32\svchost.exe[2892] msvcrt.dll!_wcreat 75F2DC9E 3 Bytes JMP 007E0FB9
.text C:\Windows\system32\svchost.exe[2892] msvcrt.dll!_wcreat + 4 75F2DCA2 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[2892] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 007E0FDE
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 0095002F
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 0095000A
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 00950FE5
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 00950F83
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 00950F72
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 00950FB9
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 00950FD4
.text C:\Windows\system32\svchost.exe[2892] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 00950F9E
.text C:\Windows\system32\svchost.exe[2892] WS2_32.dll!socket 75E436D1 5 Bytes JMP 00230000
.text C:\Windows\System32\svchost.exe[3032] ntdll.dll!NtCreateFile 770A7C78 5 Bytes JMP 00050000
.text C:\Windows\System32\svchost.exe[3032] ntdll.dll!NtCreateProcess 770A7D38 5 Bytes JMP 00050FCA
.text C:\Windows\System32\svchost.exe[3032] ntdll.dll!NtProtectVirtualMemory 770A85D8 5 Bytes JMP 00050FDB
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!GetStartupInfoW 75BB1929 5 Bytes JMP 00060F63
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!GetStartupInfoA 75BB19C9 5 Bytes JMP 00060F74
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!CreateProcessW 75BB1C01 5 Bytes JMP 00060F37
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!CreateProcessA 75BB1C36 5 Bytes JMP 00060F48
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!VirtualProtect 75BB1DD1 5 Bytes JMP 00060084
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!CreateNamedPipeW 75BB5C44 5 Bytes JMP 00060FE5
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!LoadLibraryExW 75BD374A 5 Bytes JMP 00060073
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!LoadLibraryW 75BD382D 5 Bytes JMP 00060FB6
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!VirtualProtectEx 75BD8F5E 5 Bytes JMP 0006009F
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!LoadLibraryExA 75BD9649 5 Bytes JMP 00060058
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!LoadLibraryA 75BD9671 5 Bytes JMP 00060047
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!CreatePipe 75BE0474 5 Bytes JMP 00060F8F
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!GetProcAddress 75BFBAC6 5 Bytes JMP 000600DF
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!CreateFileW 75BFCE4E 5 Bytes JMP 0006001B
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!CreateFileA 75BFD171 5 Bytes JMP 0006000A
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!CreateNamedPipeA 75C4462E 5 Bytes JMP 00060036
.text C:\Windows\System32\svchost.exe[3032] kernel32.dll!WinExec 75C4580B 5 Bytes JMP 000600BA
.text C:\Windows\System32\svchost.exe[3032] msvcrt.dll!_wsystem 75F28A47 5 Bytes JMP 0007004E
.text C:\Windows\System32\svchost.exe[3032] msvcrt.dll!system 75F28B63 5 Bytes JMP 00070FC3
.text C:\Windows\System32\svchost.exe[3032] msvcrt.dll!_creat 75F2C6F1 5 Bytes JMP 00070033
.text C:\Windows\System32\svchost.exe[3032] msvcrt.dll!_open 75F2DA7E 5 Bytes JMP 00070FEF
.text C:\Windows\System32\svchost.exe[3032] msvcrt.dll!_wcreat 75F2DC9E 5 Bytes JMP 00070FDE
.text C:\Windows\System32\svchost.exe[3032] msvcrt.dll!_wopen 75F2DE79 5 Bytes JMP 00070018
.text C:\Windows\System32\svchost.exe[3032] ADVAPI32.dll!RegCreateKeyExA 760CB5E7 5 Bytes JMP 0008002F
.text C:\Windows\System32\svchost.exe[3032] ADVAPI32.dll!RegCreateKeyA 760CB8AE 5 Bytes JMP 00080F9E
.text C:\Windows\System32\svchost.exe[3032] ADVAPI32.dll!RegOpenKeyA 760D0BF5 5 Bytes JMP 00080FEF
.text C:\Windows\System32\svchost.exe[3032] ADVAPI32.dll!RegCreateKeyW 760DB83D 5 Bytes JMP 00080F83
.text C:\Windows\System32\svchost.exe[3032] ADVAPI32.dll!RegCreateKeyExW 760DBCE1 5 Bytes JMP 00080F72
.text C:\Windows\System32\svchost.exe[3032] ADVAPI32.dll!RegOpenKeyExA 760DD4E8 5 Bytes JMP 00080FCA
.text C:\Windows\System32\svchost.exe[3032] ADVAPI32.dll!RegOpenKeyW 760E3CB0 5 Bytes JMP 00080000
.text C:\Windows\System32\svchost.exe[3032] ADVAPI32.dll!RegOpenKeyExW 760EF09D 5 Bytes JMP 00080FAF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\mfevtps.exe[2572] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [001EA4B0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Windows\system32\mfevtps.exe[2572] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [001EA510] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fa0371
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fc199b
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2fc7f6f
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2fc7f6f@001e75b088d7 0x54 0x9F 0xE9 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2fc7f6f@943af00e01a5 0x02 0x59 0xB8 0x17 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001fe1fa0371 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001fe1fc199b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001fe2fc7f6f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001fe2fc7f6f@001e75b088d7 0x54 0x9F 0xE9 0x04 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001fe2fc7f6f@943af00e01a5 0x02 0x59 0xB8 0x17 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A707586C119D864FB4C465AE0E5A3C0\Usage@DefaultFeature 1082467146
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2759054972-599957220-1186468369-1003@RefCount 2

---- EOF - GMER 1.0.15 ----



Also, whilst i was going the gmer scan, the windows command processor virus has came back and is asking for permission even after all these virus/malware removals from the scans iv done.

Thank for your help.
dxpoo

Edited by dxpoo, 05 April 2012 - 03:22 PM.


#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:58 AM

Posted 10 April 2012 - 11:57 AM

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic. If you receive a reply from the HelpBot, then please follow the instructions outlined in the helpbot's post.

I apologize for not replying back soon.

With your infection, and what you say please follow the above.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA

Posted 10 April 2012 - 12:20 PM

I'm afraid I have very bad news.

Win32/Ramnit (and related variants) is a dangerous file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A or VBS/Generic. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of damage can vary.


Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection. However, a variant called the Ramnit worm targets Facebook users....can bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions and compromise online banking.

In my opinion, Ramnit is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Security vendors that claim to be able to remove file infectors cannot guarantee that all traces of it will be removed as they may not find all the remnants. If something goes awry during the malware removal process there is always a risk the computer may become unstable or unbootable and you could loose access to all your data.

Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what security expert miekiemoes has to say: Virut and other File infectors - Throwing in the Towel?

If I guide someone with Virut (or any other File Infector) present and their Antivirus cannot properly disinfect it, then I recommend a format and reinstall...dealing with such infections is a waste of time and that's why I prefer the fastest and safest solution - which is a format and reinstall...After all, I think it would be irresponsible to let the malware "stew" (download/spread/run more malware) for another couple of days/weeks if you already know it's a lost case.


This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Guest_dxpoo_*

Guest_dxpoo_*

  • Guests
  • OFFLINE
  •  

Posted 10 April 2012 - 04:34 PM

i have a couple of questions..

- if i backup my files, will they still be infected? and will i EVER be able to use them again?

- also, should i continue with cryptodan response and create new topic etc?

- is my internet or wireless router infected to? so will it effect the other users on the internet?

- i still have not given it permission, is it still spreading on the computer?

- will i be able to recover the files on it? i may not be able to get those files ever again.

Thank you
dxpoo

Edited by dxpoo, 10 April 2012 - 05:03 PM.


#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:58 AM

Posted 10 April 2012 - 07:37 PM

No, don't follow Cryptodan's instructions at this point. The team there can only tell you what boopme has already stated.

As for the files, it depends. I'll need to get back to you later on this, or someone else may do so.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:58 AM

Posted 10 April 2012 - 07:45 PM

Caution: If you are considering backing up data and reformatting, keep in mind, with a Virut infection, there is always a chance of backed up data reinfecting your system. If the data is that important to you, then you can try to salvage some of it but there is no guarantee so be forewarned that you may have to start over again afterwards if reinfected by attempting to recover your data. Only back up your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions. Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.Again, do not back up any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

If you're not sure how to reformat or need help with reformatting, please review:These links include step-by-step instructions with screenshots:Vista users can refer to these instructions:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..

If you need additional assistance with reformatting or partitioning, you can start a new topic in the Operating Systems Subforums forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Guest_dxpoo_*

Guest_dxpoo_*

  • Guests
  • OFFLINE
  •  

Posted 10 April 2012 - 08:49 PM

thats a bit better news for me,
i have allot of pictures i need to back up and word documents, i was considering to back them up but was unsure if they will affect my laptop after i re format or even buy another laptop due to re formatting might not remove the virut.

Which is the safest way to back up files? (USB stick etc)

if i do use something like a USB stick, is there any program that will prevent threats from being sent or anything similar, or does no such thing exist.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA

Posted 10 April 2012 - 09:10 PM

2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Guest_dxpoo_*

Guest_dxpoo_*

  • Guests
  • OFFLINE
  •  

Posted 11 April 2012 - 11:08 AM

I see, but im a bit worried that if i plug in a USB stick or so and it gets infected, will this happen?

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:58 AM

Posted 11 April 2012 - 07:58 PM

Use an application like USB WriteProtector to write protect your USB drive so that virus, Malware, Trojan or any kind of infection from host computer would not be able to write anything on your USB.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users