Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advertisements playing in Background with no windows open


  • This topic is locked This topic is locked
5 replies to this topic

#1 Dennise08

Dennise08

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 09 April 2012 - 01:06 AM

Whenever I open a browser hidden advertisements start to play. It gets worse as i keep using the computer. Then multiple ads play at the same time. once my computer screen went blue and shut down.


I was redirected here from am i infected

Attached File  Attach.zip   3.19KB   0 downloads

logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Aura at 18:30:15 on 2012-04-08
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1791.277 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Aura\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Aura\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\rundll32.exe
C:\Users\Aura\AppData\Local\Google\Chrome\Application\chrome.exe
C:\ProgramData\71INKUmw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\71INKUmw.exe
C:\ProgramData\71INKUmw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Google Update] "c:\users\aura\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [VMM Mode Selection] c:\program files\htc\modeselection\VMMModeSelection.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - c:\users\aura\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\aura\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{F56C5C3A-1A81-48AE-8C61-6671DBD0FB91} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-28 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-28 314456]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-28 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-8-28 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-16 44768]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-27 136176]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-4-2 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 253600]
S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2012-2-23 14336]
S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2012-2-23 20864]
S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2012-2-23 19968]
S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2012-2-23 24960]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-27 136176]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\drivers\lgusbgps.sys [2012-2-25 19840]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-2-25 1343400]
.
=============== Created Last 30 ================
.
2012-04-03 03:22:03 -------- d-----w- c:\program files\iPod
2012-04-03 03:21:39 -------- d-----w- c:\program files\iTunes
2012-04-02 18:20:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-02 18:20:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-02 07:54:36 -------- d-----w- c:\users\aura\appdata\roaming\Malwarebytes
2012-04-02 07:54:29 -------- d-----w- c:\programdata\Malwarebytes
2012-04-02 07:54:28 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 07:54:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-02 07:49:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-02 06:17:49 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-02 06:17:09 119296 ----a-w- c:\programdata\71INKUmw.exe
2012-03-30 17:08:51 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 00:49:53 158720 ----a-w- c:\programdata\microsoft\windows\drm\129F.tmp
2012-03-17 03:16:47 409088 ----a-w- c:\windows\system32\systemcpl.dll
2012-03-12 03:47:44 -------- d-----w- c:\users\aura\appdata\local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2012-04-05 06:27:12 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-04-02 07:56:11 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-03-30 17:08:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-17 03:16:47 13824 ----a-w- c:\windows\system32\slwga.dll
2012-02-15 18:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 18:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-01-29 13:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-14 03:48:30 2340864 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: WDC_WD74 rev.33.0 -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0xAF4DE49F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0xaf4e5740]; MOV EAX, [0xaf4e58b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82850458] -> \Device\Harddisk0\DR0[0x856A6030]
3 CLASSPNP[0x87FA959E] -> ntkrnlpa!IofCallDriver[0x82850458] -> [0x8500C6C8]
5 ACPI[0x82F9C3B2] -> ntkrnlpa!IofCallDriver[0x82850458] -> \0000005c[0x84FCE030]
\Driver\nvstor[0x85173BB0] -> IRP_MJ_CREATE -> 0xAF4DE49F
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\0000005c -> \??\SCSI#Disk&Ven_WDC_WD74&Prod_0GD-00FLC0#4&6727837&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 18:33:04.88 ===============

Edited by Dennise08, 09 April 2012 - 01:18 AM.


BC AdBot (Login to Remove)

 


#2 Dennise08

Dennise08
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 09 April 2012 - 01:09 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-07 21:39:28
Windows 6.1.7600 Harddisk0\DR0 -> \Device\0000005c WDC_WD74 rev.33.0
Running: 8hyl4wb5.exe; Driver: C:\Users\Aura\AppData\Local\Temp\kxldrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8CE47FC4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8D6FC510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8CE4A456]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8CE4A4AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8CE4A5C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8CE4A3AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8CE4A4FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8CE4A400]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8CE4A572]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8CE47FE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8D6FC5C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8CE47DB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8CE4800C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8CE4A9BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8CE48AA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8CE4A486]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8CE4A4D6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8CE4A5EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8CE4A3D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8CE4A53E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8CE4A42E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8CE4A59C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8D6FC658]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8CE4896A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8CE48030]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8CE48054]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8CE47E0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8CE47F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8CE47F24]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8CE47F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8CE48078]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D7107A2]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 828545D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82879092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 244 82880884 4 Bytes [C4, 7F, E4, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 26C 828808AC 4 Bytes [10, C5, 6F, 8D]
.text ntkrnlpa.exe!RtlSidHashLookup + 320 82880960 8 Bytes [56, A4, E4, 8C, AE, A4, E4, ...] {PUSH ESI; MOVSB ; IN AL, 0x8c; SCASB ; MOVSB ; IN AL, 0x8c}
.text ntkrnlpa.exe!RtlSidHashLookup + 32C 8288096C 4 Bytes [C4, A5, E4, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 348 82880988 4 Bytes [AC, A3, E4, 8C]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A1A342 5 Bytes JMP 8D70D69C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82A34055 5 Bytes JMP 8D70F174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82A7E65A 4 Bytes CALL 8CE49025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82A86734 4 Bytes CALL 8CE4903B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AEC3C8 7 Bytes JMP 8D7107A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\Users\Aura\AppData\Local\Temp\aswMBR.sys The system cannot find the file specified. !
.text user32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes [E9, 88, 3D, E4, 88] {JMP 0xffffffff88e43d8d}
.text user32.dll!UnhookWinEvent 773CD924 5 Bytes [E9, D3, 2A, E4, 88] {JMP 0xffffffff88e42ad8}
.text user32.dll!SetWindowsHookExW 773D210A 5 Bytes [E9, F5, E6, E3, 88] {JMP 0xffffffff88e3e6fa}
.text user32.dll!SetWinEventHook 773D507E 5 Bytes [E9, 75, B1, E3, 88] {JMP 0xffffffff88e3b17a}
.text user32.dll!SetWindowsHookExA 773F6DFA 5 Bytes [E9, 01, 98, E1, 88] {JMP 0xffffffff88e19806}
.text kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[320] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[320] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[320] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[320] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00180A08
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[320] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 001803FC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[320] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00180804
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[320] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 001801F8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[320] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00180600
.text C:\Windows\system32\taskhost.exe[388] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[388] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[388] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[388] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[388] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[388] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[388] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[388] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 000E0600
.text C:\Windows\system32\csrss.exe[404] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[412] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[412] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[412] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[412] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00100A08
.text C:\Windows\System32\spoolsv.exe[412] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 001003FC
.text C:\Windows\System32\spoolsv.exe[412] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00100804
.text C:\Windows\System32\spoolsv.exe[412] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 001001F8
.text C:\Windows\System32\spoolsv.exe[412] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\wininit.exe[464] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[464] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[464] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[464] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[464] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[464] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[464] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[464] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[476] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\services.exe[520] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[520] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[520] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\lsass.exe[536] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[536] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[536] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\lsass.exe[536] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00650A08
.text C:\Windows\system32\lsass.exe[536] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 006503FC
.text C:\Windows\system32\lsass.exe[536] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00650804
.text C:\Windows\system32\lsass.exe[536] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 006501F8
.text C:\Windows\system32\lsass.exe[536] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00650600
.text C:\Windows\system32\lsm.exe[544] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000A03FC
.text C:\Windows\system32\lsm.exe[544] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000A01F8
.text C:\Windows\system32\lsm.exe[544] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[600] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[600] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[600] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[600] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\winlogon.exe[600] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\winlogon.exe[600] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\winlogon.exe[600] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\winlogon.exe[600] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 000C0600
.text C:\ProgramData\71INKUmw.exe[660] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 001503FC
.text C:\ProgramData\71INKUmw.exe[660] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 001501F8
.text C:\ProgramData\71INKUmw.exe[660] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\ProgramData\71INKUmw.exe[660] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 001E0A08
.text C:\ProgramData\71INKUmw.exe[660] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 001E03FC
.text C:\ProgramData\71INKUmw.exe[660] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 001E0804
.text C:\ProgramData\71INKUmw.exe[660] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 001E01F8
.text C:\ProgramData\71INKUmw.exe[660] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 001E0600
.text C:\Windows\system32\svchost.exe[692] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[692] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[692] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[784] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[784] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[784] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[828] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000A03FC
.text C:\Windows\System32\svchost.exe[828] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000A01F8
.text C:\Windows\System32\svchost.exe[828] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[828] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00490A08
.text C:\Windows\System32\svchost.exe[828] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 004903FC
.text C:\Windows\System32\svchost.exe[828] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00490804
.text C:\Windows\System32\svchost.exe[828] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 004901F8
.text C:\Windows\System32\svchost.exe[828] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00490600
.text C:\Windows\System32\svchost.exe[916] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[916] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[916] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[916] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00580A08
.text C:\Windows\System32\svchost.exe[916] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 005803FC
.text C:\Windows\System32\svchost.exe[916] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00580804
.text C:\Windows\System32\svchost.exe[916] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 005801F8
.text C:\Windows\System32\svchost.exe[916] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00580600
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[960] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[960] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00970A08
.text C:\Windows\system32\svchost.exe[960] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 009703FC
.text C:\Windows\system32\svchost.exe[960] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00970804
.text C:\Windows\system32\svchost.exe[960] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 009701F8
.text C:\Windows\system32\svchost.exe[960] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00970600
.text C:\Windows\system32\taskeng.exe[1064] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\taskeng.exe[1064] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\taskeng.exe[1064] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1064] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 000F0A08
.text C:\Windows\system32\taskeng.exe[1064] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 000F03FC
.text C:\Windows\system32\taskeng.exe[1064] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 000F0804
.text C:\Windows\system32\taskeng.exe[1064] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 000F01F8
.text C:\Windows\system32\taskeng.exe[1064] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 000F0600
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1116] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 002A0A08
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 002A03FC
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 002A0804
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 002A01F8
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 002A0600
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00F70A08
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 00F703FC
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00F70804
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 00F701F8
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00F70600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1316] kernel32.dll!SetUnhandledExceptionFilter 762A30E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1316] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1352] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1352] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1352] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1352] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1352] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1352] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1352] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1352] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00100600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1464] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00210600
.text C:\Windows\system32\Dwm.exe[1484] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[1484] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[1484] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[1484] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[1484] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[1484] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[1484] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[1484] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 000F0600
.text C:\Windows\Explorer.EXE[1508] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[1508] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[1508] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\Explorer.EXE[1508] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 003A0A08
.text C:\Windows\Explorer.EXE[1508] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 003A03FC
.text C:\Windows\Explorer.EXE[1508] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 003A0804
.text C:\Windows\Explorer.EXE[1508] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 003A01F8
.text C:\Windows\Explorer.EXE[1508] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 003A0600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1808] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 002003FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00200804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 002001F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1920] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00200600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1960] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1960] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1960] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1960] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00310A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1960] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 003103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1960] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00310804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1960] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 003101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1960] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00310600
.text C:\Windows\System32\svchost.exe[1988] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1988] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1988] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[2016] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[2016] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[2016] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[2016] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00210A08
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[2016] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 002103FC
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[2016] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00210804
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[2016] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 002101F8
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[2016] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00210600
.text C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe[2032] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe[2032] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe[2032] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe[2032] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe[2032] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 000F03FC
.text C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe[2032] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 000F0804
.text C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe[2032] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 000F01F8
.text C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe[2032] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 000F0600
.text C:\Program Files\iTunes\iTunesHelper.exe[2044] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2044] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2044] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2044] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00100A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2044] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 001003FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2044] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00100804
.text C:\Program Files\iTunes\iTunesHelper.exe[2044] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 001001F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2044] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00100600
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2080] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2080] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2080] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2080] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00100A08
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2080] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 001003FC
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2080] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00100804
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2080] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 001001F8
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[2080] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\sppsvc.exe[2120] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000703FC
.text C:\Windows\system32\sppsvc.exe[2120] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000701F8
.text C:\Windows\system32\sppsvc.exe[2120] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\sppsvc.exe[2120] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 000E0A08
.text C:\Windows\system32\sppsvc.exe[2120] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 000E03FC
.text C:\Windows\system32\sppsvc.exe[2120] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 000E0804
.text C:\Windows\system32\sppsvc.exe[2120] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\sppsvc.exe[2120] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 000E0600
.text C:\Windows\system32\svchost.exe[2156] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[2156] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[2156] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 000F0A08
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 000F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] USER32.dll!CreateWindowExW 773D0E51 5 Bytes JMP 6B3D812F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 000F0804
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] USER32.dll!DialogBoxIndirectParamW 773F4AA7 5 Bytes JMP 6B5001A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] USER32.dll!DialogBoxParamW 773F564A 5 Bytes JMP 6B2F4B87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 000F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] USER32.dll!DialogBoxParamA 7740CF6A 5 Bytes JMP 6B50013D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] USER32.dll!DialogBoxIndirectParamA 7740D29C 5 Bytes JMP 6B500203 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] USER32.dll!MessageBoxIndirectA 7741E8C9 5 Bytes JMP 6B5000D2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] USER32.dll!MessageBoxIndirectW 7741E9C3 5 Bytes JMP 6B500067 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] USER32.dll!MessageBoxExA 7741EA29 5 Bytes JMP 6B500005 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2300] USER32.dll!MessageBoxExW 7741EA4D 5 Bytes JMP 6B4FFFA3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\iPod\bin\iPodService.exe[2528] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\iPod\bin\iPodService.exe[2528] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Program Files\iPod\bin\iPodService.exe[2528] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2528] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00200A08
.text C:\Program Files\iPod\bin\iPodService.exe[2528] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 002003FC
.text C:\Program Files\iPod\bin\iPodService.exe[2528] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00200804
.text C:\Program Files\iPod\bin\iPodService.exe[2528] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 002001F8
.text C:\Program Files\iPod\bin\iPodService.exe[2528] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00200600
.text C:\Windows\system32\SearchIndexer.exe[2628] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[2628] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[2628] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2628] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00140A08
.text C:\Windows\system32\SearchIndexer.exe[2628] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 001403FC
.text C:\Windows\system32\SearchIndexer.exe[2628] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00140804
.text C:\Windows\system32\SearchIndexer.exe[2628] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 001401F8
.text C:\Windows\system32\SearchIndexer.exe[2628] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00140600
.text C:\Windows\system32\WUDFHost.exe[2804] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\WUDFHost.exe[2804] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\WUDFHost.exe[2804] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[2804] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00190A08
.text C:\Windows\system32\WUDFHost.exe[2804] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 001903FC
.text C:\Windows\system32\WUDFHost.exe[2804] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00190804
.text C:\Windows\system32\WUDFHost.exe[2804] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 001901F8
.text C:\Windows\system32\WUDFHost.exe[2804] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00190600
.text C:\Windows\system32\taskeng.exe[3340] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000A03FC
.text C:\Windows\system32\taskeng.exe[3340] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000A01F8
.text C:\Windows\system32\taskeng.exe[3340] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3340] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00130A08
.text C:\Windows\system32\taskeng.exe[3340] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 001303FC
.text C:\Windows\system32\taskeng.exe[3340] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00130804
.text C:\Windows\system32\taskeng.exe[3340] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 001301F8
.text C:\Windows\system32\taskeng.exe[3340] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00130600
.text C:\Windows\system32\svchost.exe[3468] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3468] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3468] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\ProgramData\71INKUmw.exe[3768] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 001503FC
.text C:\ProgramData\71INKUmw.exe[3768] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 001501F8
.text C:\ProgramData\71INKUmw.exe[3768] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\ProgramData\71INKUmw.exe[3768] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 001E0A08
.text C:\ProgramData\71INKUmw.exe[3768] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 001E03FC
.text C:\ProgramData\71INKUmw.exe[3768] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 001E0804
.text C:\ProgramData\71INKUmw.exe[3768] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 001E01F8
.text C:\ProgramData\71INKUmw.exe[3768] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 001E0600
.text C:\Windows\system32\svchost.exe[3796] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[3796] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[3796] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 6B3E8362 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!CallNextHookEx 773CCC8F 5 Bytes JMP 6B3C9D40 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 000F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!CreateWindowExW 773D0E51 5 Bytes JMP 6B3D812F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 6B38461B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!DialogBoxIndirectParamW 773F4AA7 5 Bytes JMP 6B5001A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!DialogBoxParamW 773F564A 5 Bytes JMP 6B2F4B87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 000F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!DialogBoxParamA 7740CF6A 5 Bytes JMP 6B50013D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!DialogBoxIndirectParamA 7740D29C 5 Bytes JMP 6B500203 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!MessageBoxIndirectA 7741E8C9 5 Bytes JMP 6B5000D2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!MessageBoxIndirectW 7741E9C3 5 Bytes JMP 6B500067 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!MessageBoxExA 7741EA29 5 Bytes JMP 6B500005 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] USER32.dll!MessageBoxExW 7741EA4D 5 Bytes JMP 6B4FFFA3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] ole32.dll!OleLoadFromStream 75F45BF6 5 Bytes JMP 6B5004FE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4044] ole32.dll!CoCreateInstance 75F9590C 5 Bytes JMP 6B3D8C1D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Windows\system32\AUDIODG.EXE[5440] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 000503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 000501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 6B3E8362 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!CallNextHookEx 773CCC8F 5 Bytes JMP 6B3C9D40 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 000F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!CreateWindowExW 773D0E51 5 Bytes JMP 6B3D812F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 6B38461B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 000F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!DialogBoxIndirectParamW 773F4AA7 5 Bytes JMP 6B5001A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!DialogBoxParamW 773F564A 5 Bytes JMP 6B2F4B87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 000F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!DialogBoxParamA 7740CF6A 5 Bytes JMP 6B50013D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!DialogBoxIndirectParamA 7740D29C 5 Bytes JMP 6B500203 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!MessageBoxIndirectA 7741E8C9 5 Bytes JMP 6B5000D2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!MessageBoxIndirectW 7741E9C3 5 Bytes JMP 6B500067 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!MessageBoxExA 7741EA29 5 Bytes JMP 6B500005 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5664] USER32.dll!MessageBoxExW 7741EA4D 5 Bytes JMP 6B4FFFA3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Users\Aura\Desktop\8hyl4wb5.exe[6036] ntdll.dll!LdrUnloadDll 7775BD1F 5 Bytes JMP 001603FC
.text C:\Users\Aura\Desktop\8hyl4wb5.exe[6036] ntdll.dll!LdrLoadDll 7775F425 5 Bytes JMP 001601F8
.text C:\Users\Aura\Desktop\8hyl4wb5.exe[6036] kernel32.dll!GetBinaryTypeW + 70 762B78FC 1 Byte [62]
.text C:\Users\Aura\Desktop\8hyl4wb5.exe[6036] USER32.dll!UnhookWindowsHookEx 773CCC7B 5 Bytes JMP 00210A08
.text C:\Users\Aura\Desktop\8hyl4wb5.exe[6036] USER32.dll!UnhookWinEvent 773CD924 5 Bytes JMP 002103FC
.text C:\Users\Aura\Desktop\8hyl4wb5.exe[6036] USER32.dll!SetWindowsHookExW 773D210A 5 Bytes JMP 00210804
.text C:\Users\Aura\Desktop\8hyl4wb5.exe[6036] USER32.dll!SetWinEventHook 773D507E 5 Bytes JMP 002101F8
.text C:\Users\Aura\Desktop\8hyl4wb5.exe[6036] USER32.dll!SetWindowsHookExA 773F6DFA 5 Bytes JMP 00210600

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

#3 Dennise08

Dennise08
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 09 April 2012 - 01:12 AM

GMER cont.

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F7778F70-8131-11E1-A3B7-6C626D8CB397}.dat 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F7778F71-8131-11E1-A3B7-6C626D8CB397}.dat 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F7778F72-8131-11E1-A3B7-6C626D8CB397}.dat 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6551BA7-8131-11E1-A3B7-6C626D8CB397}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DCCE3660-8131-11E1-A3B7-6C626D8CB397}.dat 4096 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DCCE3668-8131-11E1-A3B7-6C626D8CB397}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EAD0F187-8131-11E1-A3B7-6C626D8CB397}.dat 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F1652D97-8131-11E1-A3B7-6C626D8CB397}.dat 3584 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F1652D98-8131-11E1-A3B7-6C626D8CB397}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F1652D99-8131-11E1-A3B7-6C626D8CB397}.dat 4608 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\sh082[1].html 42022 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\show[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\show_ads[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\socket.io[1].js 42299 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\aj_gbn_dblclicks[1].js 3213 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\api[1].txt 105 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\TTT[1].swf 245941 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\lightr_gdt[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\loginControl[1].js 11810 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\hover_sound_on_button_300x250[1].png 5745 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\i2[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\i2[2].htm 725 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\i2[3].htm 725 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ql9vukDCc4R[1].png 1177 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\qn_random[1].gif 630 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\rs[1].js 28387 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\S2s76rwkqf2e_w200[1].jpg 33288 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\S2sd6rwqt893_w200[1].jpg 44306 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\Sale_Spring_Pantech_111095_160x600_040312[1].swf 34537 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\set[1].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\InBannerVideo[1].swf 29941 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\index-ie[1].css 11077 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\8236287e39d41f51d4cacab8961d8e97[1].gif 19601 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\85978_US_2012_Q2_Brand_Cross_Vertical_300x250[1].js 4291 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\85978_US_2012_Q2_Brand_Cross_Vertical_300x250[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\8807455732131993243[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\9d05518b2d2c0afde9ffbfc5815eda90[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\;ord=3056879480031663794[1].htm 800 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\;ord=3113649105352332439[1].htm 16495 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\;ord=3498891075239591849[1].htm 16483 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\;ord=3808217604899782569[1].htm 16483 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\;ord=3808217604899782569[2].htm 798 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\;ord=4003848793672649743[1].htm 16535 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\;ord=4027571990627769856[1].htm 800 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\;ord=4072923519793089279[1].htm 800 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\;ord=4115306520010484339[1].htm 798 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\;ord=4356949748017486167[1].htm 800 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\;ord=7392340516139788589[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\;ord=7392340516139788589[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\;ord=8207757340085224912[1].htm 798 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\;ord=8720514410590606080[1].htm 16485 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\a3e7fcb1e2655552b5570041b25e6d1[1].swf 28138 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\class-120x600[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\click[1].htm 6705 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\click[2].htm 6589 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\click[4] 10276 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\click[5] 7772 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\passback.c.r[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\pop-11[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\prWriteCode[1].js 42 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\player[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\engagement[1].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\bookmark[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\button1[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\caCAFWFUA8 16337 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\03.05.12_BPSpringBreak_MSN_40K_728x90_A[1].swf 27404 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\11039923707@x71[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\11442917810@x23[1].htm 2187 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\120209_22_BUN_DBL_FeaturesPlus_70_160x600[1].swf 44433 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\1305583660486[1].png 3647 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\1328661820-sharegames-1-2[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\N3%20Artisan_728x90[1].jpg 35433 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ncript237[1].js 7132 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ohiogamefishing[1].com 59 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\updated_ETF_FCS1_300x250[1].swf 38982 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\viapi[1].xml 88 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\visit[1].js 844 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\visit[2].js 1164 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\widget081[1].css 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\WWA_Spring12_Brand_JH_LoveHowIFeel_728x90[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\1d32601b3-6277-4ba5-82de-d3e7919ab383@x90[1] 2132 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\26770X872751.skimlinks[1].js 28915 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\37536[1].gif 43 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\41813_10868409830_9730_q[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\4257[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\4512[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\4643[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\4746[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\4916[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\5-1004810[1].js 203 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\5208[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\53739d16-d4cb-4e89-91df-9f2871cceb54[1] 30234 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\5381[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\5384[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\5389[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ace-createaccount-popup[1].js 7049 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\get.code[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\get.hash[1].php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\g[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\adsCAELA2BI.js 9926 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\adsCAX4K75C.js 9787 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\expansion_embed[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\f3KaqM7xIBg[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\f581b3d240f3e9f38c9039a9ae46905[1].gif 11783 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\find_ad[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\flash[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\fmr[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\fm[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\fm[2].js 2598 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\fm[3].js 2561 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\fm[4].js 2495 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\fp[1] 22973 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\documentwrite[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\dppix[1].html 7915 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\tags[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\tools.flashembed-1.0.4.min[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\tr-clk[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ads[10].js 9787 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ads[11].js 10441 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ads[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ads[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ads[3].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ads[4].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ads[5].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ads[6].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ads[7].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ads[8].js 10047 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ads[9].js 9787 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;grp=[group];misc=1333858783864[1] 1493 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\ad_choices_en[2].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\clk[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\clk[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\clk[3].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\CollisionAdMarker[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\crossdomain[1].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\crossdomain[2].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\crossdomain[3].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\crossdomain[4].xml 269 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\xml[1].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\x[1].gif 1331 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\yui-reset[1].css 1473 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\5390[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\5394[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\5396[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\5403[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\5408[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\573189_100003622905810_900608118_q[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\5d578ef83d877257cbee0bd9e4b07536[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\6a4f9ef39a57f44a7d219c9579a8d1c7[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\blank[1].mp4 5669 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\crossdomain[6].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\c[1].js 1000 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\dar_youknowbest_com[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\dar_youknowbest_com[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\dar_youknowbest_com[3].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\dar_youknowbest_com[4].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\dar_youknowbest_com[5].htm 1748 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\jquery.min[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\js[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\js[2] 1356 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\js[3] 1292 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\js[4] 1286 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\js[5] 1304 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\jwplayer-5.7[1].js 133009 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\banner[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\banner[2] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\banner[3] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\bbk[1].css 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\1531[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\160x600_ad1_career_002_2_17_NonGames[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\1638903911@x23[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\crossdomain[5].xml 151 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXR2HF81\AdFrame_2016[1].json 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\companions[1].js 12565 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\surly[1].js 2101 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\fantapper_com[1].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\fb_signin_icon[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\fm[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\fm[2].js 3377 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\fm[3].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\dar_youknowbest_com[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\dar_youknowbest_com[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\dar_youknowbest_com[3].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\dar_youknowbest_com[4].htm 1748 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\dar_youknowbest_com[5].htm 1748 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\PortalServe[2] 665 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\PortalServe[2].htm 18023 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\fp[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\ci[1].png 1525 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\banner[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\banner[1].htm 5370 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\banner[2] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\banner[3] 5916 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\AdControl[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\0c189f68-4dd2-45b3-95bb-448a3d2ff226[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\1-11686-Nespresso-Banners-160x600[1].swf 35953 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\dpx[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\S2s66rwnn3sm_w200[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\S2w16s4kj3j0_w200[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\S2w86rw9psj2_w200[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\liverail_preroll[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\1[1].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\i2[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\i2[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\viapi[1].xml 155 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\viapi[2].xml 84 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\vi_player[1].js 17421 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\ads[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\ads[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\ads[3].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\ads[4].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\ads[5].js 9500 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\ads[6].js 9787 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\ads[7].js 9787 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\tattooartists[1].org 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\;ord=2371037256021607888[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\;ord=3182901427204685729[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\;ord=4027571990627769856[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\;ord=4552569591201487191[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\;ord=7367830141465363070[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\;ord=8108928819253826405[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\;ord=8541335425254971898[1].htm 800 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\;ord=8720514410590606080[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\x[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\dvtp_src[1].js 7832 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\Shell_160x600[1].swf 8059 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\546[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\546[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RWFRL000\AdFrame_2014[1].json 599 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\1-US_FY12-MarApr_Tribal_BANNER_GW_LASweeps_flash_728x90[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\lineageland[1].ru 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\Loading[1].swf 2018 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\click[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\click[3].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\AdControl[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\adc_wfp_smokeygetrid_300x250[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\AdFrame_2017[1].json 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\d5cfcffc8c61de1b0cbb1d6dc7eebe22[1].swf 39571 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\dar_youknowbest_com[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\dar_youknowbest_com[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\;ord=8244994471563929854[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\S2s66rwnn3sp_w200[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\S2s66rwnn3sr_w200[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\S2sf6rsmx9zp_w200[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\ads[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\ads[3].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\ads[4].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\ads[5].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\ultimatemotorcycling[1].com 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\2105d96b7877d8fb41416ca3f1946edc[1].swf 8682 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\viapi[1].xml 155 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\tr-clk[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\trans[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\Dex_wedding_160x600[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\dvtp_src[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\js[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\js[2] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\js[3] 1283 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\banner[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\banner[2] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\banner[3] 5988 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\4552[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\4552[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\caCAB4FPQJ 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\pm[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\PortalServe[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\PRScript[1].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\fm[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\fm[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZAKRLB\getjs[2].aspx 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\HM_AQ_GA_SansDeleteButton_ENUS_728x90[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\hypegames[1].com 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\gamesweasel[1].com 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\genreicons[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\GenreWidget[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\getdata[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\get[2].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\h1_gradient[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\clk[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\commonsensewithmoney[1].com 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\Controller[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\createUserControl[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\crochet-world[1].com 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\crossdomain[2].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\crossdomain[3].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\2-newLloyds_nocalc_300x250[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\203274_100002533176233_3465809_q[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\2283807869c5e6c592d978b66e361e3d[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\22fa192417114077180502ec8ab0fbfc[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\3482d79cfb5d961709713a43a2b42f65[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\4259[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\4367[1].xml 12793 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\4378[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\4499[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\4996[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\5027[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\viapi[1].xml 222 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\visit[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\vpaid_adapter[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\WebSocketMain[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\WWA_Spring12_Brand_JH_USNWR_Easiest_300x250[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\xd_proxy[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\xrefid[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\x[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\zw05_160x600_1009ext[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\dvtp_src[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\e8b1780d1cdc2f336b4a7ae7eb741b27[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\engagement[1].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\engagement[2].xml 95 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\banner[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\banner[2] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\banner[3] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\beacon[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\beacon[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\static-100x75-c966f0a[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\jquery.tools.min[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\js[3] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\js[4] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\js[5] 1304 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\![1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\right[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\S2s96rwa555g_w200[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\S2sb6rwa759r_w200[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\S2w46s4kvbbb_w200[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\set[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\Shell_160x600[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\show[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\si[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\l_kYQEMzvfA[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\ads[10].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\ads[11].js 9926 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\ads[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\favorites[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\finish_jdra_leftovers15_rev_us_linear_450x360_as3[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\flashwrite_1_2[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\flash[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\ForwardIFull_0[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\fo[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\AdFrame_2019[1].json 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\AdFrame_2021[1].json 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\AdId=2567906;BnId=1;ct=813290368;st=4771;adcid=1;itime=858741690;reqtype=5;[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\80367900-29cb-4634-828d-cefa88c32d74[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\85978_US_2012_Q2_Brand_Cross_Vertical_300x250[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\899f32264f51d194dff3d695df22a309[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\;ord=2574711721202038212[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\;ord=2586975837863708112[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\;ord=2689624975403225856[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\;ord=3086377651569414968[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\;ord=3113649105352332439[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\;ord=3203150547956636816[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\;ord=3265435126060651264[1].htm 800 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\;ord=4072923519793089279[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\;ord=4072923519793089279[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\;ord=4408796729364561207[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\;ord=6961021591869983759[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\;ord=7285366441750227571[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\@x94[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\a3e7fcb1e2655552b5570041b25e6d1[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\mrmovietimes[1].com 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\mt[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\mt[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\null[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\p030kt_4FXu[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\crossdomain[5].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\c_100_us[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\dar_youknowbest_com[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\dar_youknowbest_com[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\dar_youknowbest_com[3].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\dar_youknowbest_com[4].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\dar_youknowbest_com[5].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\dar_youknowbest_com[6].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\dar_youknowbest_com[7].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\dar_youknowbest_com[8].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\dar_youknowbest_com[9].htm 1748 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\casale-728[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\ads[5].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\ads[6].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\ads[7].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\ads[8].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\ads[9].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\adv2[1].jsp 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\ad[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\5378[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\5379[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\5385[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\5386[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\5393[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\5398[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\573602_100003242261173_820225567_q[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\62c6c91a03e6a19ce1b63cb44701a56d[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\698aca63c26a4310f9773ae4d46dc9a5[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\ad_call[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\ad_choices_i_UR[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\ad_choices_UR[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\ace-account-verification[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\ace-alert[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\ace-utils[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\aceUAC[1].js 16842 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\Ad.autoLoad[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\redvase[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\red_blob[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\red_gdt[1].gif 176 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\refi-200x150-fa739d3[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\LiveRail.Interstitial-1.0.min[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\logo[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\br_fob[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\qn_action[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\qn_adventure[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\qn_arcade[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\qn_puzzle[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\qn_sports[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\10926-BrightRollRetargeting-Elizabeth-728x90[1].flv 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\1301347487821[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\132[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\almuraba[1].net 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\quant[1].js 5299 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\Pix-1x1[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\click[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\lysol_intoiletbowl_reflection15_etailing_us_linear_450x360_as3[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\1px[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\1vGqA-l6BPK[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\surly[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\surly[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\surly[3].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\surly[4].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\T5Rs2_ktfdr[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\tap[2].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\telemetry_player_vpaid_as3[2].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\display[1].php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\dppix[1].html 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TBPQOOT8\dpx[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\HM_AQ_GA_MobileSlotMachineSU_ENUS_728x90[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\i2[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\i2[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\tf_adChoice10[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\tr-clk[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\Track[1].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\;ord=3498891075239591849[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\ads[4].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\ads[4].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\ads[5].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\ads[6].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\ads[7].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\clk[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\clk[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\clk[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\cms-2-frame[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\connect_using_fb[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\cookies[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\core003[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\InBannerVideo[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\India_banner[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\i[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\jquery-ui.min[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\jquery.min[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\1531[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\1d32601b3-6277-4ba5-82de-d3e7919ab383@x90[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\displayAd[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\DLX@x72[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\dot[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\login_logo[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\mt[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\mt[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\newsandtribune[1].com 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\osd[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\ova[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\ad_choices_i[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\fantapper[1].com 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\fcbb08e8c9a6812a4967f3be44e10027[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\adframe.min.4a[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\AdFrame_2013[2].json 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\AdFrame_2018[2].json 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\AdId=2487995;BnId=3;itime=858672449;nodecode=yes;link=[insert%20click%20tracking%20here][1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\AdId=2567907;BnId=1;ct=846298853;st=5068;adcid=1;itime=858774326;reqtype=5;[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\AdId=2647920;BnId=1;ct=772030026;st=1741;adcid=1;itime=858672449;reqtype=5;[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\crossdomain[1].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\crossdomain[2].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\cutildee6d705a5077f097c8c64e02d002b24[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\dapAdChoice[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\dar_youknowbest_com[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\dar_youknowbest_com[3].htm 1748 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\surly[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\s[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\telemetry_player_vpaid_as3[3].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\S2s66rwnn3ss_w200[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\S2w36qw97jpx_w200[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\S2w86s4kvcrv_w200[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\aggieathletics[1].com 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\all[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\drinkoftheweek[1].com 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\engagement[1].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\engagement[2].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\V3player[1].swf 26058 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\ImageAdLoader[1].swf 11928 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\imgad[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\2532[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\2532[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\274930_100000867254964_1911852510_q[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\35149f5f-c0bf-4ee2-8351-a11514130651[1] 34883 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\3ddfc84cd3885d4534dbd88e4a9d4768[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\41480_100001041915225_2196606_q[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\4642[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\4667[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\4913[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\4[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\5382[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\5383[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\5391[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\5399[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\5400[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\5401[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\5404[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\5405[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\5406[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\5407[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\6238afb1007089f07d7bae115b081125[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\fundognames[1].com 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\gaware[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\getCode[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\gmpix-0.9e-live[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\g[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\flash[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\flash[2].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\fm[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\fm[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\fm[3].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\fm[4].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\pixel[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\pixel[2].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\box_77_top-left[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\box_77_top-right[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\1-newLloyds_nocalc_728x90[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\11039923707@x96[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\1333858756[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\Shell_160x600[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\showad[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\smallstar[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\splashControl[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\left[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\light_gdt[1].gif 147 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\;ord=4003848793672649743[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\;ord=4408796729364561207[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\;ord=7182449920007571365[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\;ord=7182449920007571365[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\;ord=7285366441750227571[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\;ord=7367830141465363070[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\;ord=7421708048258140069[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\;ord=8244994471563929854[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\ace-alert2[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\ace-alert[1].css 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\ace-login[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\ace-reset-password[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\visit[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\visit[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\workawesome[1].com 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\work[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\xml[1].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\xml[2].xml 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\x[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\x[2].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\b100x100_GC_3[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\baseball.realgm[1].com 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\q9T5l3Sx81U[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\qn_casino[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\qn_shooting[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\render_ads[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\caCAD6TSM4 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\adsbymf[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\adchoice_1.4[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\star[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\CATWTXBI.HTM 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\cc22e130e5104f56d33a1d850042df7c[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\click[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\click[2] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\click[3] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\click[4] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TCWHLT6F\click[5] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\js[2] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\telemetry_player_vpaid_as3[2].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\getjs[1].aspx 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\ads[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\ads[3].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\ads[4].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\ads[5].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\ads[6].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\fm[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\fm[2].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\fm[3].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\fm[4].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\fm[5].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\fp[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\swfobject[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\AdId=2548885;BnId=1;ct=849964507;st=1246;adcid=1;itime=858778959;reqtype=5;[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\admeld-match[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\Track[1].txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\S2s66rwnn3st_w200[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\S2w76s4kj8hj_w200[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\;ord=2970774706455616178[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\;ord=8207757340085224912[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\;ord=8253609160601326437[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\1326126768888[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\viapi[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\banner[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\blank[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\box_19_top-right[1].png 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\dot[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\Monkey_ExpenseReport_160x600_NonGames[1].jpg 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\numberOfDays[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\1ca64212c-1ae6-4075-8f52-34ff36c55449@x90[1] 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\2c88a3f9012b68e61a2357ddfa1775e4[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\318142a31df7dea25894cda740bd9990[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\4-1004808[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\5-1004812[1].js 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\5db65acfd3ede1cda075a24abf97f48c[1].swf 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\6c86df1598d0c8e7e5a855cf8c57c3da[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\grist[1].org 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\dar_youknowbest_com[1].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\dar_youknowbest_com[2].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\dar_youknowbest_com[3].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\dar_youknowbest_com[4].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\dar_youknowbest_com[5].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UF2TCMUI\dar_youknowbest_com[6].htm 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\81KGNEWZ.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0SG3LI84.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\C3368HI0.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CKK4ZM3U.txt 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\K9Y5PR78.txt 0 bytes
File C:\Windows\Temp\~DFADBCAB46BBDFAD52.TMP 0 bytes
File C:\Windows\Temp\~DFD74ED1F54637D2A0.TMP 0 bytes
File C:\Windows\Temp\~DFDF7A3FC20D3D67F2.TMP 512 bytes
File C:\Windows\Temp\~DF87C5378327FA5E0A.TMP 16384 bytes
File C:\Windows\Temp\~DF887CDBD886C5E460.TMP 32768 bytes
File C:\Windows\Temp\~DF8B13366D928EF4F7.TMP 0 bytes
File C:\Windows\Temp\~DFF93067531B54706F.TMP 0 bytes
File C:\Windows\Temp\~DF696E94F1692A51BF.TMP 512 bytes

---- EOF - GMER 1.0.15 ----

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 AM

Posted 09 April 2012 - 01:34 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 AM

Posted 11 April 2012 - 11:20 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:54 AM

Posted 14 April 2012 - 11:47 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users