Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I'm infected - High Disk / Resource Activity


  • This topic is locked This topic is locked
8 replies to this topic

#1 Gryphon410

Gryphon410

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 22 July 2011 - 11:49 AM

My computer was seeming to have a lot of network, disk and memory activity on it yesterday and when I looked at the services it seemed that SYSTEM PID 4 was going crazy with the files it was accessing. I also found services that seemed suspicious like TrkWks which Here - BleepingComputer Reference it looks like it's a bad thing.

I had tried running Malwarebytes or Sophos in Safemode with no luck and found myself with some internet redirects after trying to mess around. I did a system restore but I'm thinking that was effortless and that my infection is still residing somewhere.

Anyway, need to know where to start and what I can do to find out if I'm infected and what to do about it.

OS is Windows 7. Lenovo Thinkpad Laptop.

Thanks,
Doug

Edited by Gryphon410, 22 July 2011 - 11:49 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:19 AM

Posted 22 July 2011 - 07:50 PM

Hello, Did you install MBAM in Safe or Normal mode.

Lets do these next and see how you are.

Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Gryphon410

Gryphon410
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 23 July 2011 - 08:31 AM

MBAM was already on my computer and I can't remember if it was installed in Safe or Normal mode.

As for the logs, here they are -

TDSSKiller.txt -

2011/07/23 00:02:12.0476 9472 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/23 00:02:13.0131 9472 ================================================================================
2011/07/23 00:02:13.0131 9472 SystemInfo:
2011/07/23 00:02:13.0131 9472
2011/07/23 00:02:13.0131 9472 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/23 00:02:13.0131 9472 Product type: Workstation
2011/07/23 00:02:13.0131 9472 ComputerName: DWARD
2011/07/23 00:02:13.0131 9472 UserName: dward
2011/07/23 00:02:13.0131 9472 Windows directory: C:\Windows
2011/07/23 00:02:13.0131 9472 System windows directory: C:\Windows
2011/07/23 00:02:13.0131 9472 Running under WOW64
2011/07/23 00:02:13.0131 9472 Processor architecture: Intel x64
2011/07/23 00:02:13.0131 9472 Number of processors: 4
2011/07/23 00:02:13.0131 9472 Page size: 0x1000
2011/07/23 00:02:13.0131 9472 Boot type: Normal boot
2011/07/23 00:02:13.0131 9472 ================================================================================
2011/07/23 00:02:16.0266 9472 Initialize success
2011/07/23 00:02:49.0136 7544 ================================================================================
2011/07/23 00:02:49.0136 7544 Scan started
2011/07/23 00:02:49.0136 7544 Mode: Manual;
2011/07/23 00:02:49.0136 7544 ================================================================================
2011/07/23 00:02:51.0990 7544 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/23 00:02:52.0084 7544 5U877 (708ccd77b9363f245d9f9ace480824ca) C:\Windows\system32\DRIVERS\5U877.sys
2011/07/23 00:02:52.0162 7544 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/23 00:02:52.0209 7544 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/23 00:02:52.0380 7544 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/23 00:02:52.0490 7544 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/23 00:02:52.0552 7544 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/23 00:02:52.0630 7544 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/07/23 00:02:52.0770 7544 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/23 00:02:52.0848 7544 AirDisplay (e685ff61decf1a5e47df309bbb962ca4) C:\Windows\system32\DRIVERS\AVVideoCard.sys
2011/07/23 00:02:52.0973 7544 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/23 00:02:53.0036 7544 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/23 00:02:53.0098 7544 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/23 00:02:53.0160 7544 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/23 00:02:53.0301 7544 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/23 00:02:53.0348 7544 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/23 00:02:53.0410 7544 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/23 00:02:53.0504 7544 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/07/23 00:02:53.0597 7544 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/07/23 00:02:53.0706 7544 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/23 00:02:53.0784 7544 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/23 00:02:53.0847 7544 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/23 00:02:53.0972 7544 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/07/23 00:02:54.0096 7544 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/07/23 00:02:54.0174 7544 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/07/23 00:02:54.0268 7544 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/23 00:02:54.0362 7544 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/23 00:02:54.0471 7544 bpenum (1fd2d23c6768cd4fe1278db3ecf8231a) C:\Windows\system32\DRIVERS\bpenum.sys
2011/07/23 00:02:54.0533 7544 bpmp (f476ff697dc01079ff515adfa58bbaf2) C:\Windows\system32\DRIVERS\bpmp.sys
2011/07/23 00:02:54.0580 7544 bpusb (cc24cdfcc1b8af73cbc66a8be652f844) C:\Windows\system32\Drivers\bpusb.sys
2011/07/23 00:02:54.0627 7544 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/23 00:02:54.0674 7544 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/23 00:02:54.0736 7544 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/07/23 00:02:54.0783 7544 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/23 00:02:54.0845 7544 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/23 00:02:54.0892 7544 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/23 00:02:55.0017 7544 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/07/23 00:02:55.0079 7544 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/23 00:02:55.0142 7544 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/07/23 00:02:55.0188 7544 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/07/23 00:02:55.0298 7544 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/07/23 00:02:55.0407 7544 CAXHWAZL (48360b88c4bf45850653bb7c86888ed4) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
2011/07/23 00:02:55.0469 7544 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/23 00:02:55.0547 7544 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/23 00:02:55.0625 7544 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/23 00:02:55.0703 7544 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/07/23 00:02:55.0875 7544 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/23 00:02:55.0922 7544 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/23 00:02:55.0984 7544 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/07/23 00:02:56.0140 7544 CnxtHdAudService (22bc1c27274d1cb1c3a8c14cdba0cdf2) C:\Windows\system32\drivers\CHDRT64.sys
2011/07/23 00:02:56.0234 7544 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/23 00:02:56.0358 7544 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/23 00:02:56.0452 7544 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/23 00:02:56.0546 7544 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/07/23 00:02:56.0670 7544 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
2011/07/23 00:02:56.0795 7544 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
2011/07/23 00:02:56.0873 7544 dc3d (26c9db5fb11aa1c90ca4b7a986cca4f3) C:\Windows\system32\DRIVERS\dc3d.sys
2011/07/23 00:02:57.0029 7544 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/07/23 00:02:57.0092 7544 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/07/23 00:02:57.0201 7544 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/07/23 00:02:57.0294 7544 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
2011/07/23 00:02:57.0435 7544 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/07/23 00:02:57.0638 7544 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/23 00:02:57.0809 7544 DzHDD64 (5bdef3faa1bfd9c9c5d3dc972049f0fa) C:\Windows\system32\DRIVERS\DzHDD64.sys
2011/07/23 00:02:57.0887 7544 e1kexpress (3fac023e44bcae77e62770f8fd476a2a) C:\Windows\system32\DRIVERS\e1k62x64.sys
2011/07/23 00:02:58.0028 7544 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/07/23 00:02:58.0246 7544 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/07/23 00:02:58.0340 7544 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/23 00:02:58.0402 7544 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/23 00:02:58.0574 7544 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/07/23 00:02:58.0636 7544 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/07/23 00:02:58.0698 7544 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/23 00:02:58.0776 7544 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/07/23 00:02:58.0808 7544 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/07/23 00:02:58.0886 7544 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/23 00:02:59.0026 7544 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/07/23 00:02:59.0104 7544 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/07/23 00:02:59.0151 7544 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/23 00:02:59.0229 7544 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/23 00:02:59.0291 7544 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/23 00:02:59.0447 7544 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/23 00:02:59.0541 7544 hcmon (fa675389630dcf26cac45ed036a1e146) C:\Windows\system32\drivers\hcmon.sys
2011/07/23 00:02:59.0588 7544 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/23 00:02:59.0650 7544 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/07/23 00:02:59.0728 7544 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/23 00:02:59.0868 7544 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/07/23 00:02:59.0931 7544 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/23 00:03:00.0009 7544 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/23 00:03:00.0056 7544 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/23 00:03:00.0134 7544 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/23 00:03:00.0243 7544 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/23 00:03:00.0352 7544 HSF_DPV (f6ac1087a131fbb385400667bea64fbe) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/07/23 00:03:00.0461 7544 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/07/23 00:03:00.0586 7544 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/23 00:03:00.0648 7544 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/23 00:03:00.0726 7544 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
2011/07/23 00:03:00.0804 7544 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/07/23 00:03:00.0914 7544 IBMPMDRV (3761fab385f1c2f51b2fad48cfabbe9d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
2011/07/23 00:03:01.0226 7544 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/23 00:03:01.0600 7544 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/23 00:03:01.0678 7544 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/07/23 00:03:01.0772 7544 IntcDAud (d248aae81c156c0d47a77cd61bc24cd4) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/07/23 00:03:01.0818 7544 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/23 00:03:01.0912 7544 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/23 00:03:02.0052 7544 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/23 00:03:02.0115 7544 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/23 00:03:02.0177 7544 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/07/23 00:03:02.0240 7544 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/07/23 00:03:02.0302 7544 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/23 00:03:02.0364 7544 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/23 00:03:02.0474 7544 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/23 00:03:02.0583 7544 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/23 00:03:02.0661 7544 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/23 00:03:02.0708 7544 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/23 00:03:02.0754 7544 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/07/23 00:03:02.0895 7544 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys
2011/07/23 00:03:03.0020 7544 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/23 00:03:03.0176 7544 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
2011/07/23 00:03:03.0254 7544 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
2011/07/23 00:03:03.0363 7544 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
2011/07/23 00:03:03.0550 7544 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/23 00:03:03.0612 7544 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/23 00:03:03.0659 7544 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/23 00:03:03.0722 7544 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/23 00:03:03.0800 7544 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/07/23 00:03:03.0909 7544 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/23 00:03:04.0049 7544 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/23 00:03:04.0112 7544 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/23 00:03:04.0190 7544 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/07/23 00:03:04.0268 7544 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/23 00:03:04.0330 7544 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/23 00:03:04.0470 7544 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/23 00:03:04.0517 7544 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/07/23 00:03:04.0580 7544 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/23 00:03:04.0642 7544 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/23 00:03:04.0736 7544 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/23 00:03:04.0798 7544 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/23 00:03:04.0860 7544 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/23 00:03:04.0907 7544 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/23 00:03:05.0048 7544 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/23 00:03:05.0094 7544 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/23 00:03:05.0188 7544 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/07/23 00:03:05.0235 7544 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/23 00:03:05.0297 7544 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/23 00:03:05.0453 7544 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/23 00:03:05.0500 7544 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/23 00:03:05.0562 7544 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/07/23 00:03:05.0625 7544 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/07/23 00:03:05.0687 7544 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/23 00:03:05.0750 7544 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/07/23 00:03:05.0812 7544 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/23 00:03:05.0874 7544 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/07/23 00:03:06.0046 7544 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/23 00:03:06.0108 7544 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/07/23 00:03:06.0202 7544 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/23 00:03:06.0327 7544 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/23 00:03:06.0405 7544 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/23 00:03:06.0452 7544 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/23 00:03:06.0514 7544 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/07/23 00:03:06.0608 7544 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/23 00:03:06.0748 7544 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/23 00:03:06.0998 7544 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
2011/07/23 00:03:07.0388 7544 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/07/23 00:03:07.0606 7544 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/23 00:03:07.0668 7544 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/07/23 00:03:07.0840 7544 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/23 00:03:07.0934 7544 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/07/23 00:03:08.0027 7544 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/07/23 00:03:08.0433 7544 nvlddmkm (6ef8c7a051804570000670800f6174fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/23 00:03:08.0870 7544 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/23 00:03:08.0932 7544 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/07/23 00:03:09.0041 7544 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/23 00:03:09.0119 7544 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/23 00:03:09.0228 7544 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/07/23 00:03:09.0369 7544 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/07/23 00:03:09.0525 7544 PCDSRVC{127174DC-C366ED8B-06020000}_0 (acd84d961942e2204a4475f9af356f2e) c:\program files\pc-doctor\pcdsrvc_x64.pkms
2011/07/23 00:03:09.0603 7544 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/07/23 00:03:09.0650 7544 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/23 00:03:09.0790 7544 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/23 00:03:09.0837 7544 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/07/23 00:03:09.0899 7544 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/07/23 00:03:10.0118 7544 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys
2011/07/23 00:03:10.0227 7544 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/23 00:03:10.0274 7544 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/07/23 00:03:10.0383 7544 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
2011/07/23 00:03:10.0508 7544 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/23 00:03:10.0601 7544 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/23 00:03:10.0664 7544 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/23 00:03:10.0726 7544 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/23 00:03:10.0851 7544 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/23 00:03:10.0944 7544 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/23 00:03:10.0991 7544 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/23 00:03:11.0054 7544 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/23 00:03:11.0116 7544 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/23 00:03:11.0178 7544 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/23 00:03:11.0241 7544 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/23 00:03:11.0288 7544 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/23 00:03:11.0444 7544 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/07/23 00:03:11.0506 7544 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/23 00:03:11.0568 7544 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/23 00:03:11.0646 7544 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/07/23 00:03:11.0709 7544 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/07/23 00:03:11.0974 7544 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/07/23 00:03:12.0036 7544 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys
2011/07/23 00:03:12.0099 7544 rixdpcie (be42f817597d3049960a54ce280c2493) C:\Windows\system32\DRIVERS\rixdpe64.sys
2011/07/23 00:03:12.0192 7544 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/23 00:03:12.0317 7544 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/07/23 00:03:12.0442 7544 SAVOnAccess (d9057e8ca97628e275979a09ea66b34b) C:\Windows\system32\DRIVERS\savonaccess.sys
2011/07/23 00:03:12.0520 7544 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/23 00:03:12.0598 7544 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/23 00:03:12.0738 7544 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
2011/07/23 00:03:12.0785 7544 sdcfilter (894bfbec492e9e838d9e4406a90a3edb) C:\Windows\system32\DRIVERS\sdcfilter.sys
2011/07/23 00:03:12.0894 7544 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/23 00:03:12.0988 7544 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/23 00:03:13.0050 7544 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/07/23 00:03:13.0160 7544 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/23 00:03:13.0238 7544 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/23 00:03:13.0284 7544 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/23 00:03:13.0347 7544 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/23 00:03:13.0394 7544 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/23 00:03:13.0487 7544 Shockprf (29e316de2c0261c30c08f872032c53a2) C:\Windows\system32\DRIVERS\Apsx64.sys
2011/07/23 00:03:13.0565 7544 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/23 00:03:13.0690 7544 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/23 00:03:13.0737 7544 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/07/23 00:03:13.0846 7544 smihlp (c5b1a19b14f19b08ae72fcb20a3075b6) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
2011/07/23 00:03:14.0018 7544 SophosBootDriver (69fbe35a8165adbc313aa7f64b868ca1) C:\Windows\system32\DRIVERS\SophosBootDriver.sys
2011/07/23 00:03:14.0111 7544 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/07/23 00:03:14.0236 7544 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/07/23 00:03:14.0236 7544 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/07/23 00:03:14.0252 7544 sptd - detected LockedFile.Multi.Generic (1)
2011/07/23 00:03:14.0345 7544 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/07/23 00:03:14.0423 7544 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/23 00:03:14.0501 7544 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/07/23 00:03:14.0595 7544 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/07/23 00:03:14.0798 7544 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/07/23 00:03:14.0891 7544 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/23 00:03:15.0110 7544 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/23 00:03:15.0172 7544 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/07/23 00:03:15.0250 7544 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/07/23 00:03:15.0312 7544 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/23 00:03:15.0453 7544 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
2011/07/23 00:03:15.0593 7544 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/07/23 00:03:15.0765 7544 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/23 00:03:15.0827 7544 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/23 00:03:15.0890 7544 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/07/23 00:03:15.0936 7544 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/07/23 00:03:15.0999 7544 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/23 00:03:16.0077 7544 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/23 00:03:16.0170 7544 TPDIGIMN (8b359a7f4c715b84c76de3c5167797c5) C:\Windows\system32\DRIVERS\ApsHM64.sys
2011/07/23 00:03:16.0311 7544 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
2011/07/23 00:03:16.0373 7544 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
2011/07/23 00:03:16.0467 7544 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/23 00:03:16.0529 7544 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/23 00:03:16.0576 7544 TurboB (53ff5f00eab07e329abe48ae3de4f5d7) C:\Windows\system32\DRIVERS\TurboB.sys
2011/07/23 00:03:16.0732 7544 TVTI2C (4daae0413cd4e816258838e2fafb3147) C:\Windows\system32\DRIVERS\Tvti2c.sys
2011/07/23 00:03:16.0779 7544 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/23 00:03:16.0857 7544 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/23 00:03:16.0982 7544 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/23 00:03:17.0044 7544 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/23 00:03:17.0169 7544 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/23 00:03:17.0278 7544 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/07/23 00:03:17.0340 7544 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/07/23 00:03:17.0418 7544 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/23 00:03:17.0512 7544 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/23 00:03:17.0621 7544 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/23 00:03:17.0699 7544 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/23 00:03:17.0777 7544 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/23 00:03:17.0840 7544 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/23 00:03:17.0902 7544 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/23 00:03:17.0980 7544 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/23 00:03:18.0074 7544 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/23 00:03:18.0245 7544 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
2011/07/23 00:03:18.0292 7544 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/23 00:03:18.0370 7544 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/23 00:03:18.0432 7544 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/07/23 00:03:18.0495 7544 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/23 00:03:18.0557 7544 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/23 00:03:18.0698 7544 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/07/23 00:03:18.0760 7544 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/07/23 00:03:18.0807 7544 vmci (0ea38c344b827666d46825999447c903) C:\Windows\system32\drivers\vmci.sys
2011/07/23 00:03:18.0869 7544 vmkbd (6a8811edcdea8415f9d6aba8823780df) C:\Windows\system32\drivers\VMkbd.sys
2011/07/23 00:03:18.0932 7544 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2011/07/23 00:03:19.0010 7544 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2011/07/23 00:03:19.0088 7544 VMnetuserif (bcd99fe3fb5651a2686f6fddc3f7c2d9) C:\Windows\system32\drivers\vmnetuserif.sys
2011/07/23 00:03:19.0150 7544 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\System32\Drivers\vmusb.sys
2011/07/23 00:03:19.0290 7544 vmx86 (5472661ecd7e0e3be213e80449b51c8d) C:\Windows\system32\drivers\vmx86.sys
2011/07/23 00:03:19.0353 7544 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/23 00:03:19.0400 7544 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/07/23 00:03:19.0478 7544 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/23 00:03:19.0571 7544 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/23 00:03:19.0665 7544 vstor2-ws60 (b57cc2c482b5b1fe66dabaf12266960e) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
2011/07/23 00:03:19.0790 7544 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/23 00:03:19.0868 7544 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/23 00:03:19.0930 7544 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/23 00:03:20.0024 7544 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/23 00:03:20.0055 7544 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/23 00:03:20.0148 7544 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/07/23 00:03:20.0195 7544 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/23 00:03:20.0398 7544 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/23 00:03:20.0460 7544 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/07/23 00:03:20.0554 7544 winachsf (1edbbf412a382550af6eb35f5e46928e) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/07/23 00:03:20.0757 7544 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/07/23 00:03:20.0850 7544 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/23 00:03:20.0991 7544 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/23 00:03:21.0100 7544 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
2011/07/23 00:03:21.0272 7544 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
2011/07/23 00:03:21.0303 7544 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
2011/07/23 00:03:21.0350 7544 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
2011/07/23 00:03:21.0412 7544 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
2011/07/23 00:03:21.0521 7544 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/07/23 00:03:21.0599 7544 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/23 00:03:21.0677 7544 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
2011/07/23 00:03:21.0833 7544 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/23 00:03:21.0864 7544 Boot (0x1200) (bdde8efe0bd9ebbddafd8cf4f7443ef9) \Device\Harddisk0\DR0\Partition0
2011/07/23 00:03:21.0896 7544 Boot (0x1200) (3f9a3b8cc158bd9ee14ba77eb018b63c) \Device\Harddisk0\DR0\Partition1
2011/07/23 00:03:21.0896 7544 ================================================================================
2011/07/23 00:03:21.0896 7544 Scan finished
2011/07/23 00:03:21.0896 7544 ================================================================================
2011/07/23 00:03:21.0927 9864 Detected object count: 1
2011/07/23 00:03:21.0927 9864 Actual detected object count: 1
2011/07/23 00:03:53.0782 9864 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/23 00:13:44.0234 2376 Deinitialize success






SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/23/2011 at 02:21 AM

Application Version : 4.55.1000

Core Rules Database Version : 7450
Trace Rules Database Version: 5262

Scan type : Complete Scan
Total Scan Time : 01:51:59

Memory items scanned : 689
Memory threats detected : 0
Registry items scanned : 15245
Registry threats detected : 2
File items scanned : 44218
File threats detected : 426

Adware.Tracking Cookie
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@wpni.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@msnportal.112.2o7[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@media.xbox360.ign[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@macu.122.2o7[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.undertone[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@advertising[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@msnbc.112.2o7[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@jpmcedufin.112.2o7[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@a1.interclick[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@casalemedia[6].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@gotacha.rotator.hadj7.adjuggler[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@e-2dj6wjmiwpcpslo.stats.esomniture[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@sales.liveperson[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@adserver.adtechus[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@accounts.youtube[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@2o7[5].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@question-defense[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@bs.serving-sys[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@eyewonder[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@tribalfusion[5].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ru4[5].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@indoormedia.co[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@at.atwola[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@pointroll[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@microsoftsto.112.2o7[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@gotacha.rotator.hadj7.adjuggler[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ad.wsod[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.ookla[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@adserv.brandaffinity[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@atdmt[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@mediaplex[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@lfstmedia[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@fastclick[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@stats.townnews[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@collective-media[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@doubleclick[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.pointroll[5].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@insightexpressai[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@beacon.dmsinsights[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@liveperson[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@paypal.112.2o7[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@media6degrees[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@adlegend[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@stats.paypal[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@walmart.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@content.yieldmanager[7].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@pro-market[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@stat.onestat[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@yieldmanager[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@lucidmedia[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@dc.tremormedia[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@s.clickability[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@adbrite[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.shorttail[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@eas.apm.emediate[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@leeenterprises.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@atdmt[6].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@statse.webtrendslive[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@specificclick[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ad.adperium[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.react2media[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@realmedia[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@adinterax[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@imrworldwide[5].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@frostclick[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@zedo[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@legolas-media[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@beatthetraffic[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@serving-sys[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@www.beatthetraffic[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@tacoda.at.atwola[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ar.atwola[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@idgenterprise.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@mediabrandsww[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@statcounter[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@in.getclicky[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@interclick[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ad.yieldmanager[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@invitemedia[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@apmebf[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads-svx.adbrite[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@dmtracker[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@stats.townnews[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@r1-ads.ace.advertising[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.pubmatic[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@www.cmgclicknet[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@pmamedia.sitescout[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@questionmarket[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@myroitracking[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@healthgrades.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@liveperson[5].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@adxpose[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@e-2dj6wgk4wodpiep.stats.esomniture[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@surveymonkey.122.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.neudesicmediagroup[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@geconsumerfinance.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@mm.chitika[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@traveladvertising[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@kontera[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@adserv.rotator.hadj7.adjuggler[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@clicksor[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@overture[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.lzjl[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.ad4game[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@www.burstnet[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@trafficmp[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@microsoftwllivemkt.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.vimg[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@yadro[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@segment-pixel.invitemedia[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@dardenrestaurants.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@adserver.ignitad[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@revsci[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@eaeacom.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ihc.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@liveperson[6].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@inspiremediagrouponline[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@content.yieldmanager[5].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@rotator.adjuggler[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.jiwire[1].txt
.divx.112.2o7.net [ C:\Users\dward\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\dward\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
statse.webtrendslive.com [ C:\Users\dward\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\dward\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\dward\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\dward\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\dward\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\dward\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\dward\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.2o7.net [ C:\Users\dward\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ads2.msads.net [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
cdn.insights.gravity.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
cdn.media.abc.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
convoad.technoratimedia.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
core.insightexpressai.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
crackle.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
ia.media-imdb.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
macromedia.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
media.ign.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
media.mtvnservices.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
media.vmixcore.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
media.wfaa.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
media1.break.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
msnbcmedia.msn.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
objects.tremormedia.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
s0.2mdn.net [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
secure-us.imrworldwide.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
us.media.blizzard.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
wdw1.wdpromedia.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
wdw2.wdpromedia.com [ C:\Users\dward\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KZK6ZKCP ]
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@media.adfrontiers[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@adbrite[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@collective-media[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@media.adsvelocity[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@tribalfusion[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@microsoftinternetexplorer.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@tacoda.at.atwola[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@revsci[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@invitemedia[5].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@www.mediafire[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.creative-serving[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@questionmarket[5].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@revsci[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@tribalfusion[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@macu.122.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@advertising[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@smartadserver[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@gr.burstnet[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@sales.liveperson[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@burstbeacon[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@dc.tremormedia[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@burstnet[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@at.atwola[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@burstnet[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@pointroll[5].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@microsoftsto.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@pluckit.demandmedia[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@adserver.adtechus[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@qnsr[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ad.candystand[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@revsci[5].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@lucidmedia[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@collective-media[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@trafficmp[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@adbrite[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ru4[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@cmp.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@zedo[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@gotacha.rotator.hadj7.adjuggler[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@sales.liveperson[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@gmgmacmortgage.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@trafficmp[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@mediabrandsww[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ar.atwola[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@advertising[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@tribalfusion[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@mm.chitika[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@click.affinityperks[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@imrworldwide[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.intergi[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.pubmatic[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@statcounter[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@casalemedia[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@user.lucidmedia[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@specificclick[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@media.tripod.lycos[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.undertone[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@burstnet[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@pointroll[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@2o7[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@www.burstbeacon[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@www.qsstats[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@trvlnet.adbureau[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@specificmedia[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@media6degrees[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@xiti[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@traveladvertising[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@server.cpmstar[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@windowsmedia[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.bittorrent[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@lucidmedia[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ru4[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@kontera[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@www.burstnet[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@insightexpressai[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@invitemedia[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@pro-market[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@pointroll[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@interclick[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@2o7[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@googleadservices[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@collective-media[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@a1.interclick[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@microsoftmachinetranslation.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@burstbeacon[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ru4[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.pointroll[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@care2.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@www.googleadservices[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@lfstmedia[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ad.yieldmanager[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ad.wsod[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@adviva[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@www.burstnet[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@content.yieldmanager[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@www.burstbeacon[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.pubmatic[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@atdmt[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@imrworldwide[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@webtrendslive[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@doubleclick[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@atwola[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@liveperson[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@a1.interclick[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@statse.webtrendslive[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@apmebf[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@content.yieldmanager[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.jiwire[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@bannerconnect[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@citi.bridgetrack[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@fastclick[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@legolas-media[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@realmedia[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@invitemedia[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@questionmarket[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@mediabrandsww[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@content.yieldmanager[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ehg-reddoorinteractive.hitbox[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@liveperson[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@indieclick[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@lfstmedia[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@www.googleadservices[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ad.yieldmanager[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@viacom.adbureau[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@pmamedia.sitescout[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.pubmatic[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@advertising[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@macu.122.2o7[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@divx.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@statse.webtrendslive[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.contactmusic[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@overture[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@zedo[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ncp.imrworldwide[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@greatschools.122.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@questionmarket[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@jpmcedufin.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@googleads.g.doubleclick[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@2mdn[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@atdmt[5].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@adinterax[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ad.yieldmanager[5].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ad.wsod[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ad.yieldmanager[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@tacoda[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@intermundomedia[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@2o7[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@2o7[6].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@a1.interclick[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@adecn[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.addynamix[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.ookla[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.pointroll[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.pointroll[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.pointroll[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.techweb[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@ads.undertone[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@adserver.adtechus[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@adxpose[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@atdmt.combing[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@atdmt[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@atdmt[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@banner.pando[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@bannerconnect[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@bs.serving-sys[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@casalemedia[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@casalemedia[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@casalemedia[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@casalemedia[5].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@chitika[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@citi.bridgetrack[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@content.yieldmanager[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@dc.tremormedia[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@doubleclick[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@dmtracker[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@eyewonder[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@extrovert.122.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@fastclick[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@hitbox[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@imrworldwide[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@in.getclicky[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@insightexpressai[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@interclick[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@invitemedia[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@legolas-media[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@levelwing.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@media-geeks[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@media6degrees[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@media6degrees[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@mediafire[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@mediaplex[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@mediaplex[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@microsoftwlcashback.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@msnportal.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@msnbc.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@network.realmedia[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@optimize.indieclick[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@overture[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@paypal.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@paypal.112.2o7[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@pointroll[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@questionmarket[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@realmedia[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@revsci[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@rotator.adjuggler[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@serving-sys[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@specificclick[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@statcounter[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@statcounter[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@tacoda.at.atwola[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@toplist[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@traveladvertising[3].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@tribalfusion[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@turnwrenchcom.122.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@virginmedia[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@www.burstnet[4].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@www.hilton-find[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@www.qsstats[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@xiti[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@yieldmanager[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\dward@yieldmanager[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@collective-media[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@microsoftsto.112.2o7[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@tribalfusion[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@ads.bleepingcomputer[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@doubleclick[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@kontera[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@invitemedia[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@atdmt[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@ads.pointroll[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@ad.wsod[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@imrworldwide[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@apmebf[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@legolas-media[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@questionmarket[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@r1-ads.ace.advertising[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@advertising[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@fastclick[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@mediaplex[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@pointroll[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@ru4[1].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@serving-sys[2].txt
C:\Users\dward\AppData\Roaming\Microsoft\Windows\Cookies\Low\dward@yieldmanager[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@tacoda.at.atwola[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@ads.pointroll[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@ad.yieldmanager[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@walmart.112.2o7[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@pointroll[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@adxpose[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@collective-media[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@a1.interclick[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@adserver.adtechus[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@ads.mormonshare[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@at.atwola[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@snapfish.112.2o7[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@ru4[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@2o7[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@ad.wsod[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@bs.serving-sys[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@ads.meredithads[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@content.yieldmanager[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@content.yieldmanager[3].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@insightexpressai[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@ge.112.2o7[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@imrworldwide[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@interclick[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@invitemedia[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@jibjab.112.2o7[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@mediabrandsww[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@questionmarket[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@specificclick[2].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@revsci[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@roiservice[1].txt
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\Cookies\jdoe@serving-sys[2].txt

PUP.Whitesmoke
(x86) HKLM\SOFTWARE\whitesmoketoolbar
(x86) HKLM\SOFTWARE\whitesmoketoolbar#Installer Language

Trojan.Agent/Gen
C:\USERS\DWARD\APPDATA\LOCAL\TEMP\_MEI4456562\_HASHLIB.PYD

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:19 AM

Posted 23 July 2011 - 10:17 AM

Looks good. lets reinstall MBAM and do a normal mode scan.

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Gryphon410

Gryphon410
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 24 July 2011 - 01:09 PM

Alright, did what you said and here is the report. When I clicked on the mbam download link it was a redirect to majorgeeks. Was that accurate? Anyway, here it is -

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7264

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

7/24/2011 11:47:49 AM
mbam-log-2011-07-24 (11-47-49).txt

Scan type: Quick scan
Objects scanned: 249341
Time elapsed: 9 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:19 AM

Posted 24 July 2011 - 02:33 PM

It does that when one server is busy. Looks goood any issues left?.
You're welcome.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Gryphon410

Gryphon410
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 25 July 2011 - 07:25 AM

The main thing I'm noticing right now is that whenever I go to a website and click on "Properties" I'm not seeing a "Created/Modified" or, if I do, it says it's today's date. Also when checking out yahoo.com it seems that all of the links to mail, profile, etc. are a little off. Example - I go to www.yahoo.com and hover over "sign in". The link is

hxxp://www.yahoo.com/_ylt=AnzYkYFSWC4nq6FU_BLttZObvZx4/SIG=13u0osjpb/EXP=1311682628/**https%3A//login.yahoo.com/config/login%3F.src=fpctx%26.intl=us%26.done=http%253A%252F%252Fwww.yahoo.com%252F

If I go to the link, IE says the certificate can't be determined as valid. I click on "Show Content" and hover over the link to go back to the main Yahoo page and it's

hxxps://global.ard.yahoo.com/SIG=15roc0cv8/M=650008.13546636.14403860.13057442/D=reglsa/S=150002527:HEAD/Y=YAHOO/EXP=1311603564/L=Nj1ZWNG_XHKW7ToWTioqhQCWuDEQck4tX0sADswx/B=PKEYSUJe5lk-/J=1311596364092169/K=p3WGutfqeTXIA8fOxZnsNQ/A=5775037/R=1/SIG=10n95md4p/*https://www.yahoo.com

Now, I bet it's just me being paranoid but the stuff in those shortcuts just look way suspicious, like when I get a phishing e-mail with links.

Tell me I'm not crazy?

Also, last time I tried to do a Windows Update or Sophos Antivirus Update it was no bueno. Sophos can't seem to get it's downloads and Windows Updates always misses like half the ones it tries to download. So not sure what to do to get my computer up-to-date and protected.

Thanks,
Doug

Edited by Orange Blossom, 07 September 2011 - 03:05 PM.
Deactivated links. ~ OB


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:19 AM

Posted 25 July 2011 - 02:35 PM

Yeah I'm not all fuzzy warm with those either.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:19 AM

Posted 07 September 2011 - 03:07 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic417857.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users