Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer slowed, can't open programs, random popups


  • Please log in to reply
14 replies to this topic

#1 Renolidor

Renolidor

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 14 December 2011 - 06:36 PM

About four days ago, "Windows Antivirus 2011" randomly appeared on my computer while I was working, and began running a scan. I knew it was fake, so I ran Malwarebytes, which recognized it and removed it. Ever since then, there's been three major problems:

1) My computer has slowed down noticeably.

2) I can no longer open programs normally (by just double clicking on them). Either nothing happens, or I get an error message that says "Application not found." If I right click and "Run as administrator," though, the programs open fine (although slowly).

3) While on the web, using Firefox, sometimes new Firefox sessions will randomly popup, at least five new windows at a time that I have to quickly close to prevent more from popping up (I've tried just letting them keep popping up, and it seems to go on indefinitely). These new sessions always have the same three tabs, with complete nonsense URLs such as:

"http://www.xn--i-4fa.xn--1cam/%C2%A8%C3%B7_%C2%AF%C3%95%C2%BA%C3%81#%16?uV%C2%A7%C3%BC%C3%8B%C3%B7%06%C5%BD%0F%06N%C3%A6%1A%16H%0B+%14%E2%80%9A%1D%C3%B4%29G%C3%A2[%E2%80%BA%C3%BC%C3%93:oi%C3%86%C2%AC%E2%82%AC"

In addition to these problems, today (the fourth day since that first fake antivirus appeared) upon startup my computer had to run some self repairing mechanism in order to get to my desktop, which took about 15 minutes.

The same fake antivirus has actually come up another time since that first time four days ago, and similarly I've used Malwarebytes to get rid of it. I have tried running full scans in Safe Mode using both Malwarebytes and Avira Antivirus. They occasionally catch one of two items, but all the above problems still persist.

I'm speculating that there's some remnants of the infection which led to the fake antivirus still in my computer, and Malwarebytes is for some reason unable to detect them. I am no expert on such matters though, so any help anyone can give me would be greatly appreciated.

Thank you!

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:25 PM

Posted 16 December 2011 - 10:28 PM

Hello and welcome. Let's also do this.


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.




Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode


Run RKill....


Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now reboot to Normal and run MBAM (MalwareBytes):
Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Renolidor

Renolidor
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 17 December 2011 - 02:53 AM

Thank you so much for your help. I've run all the steps, and the computer seems to be back to normal, yet Malwarebytes still found something in that final step. Here is the Malwarebytes log, and the next two replies will be the SUPERAntiSpyware log and the TDSSKiller log.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8384

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/17/2011 2:50:37 AM
mbam-log-2011-12-17 (02-50-37).txt

Scan type: Quick scan
Objects scanned: 184940
Time elapsed: 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\ae57e.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Here is the SUPERAntiSpyware log.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/17/2011 at 02:40 AM

Application Version : 5.0.1142

Core Rules Database Version : 8064
Trace Rules Database Version: 5876

Scan type : Complete Scan
Total Scan Time : 00:47:25

Operating System Information
Windows 7 Ultimate 64-bit (Build 6.01.7600)
UAC Off - Administrator

Memory items scanned : 385
Memory threats detected : 0
Registry items scanned : 69891
Registry threats detected : 0
File items scanned : 178522
File threats detected : 319

Adware.Tracking Cookie
C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Cookies\wilson@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Cookies\wilson@advertising[1].txt [ /advertising ]
C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Cookies\wilson@ar.atwola[1].txt [ /ar.atwola ]
C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Cookies\wilson@at.atwola[2].txt [ /at.atwola ]
C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Cookies\wilson@atdmt[2].txt [ /atdmt ]
C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Cookies\wilson@atwola[2].txt [ /atwola ]
C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Cookies\wilson@doubleclick[1].txt [ /doubleclick ]
C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Cookies\wilson@questionmarket[2].txt [ /questionmarket ]
C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Cookies\wilson@r1-ads.ace.advertising[1].txt [ /r1-ads.ace.advertising ]
C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Cookies\wilson@tacoda.at.atwola[1].txt [ /tacoda.at.atwola ]
C:\Users\Wilson\AppData\Roaming\Microsoft\Windows\Cookies\wilson@yieldmanager[1].txt [ /yieldmanager ]
C:\USERS\WILSON\AppData\Roaming\Microsoft\Windows\Cookies\wilson@adsonar[1].txt [ Cookie:wilson@adsonar.com/adserving ]
C:\USERS\WILSON\Cookies\wilson@atwola[2].txt [ Cookie:wilson@atwola.com/ ]
C:\USERS\WILSON\Cookies\wilson@tacoda.at.atwola[1].txt [ Cookie:wilson@tacoda.at.atwola.com/ ]
C:\USERS\WILSON\Cookies\wilson@yieldmanager[1].txt [ Cookie:wilson@yieldmanager.net/ ]
C:\USERS\WILSON\Cookies\wilson@r1-ads.ace.advertising[1].txt [ Cookie:wilson@r1-ads.ace.advertising.com/ ]
C:\USERS\WILSON\Cookies\wilson@atdmt[2].txt [ Cookie:wilson@atdmt.com/ ]
C:\USERS\WILSON\Cookies\wilson@adsonar[1].txt [ Cookie:wilson@adsonar.com/adserving ]
C:\USERS\WILSON\Cookies\wilson@at.atwola[2].txt [ Cookie:wilson@at.atwola.com/ ]
C:\USERS\WILSON\Cookies\wilson@doubleclick[1].txt [ Cookie:wilson@doubleclick.net/ ]
cdn2.themis-media.com [ C:\USERS\WILSON\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGPRFSY6 ]
ia.media-imdb.com [ C:\USERS\WILSON\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGPRFSY6 ]
s0.2mdn.net [ C:\USERS\WILSON\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\CGPRFSY6 ]
.amazon-adsystem.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.akamai.interclickproxy.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
track.prd1.netshelter.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.kontera.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.r1-ads.ace.advertising.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.themis-media.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.purebluemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.adxpose.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
network.realmedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.zedo.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
wstat.wibiya.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
counters.gigya.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.t.pointroll.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.www.burstnet.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
twointheshirt.directtrack.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.247realmedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.ru4.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
mediaservices-d.openxenterprise.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.questionmarket.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.realmedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.burstnet.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
www.burstnet.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.technoratimedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.advertising.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.a1.interclick.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.interclick.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.indieclick.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
optimize.indieclick.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.pointroll.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.ads.pointroll.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.content.yieldmanager.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.adserver.adtechus.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
.adtechus.com [ C:\USERS\WILSON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NBPQK2Q2.DEFAULT\COOKIES.SQLITE ]
ad.insightexpressai.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG4QFG6P ]
cdn.complexmedianetwork.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG4QFG6P ]
cdn.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG4QFG6P ]
cdn5.tribalfusion.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG4QFG6P ]
convoad.technoratimedia.net [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG4QFG6P ]
media.scanscout.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG4QFG6P ]
media1.break.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG4QFG6P ]
objects.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG4QFG6P ]
secure-us.imrworldwide.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG4QFG6P ]
service.twistage.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG4QFG6P ]
stat.easydate.biz [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG4QFG6P ]
tag.2bluemedia.hiro.tv [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG4QFG6P ]
webservices.evolvemediacorp.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG4QFG6P ]
www.baronsmedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG4QFG6P ]
www.goodcholesterolcount.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BG4QFG6P ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@247REALMEDIA[2].TXT [ /247REALMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@A1.INTERCLICK[2].TXT [ /A1.INTERCLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@AD.YIELDMANAGER[2].TXT [ /AD.YIELDMANAGER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@AD2.ADFARM1.ADITION[2].TXT [ /AD2.ADFARM1.ADITION ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADBRITE[1].TXT [ /ADBRITE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADCENTRICONLINE[2].TXT [ /ADCENTRICONLINE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADFARM1.ADITION[1].TXT [ /ADFARM1.ADITION ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADFARM1.ADITION[2].TXT [ /ADFARM1.ADITION ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADS.ADK2[1].TXT [ /ADS.ADK2 ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADS.ADVANCEDMN[2].TXT [ /ADS.ADVANCEDMN ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADS.BIGHEALTHTREE[2].TXT [ /ADS.BIGHEALTHTREE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADS.FOOTAR[2].TXT [ /ADS.FOOTAR ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADS.GAMERSMEDIA[1].TXT [ /ADS.GAMERSMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADS.LYCOS[1].TXT [ /ADS.LYCOS ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADS.LZJL[2].TXT [ /ADS.LZJL ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADS.POINTROLL[2].TXT [ /ADS.POINTROLL ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADS.PUBMATIC[1].TXT [ /ADS.PUBMATIC ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADSERVER.ADTECHUS[1].TXT [ /ADSERVER.ADTECHUS ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADSERVER.VALWA[1].TXT [ /ADSERVER.VALWA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADSERVING.EZANGA[2].TXT [ /ADSERVING.EZANGA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADTECH[1].TXT [ /ADTECH ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADVERTISE[2].TXT [ /ADVERTISE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADVERTISING[2].TXT [ /ADVERTISING ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ADXPOSE[1].TXT [ /ADXPOSE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@AFFTRACKER[2].TXT [ /AFFTRACKER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@AIMFAR.SOLUTION.WEBORAMA[2].TXT [ /AIMFAR.SOLUTION.WEBORAMA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@AKAMAI.INTERCLICKPROXY[2].TXT [ /AKAMAI.INTERCLICKPROXY ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@AMAZON-ADSYSTEM[1].TXT [ /AMAZON-ADSYSTEM ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@APMEBF[1].TXT [ /APMEBF ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@AR.ATWOLA[1].TXT [ /AR.ATWOLA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@AT.ATWOLA[2].TXT [ /AT.ATWOLA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ATDMT[2].TXT [ /ATDMT ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ATWOLA[1].TXT [ /ATWOLA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@AZJMP[2].TXT [ /AZJMP ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@BIZZCLICK[1].TXT [ /BIZZCLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@BRANDSPOTMEDIA[2].TXT [ /BRANDSPOTMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@BS.SERVING-SYS[2].TXT [ /BS.SERVING-SYS ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@BURSTNET[1].TXT [ /BURSTNET ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@CASALEMEDIA[1].TXT [ /CASALEMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@CASALEMEDIA[2].TXT [ /CASALEMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@CDN.JEMAMEDIA[2].TXT [ /CDN.JEMAMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@CLICK.SEARCHNATION[1].TXT [ /CLICK.SEARCHNATION ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@CLICKS.FREESEARCHBUDDY[1].TXT [ /CLICKS.FREESEARCHBUDDY ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@CLICKS.GELTMEDIA[1].TXT [ /CLICKS.GELTMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@CLICKSOR[1].TXT [ /CLICKSOR ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@COLLECTIVE-MEDIA[1].TXT [ /COLLECTIVE-MEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@DC.TREMORMEDIA[2].TXT [ /DC.TREMORMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@EYEVIEWADS[2].TXT [ /EYEVIEWADS ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@FASTCLICK[1].TXT [ /FASTCLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@FASTCLICK[2].TXT [ /FASTCLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@FIDELITY.ROTATOR.HADJ7.ADJUGGLER[1].TXT [ /FIDELITY.ROTATOR.HADJ7.ADJUGGLER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@FILTER.PLUSFIND[2].TXT [ /FILTER.PLUSFIND ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@FINDEDCLIK[2].TXT [ /FINDEDCLIK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@GELTMEDIA[1].TXT [ /GELTMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@GGPUBLISHING.ROTATOR.HADJ7.ADJUGGLER[1].TXT [ /GGPUBLISHING.ROTATOR.HADJ7.ADJUGGLER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@GOCLICKER[2].TXT [ /GOCLICKER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@GOODCHOLESTEROLCOUNT[1].TXT [ /GOODCHOLESTEROLCOUNT ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@HARRENMEDIANETWORK[1].TXT [ /HARRENMEDIANETWORK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@INSIGHTEXPRESSAI[1].TXT [ /INSIGHTEXPRESSAI ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@INTERCLICK[2].TXT [ /INTERCLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@INVITEMEDIA[1].TXT [ /INVITEMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@LEGOLAS-MEDIA[2].TXT [ /LEGOLAS-MEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@LIVEPERSON[1].TXT [ /LIVEPERSON ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@LIVEPERSON[3].TXT [ /LIVEPERSON ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@LUCIDMEDIA[2].TXT [ /LUCIDMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@MALAKMEDIA[1].TXT [ /MALAKMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@MEDIA.ADFRONTIERS[1].TXT [ /MEDIA.ADFRONTIERS ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@MEDIA6DEGREES[2].TXT [ /MEDIA6DEGREES ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@MEDIAPLEX[2].TXT [ /MEDIAPLEX ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@MICKLEMEDIA[2].TXT [ /MICKLEMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@MIFIND[1].TXT [ /MIFIND ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@MM.CHITIKA[2].TXT [ /MM.CHITIKA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@MYACCOUNT.NYTIMES[1].TXT [ /MYACCOUNT.NYTIMES ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@MYROITRACKING[1].TXT [ /MYROITRACKING ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@NETWORK.REALMEDIA[1].TXT [ /NETWORK.REALMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@PFA.ROTATOR.HADJ7.ADJUGGLER[2].TXT [ /PFA.ROTATOR.HADJ7.ADJUGGLER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@POINTROLL[1].TXT [ /POINTROLL ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@PRO-MARKET[2].TXT [ /PRO-MARKET ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@PUBLISHERS.CLICKBOOTH[2].TXT [ /PUBLISHERS.CLICKBOOTH ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@QUESTIONMARKET[2].TXT [ /QUESTIONMARKET ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@R1-ADS.ACE.ADVERTISING[2].TXT [ /R1-ADS.ACE.ADVERTISING ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@REALMEDIA[1].TXT [ /REALMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@REVSCI[2].TXT [ /REVSCI ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@RU4[2].TXT [ /RU4 ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@SERVER.IAD.LIVEPERSON[1].TXT [ /SERVER.IAD.LIVEPERSON ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@SERVING-SYS[2].TXT [ /SERVING-SYS ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@SMARTADSERVER[1].TXT [ /SMARTADSERVER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@SPECIFICCLICK[2].TXT [ /SPECIFICCLICK ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@STAT.ONESTAT[1].TXT [ /STAT.ONESTAT ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@STATCOUNTER[1].TXT [ /STATCOUNTER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@STATS.ILIVID[1].TXT [ /STATS.ILIVID ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@STATSE.WEBTRENDSLIVE[2].TXT [ /STATSE.WEBTRENDSLIVE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@SYSUFIND[2].TXT [ /SYSUFIND ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@TACODA.AT.ATWOLA[1].TXT [ /TACODA.AT.ATWOLA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@TECHNORATIMEDIA[2].TXT [ /TECHNORATIMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@TRADEDOUBLER[2].TXT [ /TRADEDOUBLER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@TRAFFICMP[1].TXT [ /TRAFFICMP ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@TRIBALFUSION[1].TXT [ /TRIBALFUSION ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@UNRULYMEDIA[1].TXT [ /UNRULYMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@WEBORAMA[1].TXT [ /WEBORAMA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@WWW.BURSTNET[2].TXT [ /WWW.BURSTNET ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@XML.PROSTREAMMEDIA[1].TXT [ /XML.PROSTREAMMEDIA ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@YIELDMANAGER[1].TXT [ /YIELDMANAGER ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@ZEDO[2].TXT [ /ZEDO ]

PotentiallyUnwanted.CNETInstaller
C:\USERS\WILSON\APPDATA\LOCAL\TEMP\ICREINSTALL\CNET2_FREE-WMA-MP3-CONVERTER_EXE.EXE
C:\USERS\WILSON\APPDATA\LOCAL\TEMP\ICREINSTALL\CNET2_FREEWAVTOMP3CONVERTERSETUP_EXE.EXE
C:\USERS\WILSON\DOWNLOADS\CNET2_FREE-WMA-MP3-CONVERTER_EXE.EXE
C:\USERS\WILSON\DOWNLOADS\CNET2_FREEWAVTOMP3CONVERTERSETUP_EXE.EXE

Trojan.Agent/Gen-Faldesc
C:\WINDOWS\TEMP\FGBDFX\SETUP.EXE
C:\Windows\Prefetch\SETUP.EXE-C57A1DC2.pf

Here is the TDSSKIller log.

00:58:17.0158 1936 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
00:58:17.0408 1936 ============================================================
00:58:17.0408 1936 Current date / time: 2011/12/17 00:58:17.0408
00:58:17.0408 1936 SystemInfo:
00:58:17.0408 1936
00:58:17.0408 1936 OS Version: 6.1.7600 ServicePack: 0.0
00:58:17.0409 1936 Product type: Workstation
00:58:17.0409 1936 ComputerName: WILSON-PC
00:58:17.0409 1936 UserName: Wilson
00:58:17.0409 1936 Windows directory: C:\Windows
00:58:17.0409 1936 System windows directory: C:\Windows
00:58:17.0409 1936 Running under WOW64
00:58:17.0409 1936 Processor architecture: Intel x64
00:58:17.0409 1936 Number of processors: 4
00:58:17.0409 1936 Page size: 0x1000
00:58:17.0409 1936 Boot type: Normal boot
00:58:17.0409 1936 ============================================================
00:58:18.0165 1936 Initialize success
00:58:37.0539 3400 ============================================================
00:58:37.0539 3400 Scan started
00:58:37.0539 3400 Mode: Manual;
00:58:37.0539 3400 ============================================================
00:58:37.0852 3400 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
00:58:37.0857 3400 1394ohci - ok
00:58:37.0885 3400 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
00:58:37.0891 3400 ACPI - ok
00:58:37.0907 3400 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
00:58:37.0909 3400 AcpiPmi - ok
00:58:37.0939 3400 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:58:37.0946 3400 adp94xx - ok
00:58:37.0966 3400 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:58:37.0972 3400 adpahci - ok
00:58:37.0993 3400 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:58:37.0996 3400 adpu320 - ok
00:58:38.0029 3400 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
00:58:38.0037 3400 AFD - ok
00:58:38.0052 3400 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
00:58:38.0054 3400 agp440 - ok
00:58:38.0070 3400 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
00:58:38.0071 3400 aliide - ok
00:58:38.0099 3400 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
00:58:38.0100 3400 amdide - ok
00:58:38.0114 3400 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:58:38.0116 3400 AmdK8 - ok
00:58:38.0130 3400 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:58:38.0131 3400 AmdPPM - ok
00:58:38.0144 3400 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
00:58:38.0147 3400 amdsata - ok
00:58:38.0195 3400 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:58:38.0199 3400 amdsbs - ok
00:58:38.0221 3400 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
00:58:38.0222 3400 amdxata - ok
00:58:38.0243 3400 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
00:58:38.0245 3400 AppID - ok
00:58:38.0281 3400 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:58:38.0283 3400 arc - ok
00:58:38.0300 3400 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:58:38.0302 3400 arcsas - ok
00:58:38.0325 3400 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:58:38.0326 3400 AsyncMac - ok
00:58:38.0344 3400 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
00:58:38.0344 3400 atapi - ok
00:58:38.0415 3400 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:58:38.0425 3400 b06bdrv - ok
00:58:38.0449 3400 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:58:38.0456 3400 b57nd60a - ok
00:58:38.0507 3400 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:58:38.0508 3400 Beep - ok
00:58:38.0525 3400 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:58:38.0526 3400 blbdrive - ok
00:58:38.0544 3400 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
00:58:38.0546 3400 bowser - ok
00:58:38.0560 3400 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:58:38.0561 3400 BrFiltLo - ok
00:58:38.0579 3400 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:58:38.0580 3400 BrFiltUp - ok
00:58:38.0607 3400 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:58:38.0611 3400 Brserid - ok
00:58:38.0630 3400 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:58:38.0631 3400 BrSerWdm - ok
00:58:38.0645 3400 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:58:38.0647 3400 BrUsbMdm - ok
00:58:38.0654 3400 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:58:38.0656 3400 BrUsbSer - ok
00:58:38.0676 3400 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:58:38.0678 3400 BTHMODEM - ok
00:58:38.0699 3400 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:58:38.0701 3400 cdfs - ok
00:58:38.0730 3400 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
00:58:38.0733 3400 cdrom - ok
00:58:38.0756 3400 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:58:38.0758 3400 circlass - ok
00:58:38.0780 3400 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:58:38.0786 3400 CLFS - ok
00:58:38.0808 3400 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:58:38.0809 3400 CmBatt - ok
00:58:38.0823 3400 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
00:58:38.0824 3400 cmdide - ok
00:58:38.0842 3400 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
00:58:38.0847 3400 CNG - ok
00:58:38.0853 3400 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:58:38.0854 3400 Compbatt - ok
00:58:38.0884 3400 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:58:38.0885 3400 CompositeBus - ok
00:58:38.0894 3400 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:58:38.0895 3400 crcdisk - ok
00:58:38.0931 3400 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
00:58:38.0937 3400 CSC - ok
00:58:38.0973 3400 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
00:58:38.0974 3400 DfsC - ok
00:58:38.0991 3400 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:58:38.0992 3400 discache - ok
00:58:39.0004 3400 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:58:39.0005 3400 Disk - ok
00:58:39.0030 3400 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:58:39.0031 3400 drmkaud - ok
00:58:39.0056 3400 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
00:58:39.0066 3400 DXGKrnl - ok
00:58:39.0120 3400 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:58:39.0150 3400 ebdrv - ok
00:58:39.0170 3400 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:58:39.0175 3400 elxstor - ok
00:58:39.0185 3400 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
00:58:39.0186 3400 ErrDev - ok
00:58:39.0208 3400 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:58:39.0210 3400 exfat - ok
00:58:39.0225 3400 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:58:39.0227 3400 fastfat - ok
00:58:39.0248 3400 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:58:39.0249 3400 fdc - ok
00:58:39.0267 3400 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:58:39.0268 3400 FileInfo - ok
00:58:39.0284 3400 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:58:39.0285 3400 Filetrace - ok
00:58:39.0297 3400 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:58:39.0298 3400 flpydisk - ok
00:58:39.0317 3400 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
00:58:39.0320 3400 FltMgr - ok
00:58:39.0343 3400 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:58:39.0344 3400 FsDepends - ok
00:58:39.0350 3400 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
00:58:39.0352 3400 Fs_Rec - ok
00:58:39.0367 3400 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
00:58:39.0370 3400 fvevol - ok
00:58:39.0386 3400 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:58:39.0387 3400 gagp30kx - ok
00:58:39.0406 3400 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:58:39.0407 3400 hcw85cir - ok
00:58:39.0440 3400 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
00:58:39.0445 3400 HdAudAddService - ok
00:58:39.0469 3400 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:58:39.0473 3400 HDAudBus - ok
00:58:39.0490 3400 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:58:39.0492 3400 HidBatt - ok
00:58:39.0508 3400 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:58:39.0510 3400 HidBth - ok
00:58:39.0527 3400 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:58:39.0529 3400 HidIr - ok
00:58:39.0549 3400 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
00:58:39.0550 3400 HidUsb - ok
00:58:39.0573 3400 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
00:58:39.0575 3400 HpSAMD - ok
00:58:39.0616 3400 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
00:58:39.0627 3400 HTTP - ok
00:58:39.0648 3400 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
00:58:39.0650 3400 hwpolicy - ok
00:58:39.0670 3400 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:58:39.0672 3400 i8042prt - ok
00:58:39.0685 3400 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
00:58:39.0691 3400 iaStorV - ok
00:58:39.0710 3400 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:58:39.0711 3400 iirsp - ok
00:58:39.0743 3400 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
00:58:39.0744 3400 intelide - ok
00:58:39.0764 3400 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:58:39.0765 3400 intelppm - ok
00:58:39.0788 3400 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:58:39.0790 3400 IpFilterDriver - ok
00:58:39.0798 3400 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:58:39.0800 3400 IPMIDRV - ok
00:58:39.0814 3400 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:58:39.0817 3400 IPNAT - ok
00:58:39.0830 3400 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:58:39.0831 3400 IRENUM - ok
00:58:39.0839 3400 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
00:58:39.0841 3400 isapnp - ok
00:58:39.0860 3400 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
00:58:39.0864 3400 iScsiPrt - ok
00:58:39.0892 3400 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
00:58:39.0893 3400 kbdclass - ok
00:58:39.0915 3400 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
00:58:39.0916 3400 kbdhid - ok
00:58:39.0934 3400 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
00:58:39.0936 3400 KSecDD - ok
00:58:39.0952 3400 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
00:58:39.0955 3400 KSecPkg - ok
00:58:39.0967 3400 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:58:39.0968 3400 ksthunk - ok
00:58:40.0008 3400 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:58:40.0009 3400 lltdio - ok
00:58:40.0041 3400 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:58:40.0043 3400 LSI_FC - ok
00:58:40.0058 3400 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:58:40.0059 3400 LSI_SAS - ok
00:58:40.0071 3400 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:58:40.0072 3400 LSI_SAS2 - ok
00:58:40.0087 3400 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:58:40.0088 3400 LSI_SCSI - ok
00:58:40.0118 3400 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:58:40.0120 3400 luafv - ok
00:58:40.0137 3400 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:58:40.0138 3400 megasas - ok
00:58:40.0153 3400 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:58:40.0156 3400 MegaSR - ok
00:58:40.0184 3400 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:58:40.0185 3400 Modem - ok
00:58:40.0206 3400 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:58:40.0207 3400 monitor - ok
00:58:40.0229 3400 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:58:40.0231 3400 mouclass - ok
00:58:40.0249 3400 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:58:40.0251 3400 mouhid - ok
00:58:40.0267 3400 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
00:58:40.0269 3400 mountmgr - ok
00:58:40.0286 3400 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
00:58:40.0289 3400 mpio - ok
00:58:40.0309 3400 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:58:40.0310 3400 mpsdrv - ok
00:58:40.0322 3400 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
00:58:40.0324 3400 MRxDAV - ok
00:58:40.0343 3400 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:58:40.0345 3400 mrxsmb - ok
00:58:40.0360 3400 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:58:40.0364 3400 mrxsmb10 - ok
00:58:40.0375 3400 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:58:40.0377 3400 mrxsmb20 - ok
00:58:40.0391 3400 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
00:58:40.0392 3400 msahci - ok
00:58:40.0410 3400 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
00:58:40.0412 3400 msdsm - ok
00:58:40.0433 3400 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:58:40.0434 3400 Msfs - ok
00:58:40.0450 3400 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:58:40.0452 3400 mshidkmdf - ok
00:58:40.0459 3400 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
00:58:40.0460 3400 msisadrv - ok
00:58:40.0487 3400 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:58:40.0488 3400 MSKSSRV - ok
00:58:40.0504 3400 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:58:40.0505 3400 MSPCLOCK - ok
00:58:40.0521 3400 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:58:40.0522 3400 MSPQM - ok
00:58:40.0542 3400 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
00:58:40.0547 3400 MsRPC - ok
00:58:40.0573 3400 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
00:58:40.0574 3400 mssmbios - ok
00:58:40.0581 3400 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:58:40.0582 3400 MSTEE - ok
00:58:40.0597 3400 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:58:40.0598 3400 MTConfig - ok
00:58:40.0627 3400 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:58:40.0628 3400 Mup - ok
00:58:40.0654 3400 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:58:40.0659 3400 NativeWifiP - ok
00:58:40.0703 3400 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
00:58:40.0714 3400 NDIS - ok
00:58:40.0721 3400 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:58:40.0722 3400 NdisCap - ok
00:58:40.0751 3400 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:58:40.0752 3400 NdisTapi - ok
00:58:40.0765 3400 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
00:58:40.0767 3400 Ndisuio - ok
00:58:40.0786 3400 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:58:40.0788 3400 NdisWan - ok
00:58:40.0808 3400 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
00:58:40.0809 3400 NDProxy - ok
00:58:40.0823 3400 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:58:40.0824 3400 NetBIOS - ok
00:58:40.0843 3400 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
00:58:40.0846 3400 NetBT - ok
00:58:40.0880 3400 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:58:40.0881 3400 nfrd960 - ok
00:58:40.0902 3400 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:58:40.0903 3400 Npfs - ok
00:58:40.0919 3400 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:58:40.0920 3400 nsiproxy - ok
00:58:40.0966 3400 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
00:58:41.0001 3400 Ntfs - ok
00:58:41.0013 3400 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:58:41.0014 3400 Null - ok
00:58:41.0225 3400 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:58:41.0414 3400 nvlddmkm - ok
00:58:41.0443 3400 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
00:58:41.0445 3400 nvraid - ok
00:58:41.0481 3400 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
00:58:41.0485 3400 nvstor - ok
00:58:41.0523 3400 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
00:58:41.0526 3400 nv_agp - ok
00:58:41.0562 3400 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
00:58:41.0563 3400 ohci1394 - ok
00:58:41.0612 3400 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:58:41.0614 3400 Parport - ok
00:58:41.0628 3400 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
00:58:41.0630 3400 partmgr - ok
00:58:41.0648 3400 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
00:58:41.0651 3400 pci - ok
00:58:41.0665 3400 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
00:58:41.0666 3400 pciide - ok
00:58:41.0675 3400 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:58:41.0678 3400 pcmcia - ok
00:58:41.0693 3400 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:58:41.0694 3400 pcw - ok
00:58:41.0708 3400 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:58:41.0715 3400 PEAUTH - ok
00:58:41.0766 3400 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
00:58:41.0767 3400 PptpMiniport - ok
00:58:41.0784 3400 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:58:41.0786 3400 Processor - ok
00:58:41.0804 3400 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
00:58:41.0805 3400 Psched - ok
00:58:41.0836 3400 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:58:41.0850 3400 ql2300 - ok
00:58:41.0867 3400 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:58:41.0869 3400 ql40xx - ok
00:58:41.0883 3400 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:58:41.0884 3400 QWAVEdrv - ok
00:58:41.0893 3400 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:58:41.0894 3400 RasAcd - ok
00:58:41.0904 3400 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:58:41.0905 3400 RasAgileVpn - ok
00:58:41.0915 3400 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:58:41.0917 3400 Rasl2tp - ok
00:58:41.0933 3400 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:58:41.0935 3400 RasPppoe - ok
00:58:41.0953 3400 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:58:41.0954 3400 RasSstp - ok
00:58:41.0973 3400 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
00:58:41.0976 3400 rdbss - ok
00:58:41.0991 3400 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:58:41.0992 3400 rdpbus - ok
00:58:42.0009 3400 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:58:42.0010 3400 RDPCDD - ok
00:58:42.0026 3400 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
00:58:42.0029 3400 RDPDR - ok
00:58:42.0036 3400 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:58:42.0037 3400 RDPENCDD - ok
00:58:42.0047 3400 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:58:42.0047 3400 RDPREFMP - ok
00:58:42.0057 3400 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
00:58:42.0060 3400 RDPWD - ok
00:58:42.0076 3400 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
00:58:42.0078 3400 rdyboost - ok
00:58:42.0111 3400 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:58:42.0112 3400 rspndr - ok
00:58:42.0156 3400 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
00:58:42.0161 3400 RTL8167 - ok
00:58:42.0182 3400 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
00:58:42.0184 3400 s3cap - ok
00:58:42.0212 3400 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
00:58:42.0214 3400 sbp2port - ok
00:58:42.0285 3400 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\Windows\system32\drivers\SCDEmu.sys
00:58:42.0288 3400 SCDEmu - ok
00:58:42.0308 3400 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
00:58:42.0310 3400 scfilter - ok
00:58:42.0339 3400 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:58:42.0340 3400 secdrv - ok
00:58:42.0367 3400 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:58:42.0368 3400 Serenum - ok
00:58:42.0376 3400 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:58:42.0378 3400 Serial - ok
00:58:42.0391 3400 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:58:42.0393 3400 sermouse - ok
00:58:42.0416 3400 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
00:58:42.0427 3400 sffdisk - ok
00:58:42.0433 3400 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:58:42.0434 3400 sffp_mmc - ok
00:58:42.0448 3400 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:58:42.0449 3400 sffp_sd - ok
00:58:42.0461 3400 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:58:42.0462 3400 sfloppy - ok
00:58:42.0494 3400 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:58:42.0495 3400 SiSRaid2 - ok
00:58:42.0514 3400 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:58:42.0515 3400 SiSRaid4 - ok
00:58:42.0527 3400 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:58:42.0529 3400 Smb - ok
00:58:42.0551 3400 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:58:42.0552 3400 spldr - ok
00:58:42.0576 3400 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
00:58:42.0581 3400 srv - ok
00:58:42.0599 3400 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
00:58:42.0603 3400 srv2 - ok
00:58:42.0615 3400 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
00:58:42.0617 3400 srvnet - ok
00:58:42.0654 3400 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:58:42.0655 3400 stexstor - ok
00:58:42.0676 3400 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
00:58:42.0677 3400 storflt - ok
00:58:42.0695 3400 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
00:58:42.0696 3400 storvsc - ok
00:58:42.0713 3400 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
00:58:42.0713 3400 swenum - ok
00:58:42.0763 3400 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
00:58:42.0797 3400 Tcpip - ok
00:58:42.0823 3400 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
00:58:42.0833 3400 TCPIP6 - ok
00:58:42.0849 3400 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
00:58:42.0850 3400 tcpipreg - ok
00:58:42.0869 3400 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:58:42.0870 3400 TDPIPE - ok
00:58:42.0884 3400 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
00:58:42.0885 3400 TDTCP - ok
00:58:42.0900 3400 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
00:58:42.0901 3400 tdx - ok
00:58:42.0920 3400 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
00:58:42.0921 3400 TermDD - ok
00:58:42.0950 3400 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:58:42.0951 3400 tssecsrv - ok
00:58:42.0958 3400 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
00:58:42.0960 3400 tunnel - ok
00:58:42.0978 3400 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:58:42.0979 3400 uagp35 - ok
00:58:42.0989 3400 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
00:58:42.0993 3400 udfs - ok
00:58:43.0013 3400 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
00:58:43.0014 3400 uliagpkx - ok
00:58:43.0032 3400 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
00:58:43.0033 3400 umbus - ok
00:58:43.0047 3400 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:58:43.0048 3400 UmPass - ok
00:58:43.0060 3400 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
00:58:43.0062 3400 usbccgp - ok
00:58:43.0069 3400 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
00:58:43.0071 3400 usbcir - ok
00:58:43.0082 3400 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
00:58:43.0083 3400 usbehci - ok
00:58:43.0093 3400 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
00:58:43.0097 3400 usbhub - ok
00:58:43.0113 3400 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
00:58:43.0114 3400 usbohci - ok
00:58:43.0127 3400 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:58:43.0128 3400 usbprint - ok
00:58:43.0152 3400 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:58:43.0153 3400 USBSTOR - ok
00:58:43.0178 3400 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
00:58:43.0179 3400 usbuhci - ok
00:58:43.0209 3400 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
00:58:43.0210 3400 vdrvroot - ok
00:58:43.0235 3400 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:58:43.0236 3400 vga - ok
00:58:43.0247 3400 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:58:43.0247 3400 VgaSave - ok
00:58:43.0256 3400 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
00:58:43.0259 3400 vhdmp - ok
00:58:43.0273 3400 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
00:58:43.0274 3400 viaide - ok
00:58:43.0283 3400 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
00:58:43.0286 3400 vmbus - ok
00:58:43.0298 3400 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
00:58:43.0299 3400 VMBusHID - ok
00:58:43.0313 3400 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
00:58:43.0314 3400 volmgr - ok
00:58:43.0330 3400 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
00:58:43.0335 3400 volmgrx - ok
00:58:43.0348 3400 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
00:58:43.0352 3400 volsnap - ok
00:58:43.0360 3400 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:58:43.0362 3400 vsmraid - ok
00:58:43.0381 3400 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
00:58:43.0381 3400 vwifibus - ok
00:58:43.0399 3400 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:58:43.0400 3400 WacomPen - ok
00:58:43.0408 3400 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:58:43.0409 3400 WANARP - ok
00:58:43.0413 3400 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
00:58:43.0414 3400 Wanarpv6 - ok
00:58:43.0437 3400 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:58:43.0438 3400 Wd - ok
00:58:43.0464 3400 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:58:43.0471 3400 Wdf01000 - ok
00:58:43.0499 3400 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:58:43.0499 3400 WfpLwf - ok
00:58:43.0512 3400 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:58:43.0513 3400 WIMMount - ok
00:58:43.0592 3400 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
00:58:43.0594 3400 WinUsb - ok
00:58:43.0616 3400 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:58:43.0617 3400 WmiAcpi - ok
00:58:43.0665 3400 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:58:43.0667 3400 ws2ifsl - ok
00:58:43.0701 3400 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
00:58:43.0704 3400 WudfPf - ok
00:58:43.0723 3400 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:58:43.0726 3400 WUDFRd - ok
00:58:43.0755 3400 MBR (0x1B8) (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
00:58:43.0756 3400 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
00:58:43.0756 3400 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
00:58:43.0761 3400 Boot (0x1200) (dc4adc250e3c82930b1e1b48cca764a2) \Device\Harddisk0\DR0\Partition0
00:58:43.0762 3400 \Device\Harddisk0\DR0\Partition0 - ok
00:58:43.0777 3400 Boot (0x1200) (b211484683b36d9b3ba9197a8840e450) \Device\Harddisk0\DR0\Partition1
00:58:43.0778 3400 \Device\Harddisk0\DR0\Partition1 - ok
00:58:43.0779 3400 ============================================================
00:58:43.0779 3400 Scan finished
00:58:43.0779 3400 ============================================================
00:58:43.0795 3836 Detected object count: 1
00:58:43.0795 3836 Actual detected object count: 1
00:59:18.0867 3836 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
00:59:18.0867 3836 \Device\Harddisk0\DR0 - ok
00:59:18.0869 3836 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
01:00:08.0152 3904 Deinitialize success

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:25 PM

Posted 17 December 2011 - 09:30 PM

Great, this was the biggest pest. We should still do one more as there are often remanants.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Renolidor

Renolidor
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 18 December 2011 - 12:43 AM

Hi, thanks again for your help. Here is the log from ESETscan

C:\Users\Wilson\AppData\Local\Temp\is1598539481\zgInstaller.exe a variant of Win32/Toolbar.Zugo application deleted - quarantined
C:\Users\Wilson\AppData\Local\TempImages\UpdateInstaller.exe a variant of Win32/Agent.SZW trojan cleaned by deleting - quarantined
C:\Users\Wilson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7bec11ca-446e80a2 Java/Exploit.CVE-2011-3544.F trojan deleted - quarantined
C:\Users\Wilson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\53936e8b-17220602 Java/Exploit.CVE-2011-3544.F trojan deleted - quarantined
C:\Users\Wilson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\3de3f142-1652bd43 Java/Agent.DY trojan deleted - quarantined
C:\Users\Wilson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\1ae8aca3-29244856 Java/Agent.DY trojan deleted - quarantined
C:\Users\Wilson\Downloads\FreeWAVToMP3ConverterSetup.exe a variant of Win32/Agent.SZW trojan deleted - quarantined
C:\Windows\assembly\temp\U\80000032.@ probably a variant of Win32/Olmarik.AVQ trojan cleaned by deleting - quarantined
C:\Windows\system64\consrv.dll Win64/Sirefef.G trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.DN trojan

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:25 PM

Posted 18 December 2011 - 03:25 PM

OK, how is it running now. You had some really bad malware .. All passwords were stolen and if you do banking or kept credit card info here ... I would change all passwords and call my banks to advise them.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Renolidor

Renolidor
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 18 December 2011 - 05:54 PM

Actually, things have worsened. My computer is now unable to even start up. It goes to Windows Startup Repair, which ultimately gives me a message that says "Startup Repair cannot repair this computer automatically," and then the only option left is to shut down the computer and try starting it up again. I've tried starting it up at least six times so far, and I've tried starting in Safe Mode and using System Restore, but nothing works. Do you have any ideas?

Thank you for your concern about my passwords; I have changed the passwords and will tell the companies as soon as possible.

*EDIT: I just tried again, and was able to start up to a point about four days ago when I first posted here. I will run all these steps again and give you an update.

Edited by Renolidor, 18 December 2011 - 05:59 PM.


#8 Renolidor

Renolidor
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 18 December 2011 - 08:23 PM

Ok, things seem to have normalized again, but the fact still remains that I had to try multiple times to get my computer to start. Any idea what might have caused this? Thank you again.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:25 PM

Posted 18 December 2011 - 09:43 PM

Ok, let's do a Rootkit scan and if this is clean you may want to start a win 7 post as it may be a soft or jardware issue and they can check that out.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Renolidor

Renolidor
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 18 December 2011 - 11:36 PM

Hi, I've completed the scan. Should I FixMBR? When I click that button, the program warns me that it could damage partition tables, and I'm not sure what that means. Meanwhile, here is the log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-18 22:35:15
-----------------------------
22:35:15.969 OS Version: Windows x64 6.1.7600
22:35:15.969 Number of processors: 4 586 0x502
22:35:15.970 ComputerName: WILSON-PC UserName: Wilson
22:35:17.401 Initialize success
22:37:02.132 AVAST engine defs: 11121801
22:39:21.430 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
22:39:21.437 Disk 0 Vendor: WDC_WD5000AAKS-00M9A0 05.01D05 Size: 476940MB BusType: 11
22:39:23.450 Disk 0 MBR read successfully
22:39:23.457 Disk 0 MBR scan
22:39:23.468 Disk 0 Windows 7 default MBR code
22:39:23.476 Service scanning
22:39:24.496 Modules scanning
22:39:24.505 Disk 0 trace - called modules:
22:39:24.524 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:39:24.534 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004687060]
22:39:24.544 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> [0xfffffa80043c51e0]
22:39:24.554 5 ACPI.sys[fffff88000e13781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa80043ab060]
22:39:26.212 AVAST engine scan C:\
23:05:32.117 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
23:05:34.087 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
23:06:09.095 File: C:\Windows\assembly\temp\U\80000004.@ **INFECTED** Win32:Malware-gen
23:06:09.141 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
23:29:40.182 Scan finished successfully
23:31:09.091 Disk 0 MBR has been saved successfully to "C:\Users\Wilson\Desktop\MBR.dat"
23:31:09.096 The log file has been saved successfully to "C:\Users\Wilson\Desktop\aswMBR.txt"

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:25 PM

Posted 20 December 2011 - 12:06 AM

Hello yes run it but first set a restore point.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Renolidor

Renolidor
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 20 December 2011 - 07:19 PM

Hi, everything seems to be alright now. I'll update you in a few days to ensure it stays that way, but for now everything is running smoothly. Thank you so much for your help!

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:25 PM

Posted 21 December 2011 - 12:44 PM

Ok, Thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Renolidor

Renolidor
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 03 January 2012 - 01:07 AM

I believe this matter is resolved now; there have been no problems since I last posted. Thanks again for everything!

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:25 PM

Posted 03 January 2012 - 11:04 AM

You're welcome!!
If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users