Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!- Trojan horse Agent3.AVWH was found in the x-force_2012_x64.exe


  • This topic is locked This topic is locked
13 replies to this topic

#1 holte

holte

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 24 April 2012 - 12:38 AM

Hi- the virus came in 2 parts from a QVOD movie player i was using. One was a Trojan Horse downloader in the QVOD itself and the other was Trojan Horse Agent3.AVWH in my Autodesk Alias file.
For the QVOD player I used AVG to remove virus while the player was uninstalled also.

Id like to save the Autodesk Alias program if possible but if not can you still help to me to rid this virus? So far system is ok except for screen suddenly going black while using applications(photoshop,internet)

Thanks!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by darin at 22:09:05 on 2012-04-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8119.6141 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\ANIWConnService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe
C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\darin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\darin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\darin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\darin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Hawking\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Hawking\11n USB Wireless LAN Utility\RtWlan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\darin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\darin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360310p116p0375v145k4951r348
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = ftp=127.0.0.1:80;http=localhost;127.0.0.1:80;https=127.0.0.1:80;socks=localhost;127.0.0.1
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TheBflix Class: {271af871-88fd-41a4-afb7-ff6cff038410} - C:\ProgramData\TheBflix\bhoclass.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {B580CF65-E151-49C3-B73F-70B13FCA8E86} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\darin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe"
mRun: [PlayMovie] "C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe"
mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
mRun: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\darin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3D9B37E9-AD97-4DF1-900F-46360E131A4D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C1EAC80C-2756-48ED-9D1E-D36650D80031} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TheBflix Class: {271AF871-88FD-41A4-AFB7-FF6CFF038410} - C:\ProgramData\TheBflix\bhoclass.dll
BHO-X64: TheBflix - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {B580CF65-E151-49C3-B73F-70B13FCA8E86} - No File
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe"
mRun-x64: [PlayMovie] "C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe"
mRun-x64: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
mRun-x64: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
mRun-x64: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\system32\DRIVERS\anodlwfx.sys --> C:\Windows\system32\DRIVERS\anodlwfx.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/03/28 00:22:36];C:\Program Files (x86)\CyberLink\PlayMovie\000.fcl [2010-3-28 146928]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 ANIWConnService;ANIWConn Service;C:\Windows\System32\ANIWConnService.exe [2010-3-28 147456]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Hawking\11n USB Wireless LAN Utility\RtlService.exe [2010-3-28 36864]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-28 2314240]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-12-1 240160]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-28 135664]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-7-5 1431888]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-28 135664]
S3 netr28ux;D-Link USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-24 04:53:45 -------- d-----w- C:\Users\darin\AppData\Local\{17E10108-08F9-490E-8281-373C107964F2}
2012-04-24 04:53:35 -------- d-----w- C:\Users\darin\AppData\Local\{59B82C9E-32D4-4246-89A5-C80D784FAE3E}
2012-04-24 00:24:37 -------- d-----w- C:\Users\darin\Language
2012-04-24 00:24:32 57047 ----a-w- C:\Users\darin\QvodUninst.exe
2012-04-24 00:24:32 -------- d-----w- C:\Users\darin\Viewdata
2012-04-24 00:24:31 -------- d-----w- C:\Users\darin\Skins
2012-04-24 00:24:31 -------- d-----w- C:\Users\darin\Codecs
2012-04-23 19:00:31 -------- d-----w- C:\Users\darin\AppData\Local\{A438BDAB-A835-4AEE-972A-E54F1D28E28A}
2012-04-23 19:00:18 -------- d-----w- C:\Users\darin\AppData\Local\{AF1DE52E-8FCB-4961-B745-1F8AAE770B38}
2012-04-23 08:14:23 -------- d-----w- C:\Users\darin\AppData\Local\{244B26FB-ABF1-47CE-8480-31156CBB4C9D}
2012-04-23 08:14:12 -------- d-----w- C:\Users\darin\AppData\Local\{5B1611D6-88DB-4E51-A075-5F3A2EA2052A}
2012-04-23 07:39:01 -------- d-----w- C:\Users\darin\AppData\Local\{473E5D77-BBC4-415D-BEDB-BE1E33426630}
2012-04-23 07:38:51 -------- d-----w- C:\Users\darin\AppData\Local\{F6820892-E532-420F-A8C8-644FC15913D2}
2012-04-23 03:49:45 -------- d-----w- C:\Users\darin\AppData\Local\{5AB4AD35-D80B-432C-A528-3D9068E8BE19}
2012-04-23 03:49:36 -------- d-----w- C:\Users\darin\AppData\Local\{0FB29292-BF5A-49AC-9373-BA87D10D8D92}
2012-04-23 03:13:41 -------- d-----w- C:\Users\darin\AppData\Local\{4DB33339-9389-422A-9F79-0331BB8FF43D}
2012-04-23 03:13:31 -------- d-----w- C:\Users\darin\AppData\Local\{F91D4529-3EC4-4579-B144-4172D2046D88}
2012-04-22 17:39:35 -------- d-----w- C:\Users\darin\AppData\Local\{CA779224-4D5B-4745-971F-7C46ADDCC131}
2012-04-22 17:39:25 -------- d-----w- C:\Users\darin\AppData\Local\{D068AAB5-FD75-4292-A70B-2A12298EC2AF}
2012-04-22 16:29:51 -------- d-----w- C:\Users\darin\AppData\Local\{CFE81AE2-FCA8-4498-8700-8523EA29B6F2}
2012-04-22 16:29:41 -------- d-----w- C:\Users\darin\AppData\Local\{6CB3310C-3BA0-4C28-9DB2-DD1F8B7BF5CE}
2012-04-22 07:17:37 -------- d-----w- C:\Users\darin\AppData\Local\{C7263BCD-57AB-4CFF-9526-4D23A5CFA88C}
2012-04-22 07:17:26 -------- d-----w- C:\Users\darin\AppData\Local\{84D8F1D0-B1D6-4C03-AA39-26AB7DF35587}
2012-04-22 07:02:23 -------- d-----w- C:\ProgramData\QvodPlayer
2012-04-22 01:23:39 -------- d-----w- C:\Users\darin\AppData\Local\{E1B69DA0-2069-4A2A-BAF4-C5BFBC1432FC}
2012-04-22 01:23:28 -------- d-----w- C:\Users\darin\AppData\Local\{F728149F-B6FB-4213-AB91-76F8588E121C}
2012-04-21 16:23:56 -------- d-----w- C:\Users\darin\AppData\Local\{810DC4F2-C12B-4A41-BD21-50BA4AAF94D2}
2012-04-21 16:23:46 -------- d-----w- C:\Users\darin\AppData\Local\{78591321-4239-46D4-9F23-F97064CAC3EC}
2012-04-19 00:17:37 -------- d-----w- C:\media 2
2012-04-18 21:09:06 -------- d-----w- C:\Users\darin\AppData\Local\{B237E978-9077-4680-9D14-25A53DA67AA5}
2012-04-18 21:08:56 -------- d-----w- C:\Users\darin\AppData\Local\{186B0E41-4A07-485E-B5CF-2A869518175A}
2012-04-17 20:15:21 -------- d-----w- C:\Users\darin\AppData\Local\{A5928939-3894-48D8-ADEE-389BB82E2666}
2012-04-17 20:15:08 -------- d-----w- C:\Users\darin\AppData\Local\{4238CF2C-5520-4160-8A2E-18C9904EDE98}
2012-04-16 16:46:38 -------- d-----w- C:\Users\darin\AppData\Local\{471C8B63-852F-4CF1-8C9D-DAE9433B9D25}
2012-04-16 16:46:28 -------- d-----w- C:\Users\darin\AppData\Local\{ADE873E8-865D-4CA3-8629-A556B5B5E940}
2012-04-16 03:02:46 -------- d-----w- C:\Users\darin\AppData\Local\{F84BCBAA-CEB6-4016-9D98-7F326EBDD6AD}
2012-04-16 03:02:32 -------- d-----w- C:\Users\darin\AppData\Local\{FF8C0D29-9482-4B5D-9B04-B8E049AC1D7E}
2012-04-14 18:31:57 -------- d-----w- C:\Users\darin\AppData\Local\{FB5D990B-580A-4072-AF8D-20B03D182938}
2012-04-14 08:52:47 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-14 08:52:46 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-14 08:52:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-14 08:52:45 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-14 08:52:45 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-14 08:52:45 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-14 08:52:45 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-13 09:40:20 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-13 09:40:19 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-13 09:40:19 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 19:05:45 -------- d-----w- C:\Users\darin\AppData\Local\{BDF78116-CBD7-4700-AC7E-2EA89932B5DA}
2012-04-11 18:18:24 -------- d-----w- C:\Users\darin\AppData\Local\{A493F180-E448-43E2-822F-E915DBBFAAE7}
2012-04-09 16:50:09 -------- d-----w- C:\Users\darin\AppData\Local\{4B4B3E5D-E9B1-49F9-A5BE-D6DA193C0385}
2012-04-08 21:05:09 -------- d-----w- C:\Users\darin\AppData\Local\{D49D0298-68F9-4011-998A-6900DD638FA0}
2012-04-06 16:45:14 -------- d-----w- C:\Users\darin\AppData\Local\{AF6861AB-8E45-4EC4-9C82-5A416537EC55}
2012-04-05 22:58:25 -------- d-----w- C:\Users\darin\AppData\Local\{F38D631A-EEDC-4623-8DB0-0AF7D5A37906}
2012-04-04 20:00:09 -------- d-----w- C:\Users\darin\AppData\Local\{23DC251A-2A99-4952-9F0B-79F1D4C63B44}
2012-04-03 01:37:12 -------- d-----w- C:\Users\darin\AppData\Local\{BA9C84AE-A812-4388-BE72-04EBC2D208E7}
2012-04-01 00:48:43 -------- d-----w- C:\Users\darin\AppData\Local\{7BC77A71-0593-4F65-A462-63C3EBB69B59}
2012-03-26 16:25:49 -------- d-----w- C:\Users\darin\AppData\Local\{07396EDE-CFA4-48A5-B712-99ED4C49E1FE}
2012-03-26 16:25:37 -------- d-----w- C:\Users\darin\AppData\Local\{AA1A297F-6D91-4898-9FCB-0A995D24D790}
2012-03-25 18:49:44 -------- d-----w- C:\Users\darin\AppData\Local\{70189D63-ADF1-433B-A423-B0E7ED75F320}
2012-03-25 18:49:34 -------- d-----w- C:\Users\darin\AppData\Local\{F5CEA8FD-B0D9-4F80-AFE1-A161557CEE62}
2012-03-25 07:38:51 -------- d-----w- C:\Users\darin\AppData\Local\{A750D960-C0A7-400A-A0FF-9C791DB4D11A}
2012-03-25 07:38:42 -------- d-----w- C:\Users\darin\AppData\Local\{25D57DF0-49E6-4E01-B270-B02FDE11DA76}
.
==================== Find3M ====================
.
2012-03-09 17:48:25 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 06:35:54 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:33:03 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-28 05:40:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-02-28 05:17:41 482816 ----a-w- C:\Windows\System32\html.iec
2012-02-28 04:35:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 04:31:46 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 03:57:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-07 18:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-01-14 04:33:56 88973936 ----a-w- C:\Program Files\Windows_TurboTax_HomeAndBusiness_2011.exe
.
============= FINISH: 22:09:43.02 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:18 PM

Posted 28 April 2012 - 06:19 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 holte

holte
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 29 April 2012 - 12:46 AM

Hi mOle- Im here, do you have any suggestions?

Thanks, D-

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:18 PM

Posted 29 April 2012 - 05:19 PM

Please run aswMBR and OTL

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


And

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Posted Image
m0le is a proud member of UNITE

#5 holte

holte
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 30 April 2012 - 04:18 AM

Hello!


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-30 01:47:26
-----------------------------
01:47:26.265 OS Version: Windows x64 6.1.7600
01:47:26.265 Number of processors: 4 586 0x2502
01:47:26.265 ComputerName: DARIN-PC UserName: darin
01:47:27.455 Initialize success
01:47:32.656 AVAST engine defs: 12042901
01:47:46.495 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-2
01:47:46.497 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
01:47:46.506 Disk 0 MBR read successfully
01:47:46.507 Disk 0 MBR scan
01:47:46.510 Disk 0 Windows 7 default MBR code
01:47:46.514 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
01:47:46.527 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
01:47:46.539 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938407 MB offset 31664128
01:47:46.559 Disk 0 scanning C:\Windows\system32\drivers
01:47:54.501 Service scanning
01:48:13.146 Modules scanning
01:48:13.156 Disk 0 trace - called modules:
01:48:13.171 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
01:48:13.178 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d82060]
01:48:13.185 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-2[0xfffffa8007ae2050]
01:48:15.240 AVAST engine scan C:\Windows
01:48:17.931 AVAST engine scan C:\Windows\system32
01:51:31.716 AVAST engine scan C:\Windows\system32\drivers
01:51:52.347 AVAST engine scan C:\Users\darin
02:08:26.818 AVAST engine scan C:\ProgramData
02:11:30.594 Scan finished successfully
02:11:56.823 Disk 0 MBR has been saved successfully to "C:\Users\darin\Desktop\MBR.dat"
02:11:56.827 The log file has been saved successfully to "C:\Users\darin\Desktop\aswMBR.txt"




Heres the OTL.txt


OTL logfile created on: 4/30/2012 1:54:20 AM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\darin\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 5.90 Gb Available Physical Memory | 74.41% Memory free
15.86 Gb Paging File | 13.71 Gb Available in Paging File | 86.44% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 686.43 Gb Free Space | 74.90% Space Free | Partition Type: NTFS
Drive D: | 443.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DARIN-PC | User Name: darin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/30 01:53:57 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\darin\Downloads\OTL.exe
PRC - [2012/04/30 01:47:18 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\darin\Downloads\aswMBR (1).exe
PRC - [2012/03/12 10:56:00 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/03/12 10:56:00 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/03/28 11:35:46 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2009/11/16 12:36:10 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe
PRC - [2009/11/12 19:31:42 | 000,185,576 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe
PRC - [2009/10/23 20:24:54 | 001,085,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Hawking\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2009/10/13 11:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/12 15:58:52 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/07/20 14:07:10 | 000,124,416 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
PRC - [2009/07/10 11:23:54 | 000,036,864 | R--- | M] (Realtek) -- C:\Program Files (x86)\Hawking\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/04/22 16:20:30 | 001,683,456 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
PRC - [2009/02/26 13:46:40 | 000,147,456 | ---- | M] () -- C:\Windows\SysWOW64\ANIWConnService.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe
PRC - [2007/01/19 11:49:04 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/28 00:12:59 | 008,743,584 | ---- | M] () -- C:\Users\darin\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
MOD - [2012/04/13 09:32:22 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll
MOD - [2012/04/13 09:32:17 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll
MOD - [2012/04/12 00:37:34 | 000,444,400 | ---- | M] () -- C:\Users\darin\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppgooglenaclpluginchrome.dll
MOD - [2012/04/12 00:37:33 | 003,915,248 | ---- | M] () -- C:\Users\darin\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
MOD - [2012/04/12 00:36:08 | 000,122,880 | ---- | M] () -- C:\Users\darin\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll
MOD - [2012/04/12 00:36:06 | 000,220,672 | ---- | M] () -- C:\Users\darin\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll
MOD - [2012/04/12 00:36:05 | 001,747,456 | ---- | M] () -- C:\Users\darin\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll
MOD - [2012/03/12 10:56:00 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/02/16 14:43:57 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
MOD - [2012/02/16 14:43:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
MOD - [2012/02/16 14:43:52 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
MOD - [2011/10/12 14:18:06 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/11/03 15:51:26 | 000,039,712 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2009/06/12 16:37:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
MOD - [2009/06/12 16:37:36 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
MOD - [2009/03/05 11:12:08 | 000,258,048 | ---- | M] () -- C:\Windows\SysWOW64\wlanapp.dll
MOD - [2009/02/09 18:26:10 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIOApi.dll
MOD - [2009/02/09 18:26:10 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIOApi.dll
MOD - [2009/02/02 18:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/05 22:41:38 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/03/12 10:56:00 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/09/30 19:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/08/28 02:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 11:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/12 16:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/10 11:23:54 | 000,036,864 | R--- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Hawking\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 11:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/26 13:46:40 | 000,147,456 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ANIWConnService.exe -- (ANIWConnService)
SRV - [2007/01/19 11:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files (x86)\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/06 07:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/10/29 01:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/23 02:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2009/09/16 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/26 00:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 17:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 17:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/17 11:27:56 | 000,886,272 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/04/30 01:47:26 | 000,055,640 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Users\darin\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2009/11/12 19:31:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/28 00:22:36] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360310p116p0375v145k4951r348
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360310p116p0375v145k4951r348
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360310p116p0375v145k4951r348
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=88fb371b00000000000090fba62dfcea
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&tt=010412_crm&babsrc=SP_ss&mntrId=88fb371b00000000000090fba62dfcea
IE - HKCU\..\SearchScopes\{56AA9076-F01B-E7F5-FDE8-595510203E62}: "URL" = http://www.amazon.com/websearch/ref=bit_bds-amzn_serp_ie_us_display?ie=UTF8&tag=bds-amzn-serp-us-ie-20&tagbase=bds-amzn&tbrId=v1_abb-channel-15_b3b2a189e9364b52ae01aa241bbca387_15_15_20120429_US_ie_ds_&query={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS372
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F5B42307-8A76-4825-9522-6E25D1FC981C}&mid=8dad909d78ad47d6b7ff41b2e0c91519-6969840192cb244718e7ea54e3dd5f2553b32c13&lang=en&ds=AVG&pr=fr&d=2011-09-25 01:57:09&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{B8E20CD7-BAC2-4820-9AA6-1060B3AF25E2}: "URL" = http://www.baidu.com/s?wd={searchTerms}&ie={inputEncoding}&oe={outputEncoding}&abar=2&tn=utf8kb_oem_dg
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=127.0.0.1:80;http=localhost;127.0.0.1:80;https=127.0.0.1:80;socks=localhost;127.0.0.1

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Users\darin\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\darin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\darin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\darin\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 12:43:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/04/23 02:09:57 | 000,000,000 | ---D | M]

[2011/03/25 02:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darin\AppData\Roaming\Mozilla\Extensions
[2011/03/25 02:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darin\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2012/04/27 00:51:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\darin\AppData\Roaming\Mozilla\Firefox\Profiles\q2rviono.default\extensions
[2012/04/27 00:51:39 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\darin\AppData\Roaming\Mozilla\Firefox\Profiles\q2rviono.default\extensions\ffxtlbr@babylon.com
[2011/09/06 23:35:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/02 16:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\darin\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\darin\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\darin\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\darin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Users\darin\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Users\darin\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\darin\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: QvodInsert (Enabled) = C:\Users\darin\npQvodInsert.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: TheBflix = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjakmojkcnhgipgkkbiempkfdndcnlah\5.0_0\
CHR - Extension: AVG Safe Search = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Amazon for Chrome = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\1.0_0\
CHR - Extension: Gmail = C:\Users\darin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/03 12:58:55 | 000,000,853 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (TheBflix Class) - {271AF871-88FD-41A4-AFB7-FF6CFF038410} - C:\ProgramData\TheBflix\bhoclass.dll (Injector)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCMAgent] C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D9B37E9-AD97-4DF1-900F-46360E131A4D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1EAC80C-2756-48ED-9D1E-D36650D80031}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/05 22:33:35 | 000,000,000 | ---D | M] - C:\Autodesk Alias Automotive 2012 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/30 01:45:18 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{4B610D76-B222-4162-8664-1BEEA06A8F6A}
[2012/04/30 01:45:08 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{E65856C3-7326-4C8E-9A6E-FAD12AB26545}
[2012/04/29 15:10:05 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{72C97D72-0E7B-41B0-A193-5A110EBD64D2}
[2012/04/29 15:09:53 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{D29CA8E4-1C6B-4DD7-9853-CAF6941DD91E}
[2012/04/29 13:09:45 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{6F82B987-B05D-4F09-8047-245FF3DE8ADD}
[2012/04/29 13:09:36 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{6DB9AD2D-4D55-47BD-A3CA-51F938625233}
[2012/04/29 12:45:30 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{39B55D62-848E-46AE-8FF3-9F8FED96082C}
[2012/04/29 12:45:19 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{FBB6F063-D738-439F-89C5-D14E721FB3BD}
[2012/04/29 12:41:27 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{0A605B3C-DB50-4E44-8BFD-9A8BB5A27ECB}
[2012/04/29 12:41:16 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{1EF066EB-CF97-44F1-BD21-35FB5C49B43D}
[2012/04/29 10:44:20 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{C49A1373-D705-403E-87E4-77273C9BBEF6}
[2012/04/29 10:44:06 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{32BE49C2-7FB5-4A30-AD3F-CE8890A0D84F}
[2012/04/28 23:33:39 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Roaming\Media Player Classic
[2012/04/28 23:32:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real Alternative
[2012/04/28 23:32:21 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2012/04/28 23:32:21 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2012/04/28 23:32:21 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2012/04/28 23:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real Alternative
[2012/04/28 23:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/04/28 11:15:34 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{D1762A40-0DA3-4EEE-A9BB-3608BB0DF007}
[2012/04/28 11:15:24 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{E4286C37-B77F-4A00-89C4-84558D19DAD9}
[2012/04/27 19:27:50 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{A4EAF7FA-101F-4892-800A-87CFEA986046}
[2012/04/27 19:27:40 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{D6A50A35-32EC-4CBC-8D82-2F85C3450C2E}
[2012/04/27 11:47:19 | 000,000,000 | ---D | C] -- C:\Users\darin\Desktop\New folder
[2012/04/27 09:33:16 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{30265B6A-1C49-47D5-855C-86DC46A50403}
[2012/04/27 09:33:03 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{8A0D08A4-95BE-4285-BFC1-6CAE76023414}
[2012/04/27 01:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RMVB Player
[2012/04/27 01:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RMVB Player
[2012/04/27 00:51:21 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Roaming\Babylon
[2012/04/27 00:51:21 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\Babylon
[2012/04/27 00:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/04/26 10:12:27 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{77308461-5150-45A5-B524-6E9DDC92B961}
[2012/04/26 10:12:13 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{C31E1CF3-6159-4258-A8E6-60F423F2765B}
[2012/04/26 02:32:00 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{FCE1A1CB-67DF-4131-B806-8BAEB28EDC2D}
[2012/04/26 02:09:03 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{259292CA-889C-428C-BD90-2D45BF0EAEC4}
[2012/04/26 02:08:53 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{7B7742BB-5DD6-434F-B76F-3E600E03A405}
[2012/04/25 15:01:09 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{D10D1CAB-8AE5-4AB4-A779-8FEED14861CC}
[2012/04/25 15:00:44 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{335702D8-100E-4305-B4FF-EDC3C1084FF6}
[2012/04/25 11:08:40 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{D58E63D2-249B-4602-BC9C-4EF2A9984AC0}
[2012/04/25 11:08:24 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{6A808D72-F4F7-4CB7-A94C-2FE1F027CFAA}
[2012/04/24 13:03:05 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{12B982BD-5229-461B-9576-D19CCB404203}
[2012/04/24 13:02:56 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{D3117742-8EDA-4357-845F-F6514048AC31}
[2012/04/23 22:08:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\darin\Desktop\dds.scr
[2012/04/23 21:53:45 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{17E10108-08F9-490E-8281-373C107964F2}
[2012/04/23 21:53:35 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{59B82C9E-32D4-4246-89A5-C80D784FAE3E}
[2012/04/23 17:24:37 | 000,000,000 | ---D | C] -- C:\Users\darin\Language
[2012/04/23 17:24:32 | 000,057,047 | ---- | C] (资源影院) -- C:\Users\darin\QvodUninst.exe
[2012/04/23 17:24:32 | 000,000,000 | ---D | C] -- C:\Users\darin\Viewdata
[2012/04/23 17:24:32 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\첥
[2012/04/23 17:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\첥
[2012/04/23 17:24:31 | 000,000,000 | ---D | C] -- C:\Users\darin\Skins
[2012/04/23 17:24:31 | 000,000,000 | ---D | C] -- C:\Users\darin\Codecs
[2012/04/23 12:00:31 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{A438BDAB-A835-4AEE-972A-E54F1D28E28A}
[2012/04/23 12:00:18 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{AF1DE52E-8FCB-4961-B745-1F8AAE770B38}
[2012/04/23 01:14:23 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{244B26FB-ABF1-47CE-8480-31156CBB4C9D}
[2012/04/23 01:14:12 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{5B1611D6-88DB-4E51-A075-5F3A2EA2052A}
[2012/04/23 00:39:01 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{473E5D77-BBC4-415D-BEDB-BE1E33426630}
[2012/04/23 00:38:51 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{F6820892-E532-420F-A8C8-644FC15913D2}
[2012/04/22 20:49:45 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{5AB4AD35-D80B-432C-A528-3D9068E8BE19}
[2012/04/22 20:49:36 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{0FB29292-BF5A-49AC-9373-BA87D10D8D92}
[2012/04/22 20:13:41 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{4DB33339-9389-422A-9F79-0331BB8FF43D}
[2012/04/22 20:13:31 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{F91D4529-3EC4-4579-B144-4172D2046D88}
[2012/04/22 10:39:35 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{CA779224-4D5B-4745-971F-7C46ADDCC131}
[2012/04/22 10:39:25 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{D068AAB5-FD75-4292-A70B-2A12298EC2AF}
[2012/04/22 09:29:51 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{CFE81AE2-FCA8-4498-8700-8523EA29B6F2}
[2012/04/22 09:29:41 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{6CB3310C-3BA0-4C28-9DB2-DD1F8B7BF5CE}
[2012/04/22 00:17:37 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{C7263BCD-57AB-4CFF-9526-4D23A5CFA88C}
[2012/04/22 00:17:26 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{84D8F1D0-B1D6-4C03-AA39-26AB7DF35587}
[2012/04/22 00:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\QvodPlayer
[2012/04/21 18:23:39 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{E1B69DA0-2069-4A2A-BAF4-C5BFBC1432FC}
[2012/04/21 18:23:28 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{F728149F-B6FB-4213-AB91-76F8588E121C}
[2012/04/21 09:23:56 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{810DC4F2-C12B-4A41-BD21-50BA4AAF94D2}
[2012/04/21 09:23:46 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{78591321-4239-46D4-9F23-F97064CAC3EC}
[2012/04/18 17:17:37 | 000,000,000 | ---D | C] -- C:\media 2
[2012/04/18 14:09:06 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{B237E978-9077-4680-9D14-25A53DA67AA5}
[2012/04/18 14:08:56 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{186B0E41-4A07-485E-B5CF-2A869518175A}
[2012/04/17 14:34:55 | 000,000,000 | ---D | C] -- C:\Users\darin\Desktop\MOTOXconcept
[2012/04/17 13:15:21 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{A5928939-3894-48D8-ADEE-389BB82E2666}
[2012/04/17 13:15:08 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{4238CF2C-5520-4160-8A2E-18C9904EDE98}
[2012/04/16 09:46:38 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{471C8B63-852F-4CF1-8C9D-DAE9433B9D25}
[2012/04/16 09:46:28 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{ADE873E8-865D-4CA3-8629-A556B5B5E940}
[2012/04/15 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{F84BCBAA-CEB6-4016-9D98-7F326EBDD6AD}
[2012/04/15 20:02:32 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{FF8C0D29-9482-4B5D-9B04-B8E049AC1D7E}
[2012/04/14 11:31:57 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{FB5D990B-580A-4072-AF8D-20B03D182938}
[2012/04/14 01:52:47 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/14 01:52:46 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/14 01:52:45 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/13 02:40:20 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/13 02:40:19 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/13 02:40:19 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/12 12:21:11 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/04/12 12:21:11 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/04/12 12:21:11 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/04/12 12:21:11 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/04/12 12:21:11 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/12 12:21:11 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/04/12 12:21:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/12 12:21:11 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/12 12:21:11 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/12 12:21:11 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/12 12:21:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/12 12:21:11 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/04/12 12:21:11 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/04/12 12:21:11 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/04/12 12:21:11 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/04/12 12:05:45 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{BDF78116-CBD7-4700-AC7E-2EA89932B5DA}
[2012/04/11 11:18:24 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{A493F180-E448-43E2-822F-E915DBBFAAE7}
[2012/04/09 09:50:09 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{4B4B3E5D-E9B1-49F9-A5BE-D6DA193C0385}
[2012/04/08 14:05:09 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{D49D0298-68F9-4011-998A-6900DD638FA0}
[2012/04/06 09:45:14 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{AF6861AB-8E45-4EC4-9C82-5A416537EC55}
[2012/04/05 15:58:25 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{F38D631A-EEDC-4623-8DB0-0AF7D5A37906}
[2012/04/04 13:00:09 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{23DC251A-2A99-4952-9F0B-79F1D4C63B44}
[2012/04/02 18:37:12 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{BA9C84AE-A812-4388-BE72-04EBC2D208E7}
[2012/03/31 17:48:43 | 000,000,000 | ---D | C] -- C:\Users\darin\AppData\Local\{7BC77A71-0593-4F65-A462-63C3EBB69B59}

========== Files - Modified Within 30 Days ==========

[2012/04/30 01:57:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/30 01:57:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/30 01:51:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 01:51:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 01:50:30 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/30 01:50:30 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/30 01:50:30 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/30 01:44:48 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME
[2012/04/30 01:43:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/30 01:43:40 | 2090,147,839 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 01:43:40 | 1189,669,940 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/30 01:12:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-890904897-2922591048-3828146287-1000UA.job
[2012/04/29 23:13:40 | 000,061,301 | ---- | M] () -- C:\Users\darin\Desktop\ss-seaworld-3.jpg
[2012/04/29 23:12:22 | 000,443,430 | ---- | M] () -- C:\Users\darin\Desktop\GgOESofCyEKV28Rf.jpg
[2012/04/29 23:12:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-890904897-2922591048-3828146287-1000Core.job
[2012/04/29 23:11:08 | 000,005,317 | ---- | M] () -- C:\Users\darin\Desktop\saf_1_iso.jpg
[2012/04/29 23:09:34 | 001,416,413 | ---- | M] () -- C:\Users\darin\Desktop\2-gaislachkogl_bergstation.jpg
[2012/04/29 23:04:21 | 001,796,194 | ---- | M] () -- C:\Users\darin\Desktop\magnoliamedicalplaza-2.jpg
[2012/04/29 18:43:45 | 096,621,463 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/29 18:43:02 | 000,469,440 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/28 23:12:23 | 000,000,488 | ---- | M] () -- C:\user.js
[2012/04/23 22:09:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\darin\Desktop\dds.scr
[2012/04/23 22:04:07 | 000,000,000 | ---- | M] () -- C:\Users\darin\defogger_reenable
[2012/04/23 17:24:37 | 000,000,340 | ---- | M] () -- C:\Users\darin\QvodCfg.ini
[2012/04/23 17:24:32 | 000,057,047 | ---- | M] (资源影院) -- C:\Users\darin\QvodUninst.exe
[2012/04/23 17:24:31 | 000,000,883 | ---- | M] () -- C:\Users\darin\MediaConn.ini
[2012/04/12 22:13:00 | 000,002,405 | ---- | M] () -- C:\Users\darin\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/04/29 23:13:42 | 000,061,301 | ---- | C] () -- C:\Users\darin\Desktop\ss-seaworld-3.jpg
[2012/04/29 23:12:24 | 000,443,430 | ---- | C] () -- C:\Users\darin\Desktop\GgOESofCyEKV28Rf.jpg
[2012/04/29 23:11:10 | 000,005,317 | ---- | C] () -- C:\Users\darin\Desktop\saf_1_iso.jpg
[2012/04/29 23:09:36 | 001,416,413 | ---- | C] () -- C:\Users\darin\Desktop\2-gaislachkogl_bergstation.jpg
[2012/04/29 23:04:26 | 001,796,194 | ---- | C] () -- C:\Users\darin\Desktop\magnoliamedicalplaza-2.jpg
[2012/04/27 00:51:40 | 000,000,488 | ---- | C] () -- C:\user.js
[2012/04/23 22:04:07 | 000,000,000 | ---- | C] () -- C:\Users\darin\defogger_reenable
[2012/04/02 14:17:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/04 19:38:19 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/19 11:34:17 | 088,973,936 | ---- | C] () -- C:\Program Files\Windows_TurboTax_HomeAndBusiness_2011.exe
[2011/07/26 00:10:10 | 000,641,021 | ---- | C] () -- C:\Windows\unins000.exe
[2011/07/26 00:10:10 | 000,187,904 | ---- | C] () -- C:\Windows\SysWow64\Lame.exe
[2011/07/26 00:10:10 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\Lame_enc.dll
[2011/07/26 00:10:10 | 000,001,678 | ---- | C] () -- C:\Windows\unins000.dat
[2011/07/14 21:53:04 | 000,005,014 | ---- | C] () -- C:\ProgramData\knmesfut.gey
[2011/07/05 22:42:27 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/22 23:02:59 | 000,000,000 | ---- | C] () -- C:\Users\darin\AppData\Roaming\wklnhst.dat
[2011/03/18 19:26:39 | 000,000,114 | ---- | C] () -- C:\Windows\wininit.ini
[2010/06/21 00:00:04 | 000,000,680 | ---- | C] () -- C:\Users\darin\AppData\Roaming\coreavc.ini
[2010/05/11 01:57:46 | 000,000,258 | ---- | C] () -- C:\Users\darin\AppData\Roaming\ANICONFIG_{94677794-6829-4982-99A8-A79A19AEEF60}.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:6B9ADB51
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:B835CF2D

< End of report >


EXTRAS.Txt


OTL Extras logfile created on: 4/30/2012 1:54:20 AM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\darin\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 5.90 Gb Available Physical Memory | 74.41% Memory free
15.86 Gb Paging File | 13.71 Gb Available in Paging File | 86.44% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 686.43 Gb Free Space | 74.90% Space Free | Partition Type: NTFS
Drive D: | 443.32 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DARIN-PC | User Name: darin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026A0A9F-FD07-4810-AAF7-FA50D06BC5CD}" = rport=445 | protocol=6 | dir=out | app=system |
"{1D6B237B-4A9F-48BA-B073-B6293F8B505A}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{2216BB07-B94E-4D1A-B42B-D506394E698D}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{29A6B624-FCDF-49DC-A8E7-99ABBCDAD168}" = lport=2869 | protocol=6 | dir=in | app=system |
"{34C79E06-AD4F-4745-AA4F-709A4434F9B5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E9F4B17-90CA-42E0-931B-39ADEC96ABFB}" = rport=137 | protocol=17 | dir=out | app=system |
"{44FE401C-E7F1-411C-AD63-77AB56D6130F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4FBF4103-8E79-47A7-84DF-7940DCFBB7C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{54EB5E18-FD01-496B-BF7F-E7CEEA49BDB5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{563C3D50-569F-4514-B40E-2C14E9D0EC34}" = rport=138 | protocol=17 | dir=out | app=system |
"{6A1A5054-BB91-4B88-B541-6B4467F6C121}" = lport=137 | protocol=17 | dir=in | app=system |
"{6C48D3AB-42C6-40AE-B26C-57A7BBA37AED}" = rport=139 | protocol=6 | dir=out | app=system |
"{6DD6F743-D347-4726-91E9-3FC43A13696A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F7B877C-B8A3-40C2-8DC1-8FBFFB46A1E8}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{7B47D539-D324-423A-9BAD-17EBBFF2CF2D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7F93743E-C35F-42F0-946A-AC3ABA381723}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{81476F0B-6DD0-44C2-9F5A-00F99F6BBDC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8225410B-C271-4605-B038-7988675DE89B}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{840CDFC3-C04A-4C93-A998-F831D7073F2E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E9F05F5-A8EE-45BC-9A1C-78115899F0A3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{96B7B391-2897-4BEB-8BCE-ABF8FD6099E4}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{A5B744A0-DE38-4116-BED0-E82B667EAB09}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A5FB4B2F-F12F-4FD9-8986-7A2A48975378}" = lport=445 | protocol=6 | dir=in | app=system |
"{A6644FFB-AE2A-4920-B711-E05BB199D466}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A7332621-77EE-4BDC-B64B-4D439C94C8D5}" = lport=138 | protocol=17 | dir=in | app=system |
"{B2AFA743-E0A7-417C-BD54-6A3CCF8CD65D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{B30FEA65-D012-4D0E-8118-2366FDD8234E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BC6B1C42-6A43-480D-B589-D164D1DBF713}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{C5F5F798-CF60-4DE7-8408-8C9A622E41DD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C88108F1-79D4-4491-9A2A-D9C8E0B6B8FA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C8AD5FE3-20CC-4408-A6B0-1052DAA164DF}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{D6D08C24-4B45-4785-9AA2-BC50D2F81ED0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBEBB9A2-792B-48F8-90F8-C320318749F6}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{F7C58B3C-0619-45E8-98AF-CB7CE26C71F6}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{069F880A-6939-4F2B-9A2E-1EED99B6F82B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1316AF81-5011-4B08-96B5-F06A170E1D4F}" = protocol=17 | dir=in | app=c:\users\darin\qvodterminal.exe |
"{13892A24-E673-4469-A73C-981F5C4B75BB}" = protocol=17 | dir=in | app=c:\qvodplayer\360inst-qvod001.exe |
"{13BD2174-6958-4F72-9D89-AC985EB690CD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{177453FD-2FA9-4E53-A372-464C3AEE932F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{1EAB1235-800A-4BAC-9709-82CE7068B64E}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{2387E872-D22C-421C-A538-054A4CC79E47}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{27C7C80D-00A7-40AA-9676-54FF851A7F01}" = protocol=17 | dir=in | app=c:\program files (x86)\hawking\11n usb wireless lan utility\rtwlan.exe |
"{29AEE759-7851-494C-80A0-AB5DEDD43CEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2CFD69D2-6F01-4288-8B8D-88027116768E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2FFD1666-A6BD-4E28-9CD3-4B45ED174ABB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3724F0DC-418D-4A56-AA07-700EBD3AC25D}" = dir=in | app=c:\program files (x86)\cyberlink\playmovie\playmovie.exe |
"{3F6DF81F-DDE9-4EA0-BBCA-09D7140FB086}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{453CE0F8-EF8B-437A-B091-5EDA29ADEC9E}" = protocol=6 | dir=in | app=c:\users\darin\qvodterminal.exe |
"{47879582-FE90-409C-B945-CE4013E1F5B4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4E0C3B4E-A1BC-40B4-A65C-0A085CEAD69A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{540839EE-4A47-4F8D-AD70-501538FE663E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{59B03C58-756F-4A11-AD26-CD1CC3453039}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5DEFDD78-DF1D-452F-9A46-8949036D4F10}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{65051224-BE0E-4C28-ABE3-CEE2CE276836}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{705C6E6A-3796-419D-A51F-2B12B7C28522}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{71B8C5C8-095A-44EE-B869-749A15BFD417}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{72AA5DDA-8D45-4B8F-95EC-45C7A0E6F868}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77119170-E5FA-4427-8E22-D4F79FDF9D03}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{78545861-93FD-4FC3-9CB5-2E074E826718}" = protocol=6 | dir=out | app=system |
"{785A6C41-8B5F-4923-BAB4-89FAC4E3E517}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{7A42FCF0-DCF4-45D6-AA3D-9F0A9E868764}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{8B02779B-00BD-42F0-B650-B913ABE2259B}" = protocol=6 | dir=in | app=c:\program files (x86)\hawking\11n usb wireless lan utility\rtwlan.exe |
"{8C046B96-EA7E-4822-A58E-C809825FCD35}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8D6B6227-968C-4903-91D9-94D1CB22591A}" = protocol=58 | dir=in | app=system |
"{91EEBDB7-DAB0-4BBB-855A-AACCACB316E4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9538DB69-08FC-4F73-AFEF-EB603FE1F44D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{957B83B7-E6D5-4EAC-9528-468E865F263A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{9875E251-A0FF-4230-AE3A-97AC9E3241A3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9B55E4CB-8660-4DE6-A93F-2264134AE583}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9FE9677B-FF98-4EB8-A3FC-8C44BEC4413E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{A45F85E5-B848-4883-BA06-C36F376117EE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A8FC8FA5-872B-40A6-823A-8C416418E298}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{B3C2F4E2-F0DF-4C3D-9BAB-7A3AFACCA523}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B3DBB936-9837-4722-9306-168642F1BE6E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BCB64FAB-74CB-4D05-82A8-51BCF5A9AC1A}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C27F922E-F2FB-4D8E-B1B3-B8C38CB86B80}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C2BF871A-126D-481F-9AC4-D4705D0993E3}" = protocol=6 | dir=in | app=c:\program files (x86)\hawking\11n usb wireless lan utility\rtwlan.exe |
"{C31424EA-D7CA-48CC-88E1-B30395543E16}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C695DE8E-178C-4360-91CA-026F22D111D4}" = dir=in | app=c:\program files (x86)\cyberlink\softdma\softdma.exe |
"{CE76A06A-D2F0-47E8-B06F-1D1AEEF476AD}" = protocol=17 | dir=in | app=c:\program files (x86)\hawking\11n usb wireless lan utility\rtwlan.exe |
"{D1D57005-0833-401A-987D-CE5112A13D64}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D5803B8D-5A7B-40A1-9FC6-9BE4DD810E33}" = protocol=6 | dir=in | app=c:\qvodplayer\360inst-qvod001.exe |
"{D62418EA-1965-49FF-A3CC-DA7317F8A56F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D8F8722E-4BBF-40CA-B3F2-2B8F81EB356A}" = dir=in | app=c:\program files (x86)\cyberlink\playmovie\pmvservice.exe |
"{E8CA8821-C82E-4917-85C2-0E0F6F5AF33A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBF2826E-D3C0-4C84-A4D2-E06F329879F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F17E2461-4197-4368-A6E8-D2319A54A8F4}" = dir=in | app=c:\program files (x86)\cyberlink\powercinema\powercinema.exe |
"{F489E3D9-4137-4506-9589-89030EC30990}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F9DAF48B-B312-49E2-A7DC-82DB47EB4C1F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FE50C93E-E1C8-40E9-A50A-C71C7965C8C0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{FFF466E0-590C-4521-AF72-76E490E40A3E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"TCP Query User{92635BB4-89D6-435A-9024-8A2980C5AB24}C:\program files (x86)\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qvodplayer\qvodterminal.exe |
"TCP Query User{93238D3E-A0A3-4A6B-9DF6-4EFEBC006000}C:\users\darin\downloads\qvodsetup3.exe" = protocol=6 | dir=in | app=c:\users\darin\downloads\qvodsetup3.exe |
"TCP Query User{AECCEBC8-D55E-4BF6-B436-689A0F45F181}C:\program files (x86)\kuaiwan\kuaiwan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kuaiwan\kuaiwan.exe |
"TCP Query User{C11A66EB-ADE7-4F77-9257-32FC10C23F07}C:\users\darin\downloads\qvodsetup3 (1).exe" = protocol=6 | dir=in | app=c:\users\darin\downloads\qvodsetup3 (1).exe |
"TCP Query User{FDE868C5-74BA-4A64-83ED-17368599F360}C:\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\qvodplayer\qvodterminal.exe |
"UDP Query User{145F2D21-1F70-4B68-BD8D-41EB9FB1EF9F}C:\program files (x86)\kuaiwan\kuaiwan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kuaiwan\kuaiwan.exe |
"UDP Query User{2B5E3D07-B539-4DE7-BABE-1E283EF95C5C}C:\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\qvodplayer\qvodterminal.exe |
"UDP Query User{3C7E24AA-E164-4298-9A84-3B343E6F34C6}C:\users\darin\downloads\qvodsetup3 (1).exe" = protocol=17 | dir=in | app=c:\users\darin\downloads\qvodsetup3 (1).exe |
"UDP Query User{99DFEB8F-A976-4879-932B-A7378A7E451E}C:\program files (x86)\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qvodplayer\qvodterminal.exe |
"UDP Query User{EF5E697D-675F-40D4-AE2A-706848A2399B}C:\users\darin\downloads\qvodsetup3.exe" = protocol=17 | dir=in | app=c:\users\darin\downloads\qvodsetup3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{295CE5B3-1292-49C2-AC4D-42870D4020DC}" = Autodesk SketchBook Designer 2012
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{84BC87D4-0480-4E10-B15D-1E7886D55180}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AC3E3746-8F18-4F8A-9521-1493022C6E0A}" = Autodesk DirectConnect 2012 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C5275885-A706-41DB-BC3B-4082CA8BEE1D}" = Autodesk Alias Automotive 2012 64-bit
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C9F1014C-B9E6-4FF1-972B-BB6D4D22E300}" = Autodesk Alias 2012 64-bit
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{E51A1789-9C20-43FC-AF13-C7AC29FAF111}" = AVG 2012
"{E5562534-FD05-47C5-9E6B-A39B03DFE0A1}" = Autodesk Alias 2012 Documentation 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Autodesk Alias 2012 64-bit" = Autodesk Alias 2012 64-bit
"Autodesk Alias 2012 Documentation 64-bit" = Autodesk Alias 2012 Documentation 64-bit
"Autodesk Alias Automotive 2012 64-bit" = Autodesk Alias Automotive 2012 64-bit
"Autodesk DirectConnect 2012 64-bit" = Autodesk DirectConnect 2012 64-bit
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk SketchBook Designer 2012" = Autodesk SketchBook Designer 2012
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37476589-E48E-439E-A706-56189E2ED4C4}" = TheBflix
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AA75ADB-113C-4FA1-954E-DD3E76BC1524}" = D-Link Wireless 150 USB Adapter DWA-125
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5EE83279-5FEA-4885-823A-B90C23A72DF0}" = D-Link Wireless 150 USB Adapter DWA-125
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = Hawking HWDN2 Hi-Gain Wireless-N USB Dish Adapter Driver and Utility
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}" = Corel Painter IX
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{EFEDD205-43FE-4208-B682-0937E803E19E}_is1" = NexusFont 2.5 (ver 2.5.7.1562)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f531dd03-45ef-45e9-ab97-2a0ab4f14907}" = Nero 9 Essentials
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"" = 4.7.2
"Adobe AIR" = Adobe AIR
"AVG Secure Search" = AVG Security Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Easy CD-DA Extractor 15" = Easy CD-DA Extractor 15
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = CyberLink PowerCinema
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Lucky Video Converter" = Lucky Video Converter
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"QvodPlayer" = 첥 5.0
"RealAlt_is1" = Real Alternative 2.0.2
"RMVB Player_is1" = RMVB Player 1.0.1
"TurboTax 2011" = TurboTax 2011
"uTorrent" = Torrent
"WildTangent gateway Master Uninstall" = Gateway Games
"WinLiveSuite" = Windows Live Essentials
"XviD & MP3 Codec Pack_is1" = XviD & MP3 Codec Pack (remove only)
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/5/2011 9:14:18 PM | Computer Name = darin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 10/5/2011 9:15:06 PM | Computer Name = darin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/5/2011 9:15:06 PM | Computer Name = darin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/5/2011 9:15:06 PM | Computer Name = darin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/5/2011 9:15:06 PM | Computer Name = darin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/6/2011 2:57:15 AM | Computer Name = darin-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/6/2011 11:43:58 PM | Computer Name = darin-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 4/29/2012 4:08:50 PM | Computer Name = darin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:05:37 PM on ?4/?29/?2012 was unexpected.

Error - 4/29/2012 4:08:32 PM | Computer Name = darin-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 4/29/2012 4:09:10 PM | Computer Name = darin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32

Error - 4/29/2012 6:09:11 PM | Computer Name = darin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:38:50 PM on ?4/?29/?2012 was unexpected.

Error - 4/29/2012 6:08:52 PM | Computer Name = darin-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 4/29/2012 6:09:38 PM | Computer Name = darin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32

Error - 4/30/2012 4:43:55 AM | Computer Name = darin-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:39:13 AM on ?4/?30/?2012 was unexpected.

Error - 4/30/2012 4:43:57 AM | Computer Name = darin-PC | Source = BugCheck | ID = 1001
Description =

Error - 4/30/2012 4:43:34 AM | Computer Name = darin-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 4/30/2012 4:44:32 AM | Computer Name = darin-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32


< End of report >



THank you- D-

Attached Files



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:18 PM

Posted 30 April 2012 - 06:54 PM

Please run MBAM and SAS, which should remove the adware

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


And

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Posted Image
m0le is a proud member of UNITE

#7 holte

holte
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 01 May 2012 - 02:23 AM

Thanks very much mOle! Removed all infected files and everything looks clean. Appreciate the help.

Best! Darin

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:18 PM

Posted 01 May 2012 - 07:41 PM

Hi Darin,

I'm glad everything looks good but I can't leave it at that without seeing the logs to see what has been removed. Also, there are other things which need to be cleared up to avoid things such as reinfection.
Posted Image
m0le is a proud member of UNITE

#9 holte

holte
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 02 May 2012 - 04:24 AM

Sounds good - below are details from logs. Also, attached is an image from my AVG where i moved a trojan horse agent3 into vault. Is it ok for it to stay quarentined like that?
Good part is the Auto desk 3d appAttached File  AVG vault.jpg   196.98KB   2 downloads it came from seems to work fine. Thanks again mOle. D-


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
darin :: DARIN-PC [administrator]

4/30/2012 9:33:53 PM
mbam-log-2012-04-30 (21-33-53).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 455415
Time elapsed: 1 hour(s), 2 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 25
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (Adware.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{53AC8551-0DE0-4606-8A1E-A51AF20ADD60} (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker.1 (Adware.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker (Adware.Funshion) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (Adware.Funshion) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77FEF28E-EB96-44FF-B511-3185DEA48697} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A7F05EE4-0426-454F-8013-C41E3596E9E9} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46} (Adware.BDSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{271AF871-88FD-41A4-AFB7-FF6CFF038410} (PUP.BFlix) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{271AF871-88FD-41A4-AFB7-FF6CFF038410} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{271AF871-88FD-41A4-AFB7-FF6CFF038410} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{271AF871-88FD-41A4-AFB7-FF6CFF038410} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{271AF871-88FD-41A4-AFB7-FF6CFF038410} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.BFlix) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4} (PUP.BFlix) -> Quarantined and deleted successfully.
HKCU\Software\Baidu (Adware.Bdsearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Baidu (Trojan.Cinmus) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Data: eπQI?p?ʎ -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{B580CF65-E151-49C3-B73F-70B13FCA8E86} (Trojan.Cinmus) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\TheBflix (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data (PUP.BFlix) -> Quarantined and deleted successfully.

Files Detected: 17
C:\Users\darin\AppData\Local\Temp\CSMFB8D.tmp (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\Users\darin\AppData\Local\Temp\43360555.Uninstall\Uninstall.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
C:\Users\darin\AppData\Local\Temp\53165281.Uninstall\Uninstall.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
C:\Users\darin\AppData\Local\Temp\is1373634743\IWantThis_US.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Users\darin\Downloads\MediaPlayerSetup.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
C:\Users\darin\Downloads\RMVBPlayerSetup.exe (PUP.Adware.RKN) -> Quarantined and deleted successfully.
C:\Users\darin\Downloads\SoftonicDownloader_for_gom-player (1).exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Users\darin\Downloads\SoftonicDownloader_for_gom-player.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Users\darin\Downloads\VideoConverterSetup.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\bhoclass.dll (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\hjakmojkcnhgipgkkbiempkfdndcnlah.crx (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\uninstall.exe (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
C:\ProgramData\TheBflix\data\jsondb.js (PUP.BFlix) -> Quarantined and deleted successfully.

(end)


____________________________________________________________________________________________________________________________



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/30/2012 at 11:43 PM

Application Version : 5.0.1148

Core Rules Database Version : 8535
Trace Rules Database Version: 6347

Scan type : Complete Scan
Total Scan Time : 00:50:12

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 548
Memory threats detected : 0
Registry items scanned : 65906
Registry threats detected : 37
File items scanned : 75448
File threats detected : 524

Adware.Tracking Cookie
C:\Users\darin\AppData\Roaming\Microsoft\Windows\Cookies\GNGDFUTX.txt [ /statcounter.com ]
C:\Users\darin\AppData\Roaming\Microsoft\Windows\Cookies\SWPDZYU3.txt [ /doubleclick.net ]
C:\Users\darin\AppData\Roaming\Microsoft\Windows\Cookies\BPL1MLG5.txt [ /mmstat.com ]
C:\Users\darin\AppData\Roaming\Microsoft\Windows\Cookies\JZ8TQ0DY.txt [ /atdmt.com ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\290SGBTM.txt [ Cookie:darin@ad.yieldmanager.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SQUSW90L.txt [ Cookie:darin@adsonar.com/adserving ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3ZLXESYU.txt [ Cookie:darin@mediaplex.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QHBZL0WD.txt [ Cookie:darin@msn.com/media/video/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\EYSYQKCF.txt [ Cookie:darin@adinterax.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\18EHQBRM.txt [ Cookie:darin@h.atdmt.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\F0I7JWBJ.txt [ Cookie:darin@adxpose.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0K84U7E9.txt [ Cookie:darin@casalemedia.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4621Z70E.txt [ Cookie:darin@ads.pointroll.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\L0BBK493.txt [ Cookie:darin@doubleclick.net/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QXY6ZJTA.txt [ Cookie:darin@zedo.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PKZOP9N0.txt [ Cookie:darin@pro-market.net/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TCMDPE7C.txt [ Cookie:darin@interclick.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5HYS9ZRN.txt [ Cookie:darin@invitemedia.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PPAKL1HT.txt [ Cookie:darin@accounts.google.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\22BDDBXO.txt [ Cookie:darin@media6degrees.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\V7VXDCMV.txt [ Cookie:darin@adserver.adtechus.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VKMA3EKQ.txt [ Cookie:darin@a1.interclick.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4XY6806L.txt [ Cookie:darin@imrworldwide.com/cgi-bin ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6U4CJOO5.txt [ Cookie:darin@c.atdmt.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MWPMNXPO.txt [ Cookie:darin@serving-sys.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\66G15ZCS.txt [ Cookie:darin@lucidmedia.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8L8H924L.txt [ Cookie:darin@yieldmanager.net/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5S4YYI87.txt [ Cookie:darin@tribalfusion.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\RKPHN3BS.txt [ Cookie:darin@questionmarket.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5JVBT2JM.txt [ Cookie:darin@advertising.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9RTCT5PF.txt [ Cookie:darin@apmebf.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BZ529OUQ.txt [ Cookie:darin@akamai.interclickproxy.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\M5NYFIQ9.txt [ Cookie:darin@atdmt.com/ ]
C:\USERS\DARIN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OMKC3OZ8.txt [ Cookie:darin@pointroll.com/ ]
C:\USERS\DARIN\Cookies\GNGDFUTX.txt [ Cookie:darin@statcounter.com/ ]
C:\USERS\DARIN\Cookies\SWPDZYU3.txt [ Cookie:darin@doubleclick.net/ ]
C:\USERS\DARIN\Cookies\JZ8TQ0DY.txt [ Cookie:darin@atdmt.com/ ]
.adinterax.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtech.de [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fls.doubleclick.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fls.doubleclick.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads2.zeusclicks.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbooth.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xxxdessert.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xxxdessert.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.yieldmanager.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.yieldmanager.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cdmedia.rotator.hadj7.adjuggler.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.ed.cupidplc.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citi.bridgetrack.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citi.bridgetrack.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citi.bridgetrack.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citi.bridgetrack.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
rotator.adjuggler.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
clicks.thespecialsearch.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.gamersmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.clickability.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.bridgetrack.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.game-advertising-online.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.xiti.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bizrate.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.employmentscape.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.app.insightgrit.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ajpn.rotator.hadj1.adjuggler.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ajpn.rotator.hadj1.adjuggler.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.gamersmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.timeinc.122.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gsicace.112.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gsimedia.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eventbrite.122.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citi.bridgetrack.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.citi.bridgetrack.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mmstat.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ero-advertising.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.ventivmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad.doubleclick.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adfrontiers.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.harrenmedianetwork.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.surfline.112.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
tracking.waterfrontmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.azjmp.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediamm.sitecompass.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediamm.sitecompass.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediamm.sitecompass.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.bridgetrack.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nandomedia.112.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
dc.tremormedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.clickability.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kiplinger.112.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eyewonder.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adserver2.exgfnetwork.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nextag.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.andomedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.avgtechnologies.112.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
s04.flagcounter.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yadro.ru [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.kat.ph [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.myroitracking.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clicksor.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
wstat.wibiya.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.qnsr.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
o1.qnsr.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.qsstats.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.qsstats.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tokyoporn.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tokyoporn.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.banners.bookofsex.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.dirtysexnet.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.dirtysexnet.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.porncj.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.porncj.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
go.trafficshop.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpansion.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.japanesesexmovs.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
rotator.adjuggler.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findtherightjob.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findtherightjob.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findtherightjob.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findtherightjob.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstbeacon.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstbeacon.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.saymedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ad-g.doubleclick.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
openx1.overadmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fisherinvestments.112.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
lovecomm.rotator.hadj7.adjuggler.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
lovecomm.rotator.hadj7.adjuggler.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.googleads.g.doubleclick.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.www.burstnet.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adfarm1.adition.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad2.adfarm1.adition.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.unrulymedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
srv.clickfuse.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.msnportal.112.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads.saymedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
statse.webtrendslive.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.sexpillguru.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stats.sexpillguru.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media2.legacy.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media2.legacy.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media2.legacy.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickfuse.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.traveladvertising.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lfstmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media.adfrontiers.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cdmedia.rotator.hadj7.adjuggler.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.intermundomedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.micklemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.network.realmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adinterax.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.googleadservices.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstnet.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediaservices-d.openxenterprise.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sexad.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.syndication.traffichaus.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.syndication.traffichaus.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.exoclick.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mm.chitika.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.visualrevenue.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atwola.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.martiniadnetwork.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\DARIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
8tracks.com [ C:\USERS\DARIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96JQJ7P3 ]
adserv6.com [ C:\USERS\DARIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96JQJ7P3 ]
content.yieldmanager.edgesuite.net [ C:\USERS\DARIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96JQJ7P3 ]
convoad.technoratimedia.com [ C:\USERS\DARIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96JQJ7P3 ]
data-ero-advertising.com [ C:\USERS\DARIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96JQJ7P3 ]
ia.media-imdb.com [ C:\USERS\DARIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96JQJ7P3 ]
media.adxpansion.com [ C:\USERS\DARIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96JQJ7P3 ]
media.autoline.tv [ C:\USERS\DARIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96JQJ7P3 ]
secure-us.imrworldwide.com [ C:\USERS\DARIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96JQJ7P3 ]
stat.easydate.biz [ C:\USERS\DARIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96JQJ7P3 ]
stat.ed.cupidplc.com [ C:\USERS\DARIN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\96JQJ7P3 ]
.atdmt.com [ C:\USERS\DARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2RVIONO.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\DARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2RVIONO.DEFAULT\COOKIES.SQLITE ]
.mmstat.com [ C:\USERS\DARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2RVIONO.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\DARIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q2RVIONO.DEFAULT\COOKIES.SQLITE ]

Trace.Known Threat Sources
C:\USERS\DARIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZOF5OJK\logo[1].png [ cache:webfile ]
C:\USERS\DARIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5KFTHB4\img[1].png [ cache:webfile ]
C:\USERS\DARIN\Local Settings\Temporary Internet Files\Content.IE5\8ZOF5OJK\logo[1].png [ cache:webfile ]
C:\USERS\DARIN\Local Settings\Temporary Internet Files\Content.IE5\K5KFTHB4\img[1].png [ cache:webfile ]

Adware.Qvod
(x86) HKU\S-1-5-21-890904897-2922591048-3828146287-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}#AppID
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\Control
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\Implemented Categories
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\InprocServer32
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\InprocServer32#ThreadingModel
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\MiscStatus
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\MiscStatus\1
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ProgID
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\Programmable
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\ToolboxBitmap32
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\TypeLib
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\Version
(x86) HKCR\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}\VersionIndependentProgID
(x86) HKCR\QvodInsert.QvodCtrl.1
(x86) HKCR\QvodInsert.QvodCtrl.1\CLSID
(x86) HKCR\QvodInsert.QvodCtrl
(x86) HKCR\QvodInsert.QvodCtrl\CLSID
(x86) HKCR\QvodInsert.QvodCtrl\CurVer
(x86) HKCR\TypeLib\{C50D35A7-2515-4219-BC15-CBD2955EAE68}
(x86) HKCR\TypeLib\{C50D35A7-2515-4219-BC15-CBD2955EAE68}\1.0
(x86) HKCR\TypeLib\{C50D35A7-2515-4219-BC15-CBD2955EAE68}\1.0\0
(x86) HKCR\TypeLib\{C50D35A7-2515-4219-BC15-CBD2955EAE68}\1.0\0\win32
(x86) HKCR\TypeLib\{C50D35A7-2515-4219-BC15-CBD2955EAE68}\1.0\FLAGS
(x86) HKCR\TypeLib\{C50D35A7-2515-4219-BC15-CBD2955EAE68}\1.0\HELPDIR
C:\USERS\DARIN\NPQVODINSERT.DLL
C:\USERS\DARIN\CODECS\QVODSOURCE.DLL
C:\USERS\DARIN\NETAGENT.DLL
C:\USERS\DARIN\QVODNET.DLL
(x86) HKCR\Interface\{329C81B5-1C8D-404E-BDC4-975046C1F878}
(x86) HKCR\Interface\{329C81B5-1C8D-404E-BDC4-975046C1F878}\ProxyStubClsid32
(x86) HKCR\Interface\{329C81B5-1C8D-404E-BDC4-975046C1F878}\TypeLib
(x86) HKCR\Interface\{329C81B5-1C8D-404E-BDC4-975046C1F878}\TypeLib#Version
(x86) HKCR\Interface\{490E61A7-0767-4CB2-BD78-C8944902CB4F}
(x86) HKCR\Interface\{490E61A7-0767-4CB2-BD78-C8944902CB4F}\ProxyStubClsid32
(x86) HKCR\Interface\{490E61A7-0767-4CB2-BD78-C8944902CB4F}\TypeLib
(x86) HKCR\Interface\{490E61A7-0767-4CB2-BD78-C8944902CB4F}\TypeLib#Version

Heur.Agent/Gen-WhiteBox
C:\USERS\DARIN\APPDATA\LOCAL\TEMP\OLD\SETUPUM_TANXIN41.EXE
C:\USERS\DARIN\APPDATA\LOCAL\TEMP\OLD\XITAOTAO_SETUP1.EXE
C:\USERS\DARIN\APPDATA\LOCAL\TEMP\SETUPUM_TANXIN41.EXE
C:\USERS\DARIN\APPDATA\LOCAL\TEMP\XITAOTAO_SETUP1.EXE

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:18 PM

Posted 02 May 2012 - 05:07 PM

I would advise one more scan. It's an online scan and can take some time but it's very thorough and will remove remnants that none of the tools so far have targeted.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.

If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.
Posted Image
m0le is a proud member of UNITE

#11 holte

holte
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 03 May 2012 - 03:53 AM

Hey there mOle: It looks like two files were found and removed. What do you think-
is it clean?

Thanks again- great service and appreciate all the help.

D-

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f90c4a79fb79ba4d949e317a7a07be96
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-03 01:41:11
# local_time=2012-05-02 06:41:11 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1024 16777215 100 0 18141226 18141226 0 0
# compatibility_mode=5893 16776574 100 94 35875918 87547062 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=273041
# found=2
# cleaned=2
# scan_time=5659
C:\Users\darin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\darin\AppData\Local\Temp\is1373634743\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:18 PM

Posted 03 May 2012 - 05:58 PM

Yes, you're clean so let's do a final clear-up and send you on your way...

You're clean. Good stuff! :thumbup2:

Let's do some clearing up

If you used DeFogger now is the time to enable your CD emulation software again.

We Need to Clean Up our Mess
Download and Run OTC

We will now remove the tools we used during this fix using OTC.

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Use and update your AntiVirus Software

You must have a good antivirus. There are plenty to choose from but I personally recommend the free options of Avast and Avira Antivir - though if you choose Avira you should make sure that you uncheck the box offering to install the Ask toolbar. If you want to purchase a security program then I recommend any of the following: AVG, Norton, McAfee, Kaspersky and ESET Nod32.

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

Use this next program to check for updates for programs already on your system. Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically, make sure that updates on any that are flagged are carried out as soon as possible

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it holte, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#13 holte

holte
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 07 May 2012 - 02:58 AM

Thanks again mOle for all your help.

Best regards!! D-

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:18 PM

Posted 07 May 2012 - 06:42 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users