Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse BackDoor.Generic


  • This topic is locked This topic is locked
8 replies to this topic

#1 kking611

kking611

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 16 July 2012 - 08:21 PM

I have posted to this site once before and you guys were all so great that I figured you are the best to help again. I recently just started to get AVG popups saying "Threat Detected" It looks as if the Threat Name is slightly different or I may be imagining this (I wasn't, see below), I will keep a closer eye on this now that I have started to look into it. AVG reports
File name: c:\users\hope\appdata\local\{f10a8889-e06b-1248-98ed-b532ff8ad06a}\n
Threat name: Trojan horse BackDoor.Generic15.BHGZ
(just got the below one to popup)
File name: c:\Windows\System32\services.exe
Threat name: Trojan horse Dropper.Generic_c.MMI

It comes up randomly when a browser is already open but I seem to be able to pretty reliably force it by opening firefox. It actively blocks AV sites like Malwarebytes ect so it will take a little more effort to download programs for your logs but I am more than happy to run back and forth between computers as needed.

As far as system info this is a Win7 64bit system. I do have a win 8 Partition that was done semi recently but I cant say immediately before the problem started, I don't know that anything else has been installed recently.

Please let me know the next steps to take and I will happily follow your guidance.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:59 PM

Posted 16 July 2012 - 08:29 PM

Hello kking,probably because c.MMI is dropping other malwares in.

Dropper.Generic_c.MMI has the ability to download many other malwares, backdoor Trojans or worms so you should change all passwords when done.

Lets run a few tools and look at the logs please.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

>>>>


Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click on Change Parameters
  • Put a check in the box of Detect TDLFS file system
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log has a name like: TDSSKiller.Version_Date_Time_log.txt.


>>>>>

Next run Superantisypware (SAS):

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.


Finally run ESET and tell me how it is running after......

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 kking611

kking611
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 17 July 2012 - 09:47 AM

Thanks for the quick reply. Here are my results.

Minitoolbox result.txt

I did have the same error message pop up 3 times, here is what it said.
"The ordinal 1108 could not be located in the dynamic link library WSOCK32.dll."
Other than that it seemed to run fine.

MiniToolBox by Farbar Version: 15-07-2012
Ran by Hope (administrator) on 16-07-2012 at 20:38:50
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR5B93 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Hope-Laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 76-1A-04-C5-D8-65
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-26-2D-77-09-44
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a486:eff8:4ad5:753c%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.16(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, July 16, 2012 7:23:07 AM
Lease Expires . . . . . . . . . . : Tuesday, July 17, 2012 7:23:07 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 335554093
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-D6-05-AF-70-1A-04-C5-D8-65
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5B93 Wireless Network Adapter
Physical Address. . . . . . . . . : 70-1A-04-C5-D8-65
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8dda:2609:c5e1:d27c%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.7(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, July 16, 2012 7:23:14 AM
Lease Expires . . . . . . . . . . : Tuesday, July 17, 2012 6:25:49 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 191896068
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-D6-05-AF-70-1A-04-C5-D8-65
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{D16F9665-84D3-415B-BDD1-03D838520402}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{9194802F-5280-472D-9E65-1C37971DFD9A}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5940A364-96B9-4961-946F-7F6ED3FB8CE9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.224.135] with 32 bytes of data:
Reply from 74.125.224.135: bytes=32 time=33ms TTL=55
Reply from 74.125.224.135: bytes=32 time=34ms TTL=55

Ping statistics for 74.125.224.135:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 33ms, Maximum = 34ms, Average = 33ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=81ms TTL=52
Reply from 209.191.122.70: bytes=32 time=83ms TTL=52

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 81ms, Maximum = 83ms, Average = 82ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...76 1a 04 c5 d8 65 ......Microsoft Virtual WiFi Miniport Adapter
12...00 26 2d 77 09 44 ......Broadcom NetLink ™ Gigabit Ethernet
11...70 1a 04 c5 d8 65 ......Atheros AR5B93 Wireless Network Adapter
1...........................Software Loopback Interface 1
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.16 10
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.7 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.16 266
192.168.1.0 255.255.255.0 On-link 192.168.1.7 281
192.168.1.7 255.255.255.255 On-link 192.168.1.7 281
192.168.1.16 255.255.255.255 On-link 192.168.1.16 266
192.168.1.255 255.255.255.255 On-link 192.168.1.16 266
192.168.1.255 255.255.255.255 On-link 192.168.1.7 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.16 266
224.0.0.0 240.0.0.0 On-link 192.168.1.7 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.16 266
255.255.255.255 255.255.255.255 On-link 192.168.1.7 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 266 fe80::/64 On-link
11 281 fe80::/64 On-link
11 281 fe80::8dda:2609:c5e1:d27c/128
On-link
12 266 fe80::a486:eff8:4ad5:753c/128
On-link
1 306 ff00::/8 On-link
12 266 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
x64-Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 02 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [450008] (PC Tools Research Pty Ltd.)
x64-Catalog9 02 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [450008] (PC Tools Research Pty Ltd.)
x64-Catalog9 03 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [450008] (PC Tools Research Pty Ltd.)
x64-Catalog9 04 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [450008] (PC Tools Research Pty Ltd.)
x64-Catalog9 05 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [450008] (PC Tools Research Pty Ltd.)
x64-Catalog9 06 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [450008] (PC Tools Research Pty Ltd.)
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog9 11 mswsock.dll [File Not found] ()
x64-Catalog9 12 mswsock.dll [File Not found] ()
x64-Catalog9 13 mswsock.dll [File Not found] ()
x64-Catalog9 14 mswsock.dll [File Not found] ()
x64-Catalog9 15 mswsock.dll [File Not found] ()
x64-Catalog9 16 mswsock.dll [File Not found] ()
x64-Catalog9 17 mswsock.dll [File Not found] ()
x64-Catalog9 18 C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll [450008] (PC Tools Research Pty Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/16/2012 06:07:48 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 12.0.0.4493 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2ad4

Start Time: 01cd63b87c83027b

Termination Time: 46

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: cab31090-cfab-11e1-9692-00262d770944

Error: (07/16/2012 11:19:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: jscript9.dll_unloaded, version: 0.0.0.0, time stamp: 0x4fc9cfc6
Exception code: 0xc0000005
Fault offset: 0x6786c775
Faulting process id: 0x1fd8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (07/16/2012 10:20:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/16/2012 10:15:34 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"1".
Dependent Assembly NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2012 11:25:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version: 11.3.300.265, time stamp: 0x4febd5ac
Faulting module name: NPSWF32_11_3_300_265.dll, version: 11.3.300.265, time stamp: 0x4febd798
Exception code: 0xc0000005
Fault offset: 0x000172ac
Faulting process id: 0x2640
Faulting application start time: 0xFlashPlayerPlugin_11_3_300_265.exe0
Faulting application path: FlashPlayerPlugin_11_3_300_265.exe1
Faulting module path: FlashPlayerPlugin_11_3_300_265.exe2
Report Id: FlashPlayerPlugin_11_3_300_265.exe3

Error: (07/15/2012 07:12:17 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 12.0.0.4493 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1aa4

Start Time: 01cd62f7a47cdf60

Termination Time: 20

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 9dc17699-ceeb-11e1-865f-00262d770944

Error: (07/15/2012 04:02:50 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/15/2012 04:01:59 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"1".
Dependent Assembly NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/15/2012 03:24:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (07/15/2012 03:22:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0"1".
Dependent Assembly NeroAPIFiles,processorArchitecture="x86",type="win32",version="9.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/16/2012 06:07:26 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/16/2012 06:07:26 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/16/2012 05:47:03 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/16/2012 05:47:02 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (07/16/2012 07:25:19 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (07/16/2012 07:25:19 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (07/16/2012 07:24:10 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/16/2012 07:23:18 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

Error: (07/16/2012 07:23:13 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (07/16/2012 07:23:13 AM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader 9.1 MUI (Version: 9.1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Amazon Kindle
AMD USB Filter Driver (Version: 1.0.11.86)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.732.0)
AVG 2012 (Version: 12.0.2195)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2195)
Backup Manager Basic (Version: 2.0.0.29)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit NetLink Controller (Version: 12.26.02)
Brother MFL-Pro Suite MFC-J410W (Version: 0.0.1.0)
Canon DIGITAL CAMERA Solution Disk Software Guide (Version: 1.4.0.1)
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.9.0.9)
Canon MOV Decoder (Version: 1.8.0.7)
Canon MOV Encoder (Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.7.0.4)
Canon PowerShot ELPH 100 HS_IXUS 115 HS Camera User Guide (Version: 1.0.0.1)
Canon Utilities CameraWindow DC 8 (Version: 8.4.0.3)
Canon Utilities CameraWindow Launcher (Version: 7.5.0.2)
Canon Utilities Movie Uploader for YouTube (Version: 1.2.0.7)
Canon Utilities MyCamera (Version: 7.4.0.2)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.5.0.9)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0729.2227.38498)
Catalyst Control Center Graphics Full Existing (Version: 2009.0729.2227.38498)
Catalyst Control Center Graphics Full New (Version: 2009.0729.2227.38498)
Catalyst Control Center Graphics Light (Version: 2009.0729.2227.38498)
Catalyst Control Center InstallProxy (Version: 2009.0729.2227.38498)
Catalyst Control Center Localization All (Version: 2009.0729.2227.38498)
ccc-core-static (Version: 2009.0729.2227.38498)
ccc-utility64 (Version: 2009.0729.2227.38498)
CCC Help Chinese Standard (Version: 2009.0729.2226.38498)
CCC Help Chinese Traditional (Version: 2009.0729.2226.38498)
CCC Help Czech (Version: 2009.0729.2226.38498)
CCC Help Danish (Version: 2009.0729.2226.38498)
CCC Help Dutch (Version: 2009.0729.2226.38498)
CCC Help English (Version: 2009.0729.2226.38498)
CCC Help Finnish (Version: 2009.0729.2226.38498)
CCC Help French (Version: 2009.0729.2226.38498)
CCC Help German (Version: 2009.0729.2226.38498)
CCC Help Greek (Version: 2009.0729.2226.38498)
CCC Help Hungarian (Version: 2009.0729.2226.38498)
CCC Help Italian (Version: 2009.0729.2226.38498)
CCC Help Japanese (Version: 2009.0729.2226.38498)
CCC Help Korean (Version: 2009.0729.2226.38498)
CCC Help Norwegian (Version: 2009.0729.2226.38498)
CCC Help Polish (Version: 2009.0729.2226.38498)
CCC Help Portuguese (Version: 2009.0729.2226.38498)
CCC Help Russian (Version: 2009.0729.2226.38498)
CCC Help Spanish (Version: 2009.0729.2226.38498)
CCC Help Swedish (Version: 2009.0729.2226.38498)
CCC Help Thai (Version: 2009.0729.2226.38498)
CCC Help Turkish (Version: 2009.0729.2226.38498)
CDBurnerXP (Version: 4.4.0.3018)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.98.9.0)
Construction Destruction
Coupon Printer for Windows (Version: 5.0.0.0)
Curse Client (Version: 4.0.1.260)
CyberLink PowerDVD 8 (Version: 8.0.3402)
D3DX10 (Version: 15.4.2368.0902)
Diablo III (Version: 1.0.3.10235)
Direct Show Ogg Vorbis Filter (remove only)
DVD Shrink 3.2
EPSON NX410 Series Printer Uninstall
EPSON Scan
Facebook Video Calling 1.2.0.159 (Version: 1.2.159)
Gates of Andaron
Gateway InfoCentre (Version: 3.02.3000)
Gateway MyBackup (Version: 2.0.0.29)
Gateway Power Management (Version: 4.05.3004)
Gateway Recovery Management (Version: 4.05.3005)
Gateway Registration (Version: 1.02.3006)
Gateway ScreenSaver (Version: 1.6.0730)
Gateway Updater (Version: 1.01.3017)
Google Chrome (Version: 20.0.1132.57)
Google Update Helper (Version: 1.3.21.115)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.56)
HP Deskjet 1000 J110 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 1000 J110 series Help (Version: 140.0.65.65)
HP Deskjet 1000 J110 series Product Improvement Study (Version: 22.50.231.0)
HP Photo Creations (Version: 1.0.0.3781)
HP Update (Version: 5.002.006.003)
Identity Card (Version: 1.00.3002)
iTunes (Version: 10.6.0.40)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 16 (Version: 6.0.160)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 7 (64-bit) (Version: 7.0.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 3.0.04)
League of Legends (Version: 1.3)
LG PC Suite (Version: 2.00.0000)
LG United Mobile Driver (Version: 3.6.0.0)
Malwarebytes' Anti-Malware
Managed DirectX (0900) (Version: 4.09.00.0900)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008 Browser (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Management Objects (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Native Client (Version: 10.0.1600.22)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Setup Support Files (English) (Version: 10.0.1600.22)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP1 English (Version: 3.5.5692.0)
Microsoft SQL Server VSS Writer (Version: 10.0.1600.22)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.30729)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (Version: 1)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011)
Microsoft Works (Version: 9.7.0621)
MotoHelper 2.0.51 Driver 5.1.0 (Version: 2.0.51)
MotoHelper MergeModules (Version: 1.2.0)
MOTOROLA MEDIA LINK (Version: 1.2.8200.9)
Motorola Mobile Drivers Installation 5.1.0 (Version: 5.1.0)
Move Media Player
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nielsen
OpenOffice.org 3.1 (Version: 3.1.9420)
Pando Media Booster (Version: 2.6.0.7)
QuickTime (Version: 7.66.71.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30104)
RealUpgrade 1.1 (Version: 1.1.0)
RIFT (Version: 1.0.0)
Roxio Burn (Version: 1.2)
Roxio Burn (Version: 1.2.0)
Roxio Update Manager (Version: 6.0.0)
Samsung Kies (Version: 2.3.2.12064_9)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0)
Skype™ 5.8 (Version: 5.8.158)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22)
SQL Server System CLR Types (Version: 10.0.1600.22)
Synaptics Pointing Device Driver (Version: 14.0.6.0)
Tag&Rename 3.5.6 (Version: 3.5.6)
TeamSpeak 2 RC2 (Version: 2.0.32.60)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.2.1.800)
Unity Web Player (Version: 2.6.1f3_31223)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Video Web Camera (Version: 1.7.78.1120)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Welcome Center (Version: 1.00.3009)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) (Version: 09/11/2009 6.2.0.9407)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Wizard101 (Version: 1.0.0)
World of Warcraft (Version: 4.3.4.15595)

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 3838.36 MB
Available physical RAM: 2614.78 MB
Total Pagefile: 7674.86 MB
Available Pagefile: 5863.77 MB
Total Virtual: 4095.88 MB
Available Virtual: 3959.61 MB

========================= Partitions: =====================================

1 Drive c: (218) (Fixed) (Total:276.42 GB) (Free:110.14 GB) NTFS
2 Drive d: (HRC_CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:3.27 GB) (Free:0 GB) UDF
3 Drive m: (Windows8) (Fixed) (Total:177.52 GB) (Free:150.34 GB) NTFS

========================= Users: ========================================

User accounts for \\HOPE-LAPTOP

Administrator Guest Hope


**** End of log ****




TDSSKILLER

Did not need reboot, reports it didnt find anything. Log below...

20:46:58.0210 5580 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
20:46:58.0811 5580 ============================================================
20:46:58.0811 5580 Current date / time: 2012/07/16 20:46:58.0811
20:46:58.0811 5580 SystemInfo:
20:46:58.0811 5580
20:46:58.0811 5580 OS Version: 6.1.7600 ServicePack: 0.0
20:46:58.0811 5580 Product type: Workstation
20:46:58.0812 5580 ComputerName: HOPE-LAPTOP
20:46:58.0813 5580 UserName: Hope
20:46:58.0813 5580 Windows directory: C:\Windows
20:46:58.0813 5580 System windows directory: C:\Windows
20:46:58.0813 5580 Running under WOW64
20:46:58.0813 5580 Processor architecture: Intel x64
20:46:58.0813 5580 Number of processors: 2
20:46:58.0813 5580 Page size: 0x1000
20:46:58.0813 5580 Boot type: Normal boot
20:46:58.0813 5580 ============================================================
20:47:01.0031 5580 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:47:01.0045 5580 ============================================================
20:47:01.0045 5580 \Device\Harddisk0\DR0:
20:47:01.0046 5580 MBR partitions:
20:47:01.0046 5580 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
20:47:01.0046 5580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x228D7030
20:47:01.0065 5580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2407A800, BlocksNum 0x1630B000
20:47:01.0065 5580 ============================================================
20:47:01.0113 5580 C: <-> \Device\Harddisk0\DR0\Partition1
20:47:01.0219 5580 M: <-> \Device\Harddisk0\DR0\Partition2
20:47:01.0219 5580 ============================================================
20:47:01.0220 5580 Initialize success
20:47:01.0220 5580 ============================================================
20:47:06.0618 12988 ============================================================
20:47:06.0618 12988 Scan started
20:47:06.0619 12988 Mode: Manual; TDLFS;
20:47:06.0619 12988 ============================================================
20:47:08.0434 12988 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
20:47:08.0439 12988 1394ohci - ok
20:47:08.0533 12988 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
20:47:08.0542 12988 ACPI - ok
20:47:08.0588 12988 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
20:47:08.0590 12988 AcpiPmi - ok
20:47:08.0862 12988 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:47:08.0870 12988 AdobeFlashPlayerUpdateSvc - ok
20:47:09.0079 12988 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:47:09.0091 12988 adp94xx - ok
20:47:09.0254 12988 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:47:09.0264 12988 adpahci - ok
20:47:09.0335 12988 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:47:09.0340 12988 adpu320 - ok
20:47:09.0401 12988 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:47:09.0405 12988 AeLookupSvc - ok
20:47:09.0579 12988 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
20:47:09.0588 12988 AFD - ok
20:47:09.0652 12988 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
20:47:09.0655 12988 agp440 - ok
20:47:09.0689 12988 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:47:09.0692 12988 ALG - ok
20:47:09.0714 12988 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
20:47:09.0716 12988 aliide - ok
20:47:09.0789 12988 AMD External Events Utility (f238be4fa4e55eb67f17281fadf69851) C:\Windows\system32\atiesrxx.exe
20:47:09.0793 12988 AMD External Events Utility - ok
20:47:09.0806 12988 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
20:47:09.0808 12988 amdide - ok
20:47:09.0841 12988 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:47:09.0843 12988 AmdK8 - ok
20:47:09.0877 12988 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:47:09.0879 12988 AmdPPM - ok
20:47:09.0905 12988 amdsata (12a5062c06e03ff70db47800f91c7a13) C:\Windows\system32\DRIVERS\amdsata.sys
20:47:09.0905 12988 amdsata - ok
20:47:09.0983 12988 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:47:09.0988 12988 amdsbs - ok
20:47:10.0001 12988 amdxata (8a7f289b45ceacac761e14d5fac59eb9) C:\Windows\system32\DRIVERS\amdxata.sys
20:47:10.0003 12988 amdxata - ok
20:47:10.0071 12988 Andbus (48cd7e6520d47d62eab0e6ce3ec30c65) C:\Windows\system32\DRIVERS\lgandbus64.sys
20:47:10.0071 12988 Andbus - ok
20:47:10.0101 12988 AndDiag (08cbacc00d15dcdbbaae1a7c8f231c61) C:\Windows\system32\DRIVERS\lganddiag64.sys
20:47:10.0103 12988 AndDiag - ok
20:47:10.0155 12988 AndGps (cea9a4cd6b3a83428ce8501240833668) C:\Windows\system32\DRIVERS\lgandgps64.sys
20:47:10.0158 12988 AndGps - ok
20:47:10.0205 12988 ANDModem (e2b5663e547fa5e756b253efa8ec8286) C:\Windows\system32\DRIVERS\lgandmodem64.sys
20:47:10.0207 12988 ANDModem - ok
20:47:10.0265 12988 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
20:47:10.0267 12988 AppID - ok
20:47:10.0304 12988 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:47:10.0307 12988 AppIDSvc - ok
20:47:10.0337 12988 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
20:47:10.0340 12988 Appinfo - ok
20:47:10.0447 12988 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:47:10.0451 12988 Apple Mobile Device - ok
20:47:10.0495 12988 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:47:10.0498 12988 arc - ok
20:47:10.0534 12988 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:47:10.0538 12988 arcsas - ok
20:47:10.0555 12988 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:47:10.0557 12988 AsyncMac - ok
20:47:10.0582 12988 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
20:47:10.0584 12988 atapi - ok
20:47:11.0100 12988 athr (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys
20:47:11.0126 12988 athr - ok
20:47:11.0433 12988 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
20:47:11.0437 12988 AtiHdmiService - ok
20:47:12.0896 12988 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
20:47:13.0029 12988 atikmdag - ok
20:47:13.0331 12988 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
20:47:13.0333 12988 AtiPcie - ok
20:47:13.0555 12988 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:47:13.0567 12988 AudioEndpointBuilder - ok
20:47:13.0584 12988 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
20:47:13.0597 12988 AudioSrv - ok
20:47:14.0970 12988 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
20:47:15.0063 12988 AVGIDSAgent - ok
20:47:15.0382 12988 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:47:15.0386 12988 AVGIDSDriver - ok
20:47:15.0441 12988 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
20:47:15.0444 12988 AVGIDSFilter - ok
20:47:15.0465 12988 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
20:47:15.0467 12988 AVGIDSHA - ok
20:47:15.0611 12988 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
20:47:15.0617 12988 Avgldx64 - ok
20:47:15.0651 12988 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
20:47:15.0654 12988 Avgmfx64 - ok
20:47:15.0733 12988 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
20:47:15.0735 12988 Avgrkx64 - ok
20:47:15.0839 12988 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
20:47:15.0847 12988 Avgtdia - ok
20:47:16.0020 12988 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:47:16.0026 12988 avgwd - ok
20:47:16.0174 12988 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
20:47:16.0181 12988 AxInstSV - ok
20:47:16.0345 12988 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:47:16.0355 12988 b06bdrv - ok
20:47:16.0449 12988 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:47:16.0455 12988 b57nd60a - ok
20:47:16.0796 12988 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:47:16.0818 12988 BCM43XX - ok
20:47:17.0092 12988 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:47:17.0095 12988 BDESVC - ok
20:47:17.0165 12988 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:47:17.0170 12988 Beep - ok
20:47:17.0510 12988 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
20:47:17.0528 12988 BITS - ok
20:47:17.0568 12988 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:47:17.0571 12988 blbdrive - ok
20:47:17.0739 12988 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:47:17.0747 12988 Bonjour Service - ok
20:47:17.0826 12988 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
20:47:17.0830 12988 bowser - ok
20:47:17.0868 12988 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:47:17.0870 12988 BrFiltLo - ok
20:47:17.0891 12988 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:47:17.0893 12988 BrFiltUp - ok
20:47:17.0971 12988 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
20:47:17.0983 12988 Browser - ok
20:47:18.0040 12988 Browser Defender Update Service - ok
20:47:18.0351 12988 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:47:18.0357 12988 Brserid - ok
20:47:18.0405 12988 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:47:18.0408 12988 BrSerWdm - ok
20:47:18.0419 12988 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:47:18.0422 12988 BrUsbMdm - ok
20:47:18.0465 12988 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:47:18.0467 12988 BrUsbSer - ok
20:47:18.0602 12988 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
20:47:18.0608 12988 BrYNSvc - ok
20:47:18.0737 12988 BTCFilterService - ok
20:47:18.0817 12988 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:47:18.0819 12988 BthEnum - ok
20:47:18.0869 12988 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:47:18.0872 12988 BTHMODEM - ok
20:47:18.0998 12988 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:47:19.0002 12988 BthPan - ok
20:47:19.0387 12988 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
20:47:19.0398 12988 BTHPORT - ok
20:47:19.0608 12988 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:47:19.0614 12988 bthserv - ok
20:47:19.0720 12988 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
20:47:19.0724 12988 BTHUSB - ok
20:47:19.0934 12988 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
20:47:19.0937 12988 btwaudio - ok
20:47:20.0024 12988 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
20:47:20.0027 12988 btwavdt - ok
20:47:20.0496 12988 btwdins (dcf8d8f1f87743509d9c0207cb28637d) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
20:47:20.0513 12988 btwdins - ok
20:47:20.0543 12988 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:47:20.0546 12988 btwl2cap - ok
20:47:20.0567 12988 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
20:47:20.0569 12988 btwrchid - ok
20:47:20.0702 12988 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
20:47:20.0710 12988 CAXHWAZL - ok
20:47:20.0788 12988 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:47:20.0792 12988 cdfs - ok
20:47:20.0869 12988 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
20:47:20.0876 12988 cdrom - ok
20:47:20.0933 12988 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:47:20.0936 12988 CertPropSvc - ok
20:47:20.0969 12988 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:47:20.0972 12988 circlass - ok
20:47:21.0141 12988 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:47:21.0153 12988 CLFS - ok
20:47:21.0444 12988 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:47:21.0447 12988 clr_optimization_v2.0.50727_32 - ok
20:47:21.0536 12988 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:47:21.0539 12988 clr_optimization_v2.0.50727_64 - ok
20:47:21.0690 12988 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:47:21.0694 12988 clr_optimization_v4.0.30319_32 - ok
20:47:21.0783 12988 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:47:21.0787 12988 clr_optimization_v4.0.30319_64 - ok
20:47:21.0821 12988 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:47:21.0824 12988 CmBatt - ok
20:47:21.0849 12988 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
20:47:21.0851 12988 cmdide - ok
20:47:22.0001 12988 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
20:47:22.0009 12988 CNG - ok
20:47:22.0238 12988 CnxtHdAudService (20f3f8674d7dee5d90a352b775d5d5ba) C:\Windows\system32\drivers\CHDRT64.sys
20:47:22.0253 12988 CnxtHdAudService - ok
20:47:22.0316 12988 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:47:22.0318 12988 Compbatt - ok
20:47:22.0351 12988 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:47:22.0354 12988 CompositeBus - ok
20:47:22.0369 12988 COMSysApp - ok
20:47:22.0399 12988 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:47:22.0401 12988 crcdisk - ok
20:47:22.0484 12988 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
20:47:22.0489 12988 CryptSvc - ok
20:47:22.0652 12988 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:47:22.0672 12988 DcomLaunch - ok
20:47:22.0769 12988 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:47:22.0777 12988 defragsvc - ok
20:47:22.0926 12988 DeviceMonitorService (57be2fb462b59951446825c1684a7801) C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe
20:47:22.0931 12988 DeviceMonitorService - ok
20:47:22.0995 12988 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
20:47:22.0998 12988 DfsC - ok
20:47:23.0121 12988 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
20:47:23.0130 12988 Dhcp - ok
20:47:23.0241 12988 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:47:23.0247 12988 discache - ok
20:47:23.0347 12988 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:47:23.0350 12988 Disk - ok
20:47:23.0613 12988 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
20:47:23.0615 12988 DKbFltr - ok
20:47:23.0707 12988 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
20:47:23.0713 12988 Dnscache - ok
20:47:23.0833 12988 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
20:47:23.0840 12988 dot3svc - ok
20:47:23.0883 12988 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
20:47:23.0888 12988 DPS - ok
20:47:23.0970 12988 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:47:23.0972 12988 drmkaud - ok
20:47:24.0244 12988 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
20:47:24.0260 12988 DXGKrnl - ok
20:47:24.0282 12988 EagleX64 - ok
20:47:24.0337 12988 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:47:24.0341 12988 EapHost - ok
20:47:25.0112 12988 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:47:25.0166 12988 ebdrv - ok
20:47:25.0522 12988 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
20:47:25.0527 12988 EFS - ok
20:47:25.0788 12988 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
20:47:25.0798 12988 ehRecvr - ok
20:47:25.0848 12988 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:47:25.0852 12988 ehSched - ok
20:47:26.0059 12988 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:47:26.0068 12988 elxstor - ok
20:47:26.0382 12988 ePowerSvc (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
20:47:26.0396 12988 ePowerSvc - ok
20:47:26.0808 12988 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
20:47:26.0810 12988 ErrDev - ok
20:47:26.0947 12988 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:47:26.0957 12988 EventSystem - ok
20:47:27.0012 12988 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:47:27.0017 12988 exfat - ok
20:47:27.0080 12988 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:47:27.0085 12988 fastfat - ok
20:47:27.0287 12988 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
20:47:27.0300 12988 Fax - ok
20:47:27.0350 12988 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:47:27.0352 12988 fdc - ok
20:47:27.0396 12988 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:47:27.0399 12988 fdPHost - ok
20:47:27.0447 12988 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:47:27.0451 12988 FDResPub - ok
20:47:27.0479 12988 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:47:27.0482 12988 FileInfo - ok
20:47:27.0506 12988 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:47:27.0508 12988 Filetrace - ok
20:47:27.0534 12988 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:47:27.0536 12988 flpydisk - ok
20:47:27.0619 12988 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
20:47:27.0626 12988 FltMgr - ok
20:47:27.0937 12988 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
20:47:27.0958 12988 FontCache - ok
20:47:28.0035 12988 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:47:28.0038 12988 FontCache3.0.0.0 - ok
20:47:28.0116 12988 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:47:28.0118 12988 FsDepends - ok
20:47:28.0171 12988 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
20:47:28.0173 12988 Fs_Rec - ok
20:47:28.0246 12988 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:47:28.0251 12988 fvevol - ok
20:47:28.0292 12988 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:47:28.0295 12988 gagp30kx - ok
20:47:28.0343 12988 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:47:28.0346 12988 GEARAspiWDM - ok
20:47:28.0555 12988 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
20:47:28.0570 12988 gpsvc - ok
20:47:28.0929 12988 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
20:47:28.0948 12988 Greg_Service - ok
20:47:29.0038 12988 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:47:29.0041 12988 gupdate - ok
20:47:29.0051 12988 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:47:29.0055 12988 gupdatem - ok
20:47:29.0375 12988 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:47:29.0378 12988 hcw85cir - ok
20:47:29.0484 12988 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
20:47:29.0491 12988 HdAudAddService - ok
20:47:29.0553 12988 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:47:29.0557 12988 HDAudBus - ok
20:47:29.0570 12988 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:47:29.0572 12988 HidBatt - ok
20:47:29.0605 12988 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:47:29.0608 12988 HidBth - ok
20:47:29.0628 12988 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:47:29.0631 12988 HidIr - ok
20:47:29.0669 12988 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:47:29.0672 12988 hidserv - ok
20:47:29.0703 12988 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
20:47:29.0705 12988 HidUsb - ok
20:47:29.0743 12988 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
20:47:29.0748 12988 hkmsvc - ok
20:47:29.0809 12988 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
20:47:29.0816 12988 HomeGroupListener - ok
20:47:29.0876 12988 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
20:47:29.0883 12988 HomeGroupProvider - ok
20:47:29.0921 12988 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:47:29.0924 12988 HpSAMD - ok
20:47:30.0219 12988 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
20:47:30.0231 12988 HsfXAudioService - ok
20:47:30.0611 12988 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
20:47:30.0635 12988 HSF_DPV - ok
20:47:31.0061 12988 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
20:47:31.0074 12988 HTTP - ok
20:47:31.0094 12988 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
20:47:31.0097 12988 hwpolicy - ok
20:47:31.0182 12988 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:47:31.0186 12988 i8042prt - ok
20:47:31.0319 12988 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
20:47:31.0328 12988 iaStorV - ok
20:47:31.0609 12988 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:47:31.0623 12988 idsvc - ok
20:47:33.0247 12988 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:47:33.0340 12988 igfx - ok
20:47:33.0592 12988 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:47:33.0595 12988 iirsp - ok
20:47:33.0841 12988 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
20:47:33.0857 12988 IKEEXT - ok
20:47:33.0892 12988 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
20:47:33.0895 12988 intelide - ok
20:47:33.0930 12988 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:47:33.0933 12988 intelppm - ok
20:47:33.0987 12988 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:47:33.0991 12988 IPBusEnum - ok
20:47:34.0017 12988 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:47:34.0020 12988 IpFilterDriver - ok
20:47:34.0058 12988 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:47:34.0062 12988 IPMIDRV - ok
20:47:34.0110 12988 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:47:34.0114 12988 IPNAT - ok
20:47:34.0388 12988 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
20:47:34.0404 12988 iPod Service - ok
20:47:34.0433 12988 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:47:34.0435 12988 IRENUM - ok
20:47:34.0467 12988 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
20:47:34.0469 12988 isapnp - ok
20:47:34.0529 12988 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
20:47:34.0534 12988 iScsiPrt - ok
20:47:34.0639 12988 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
20:47:34.0646 12988 k57nd60a - ok
20:47:34.0672 12988 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:47:34.0675 12988 kbdclass - ok
20:47:34.0708 12988 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
20:47:34.0711 12988 kbdhid - ok
20:47:34.0761 12988 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:47:34.0765 12988 KeyIso - ok
20:47:34.0828 12988 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
20:47:34.0831 12988 KSecDD - ok
20:47:34.0886 12988 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
20:47:34.0890 12988 KSecPkg - ok
20:47:34.0917 12988 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:47:34.0919 12988 ksthunk - ok
20:47:35.0041 12988 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:47:35.0051 12988 KtmRm - ok
20:47:35.0114 12988 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
20:47:35.0117 12988 L1E - ok
20:47:35.0260 12988 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
20:47:35.0268 12988 LanmanServer - ok
20:47:35.0319 12988 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
20:47:35.0326 12988 LanmanWorkstation - ok
20:47:35.0394 12988 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:47:35.0397 12988 lltdio - ok
20:47:35.0516 12988 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:47:35.0524 12988 lltdsvc - ok
20:47:35.0576 12988 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:47:35.0581 12988 lmhosts - ok
20:47:35.0637 12988 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
20:47:35.0639 12988 lmimirr - ok
20:47:35.0709 12988 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:47:35.0713 12988 LSI_FC - ok
20:47:35.0743 12988 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:47:35.0747 12988 LSI_SAS - ok
20:47:35.0770 12988 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:47:35.0773 12988 LSI_SAS2 - ok
20:47:35.0816 12988 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:47:35.0819 12988 LSI_SCSI - ok
20:47:35.0858 12988 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:47:35.0861 12988 luafv - ok
20:47:35.0914 12988 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
20:47:35.0919 12988 Mcx2Svc - ok
20:47:35.0958 12988 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:47:35.0960 12988 mdmxsdk - ok
20:47:35.0978 12988 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:47:35.0981 12988 megasas - ok
20:47:36.0052 12988 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:47:36.0058 12988 MegaSR - ok
20:47:36.0107 12988 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:47:36.0112 12988 MMCSS - ok
20:47:36.0136 12988 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:47:36.0138 12988 Modem - ok
20:47:36.0165 12988 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:47:36.0168 12988 monitor - ok
20:47:36.0186 12988 motccgp - ok
20:47:36.0199 12988 motccgpfl - ok
20:47:36.0214 12988 motmodem - ok
20:47:36.0369 12988 MotoHelper (3bbc6c2402242401f791548aaebf3d39) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
20:47:36.0374 12988 MotoHelper - ok
20:47:36.0382 12988 MotoSwitchService - ok
20:47:36.0402 12988 Motousbnet - ok
20:47:36.0419 12988 motusbdevice - ok
20:47:36.0475 12988 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:47:36.0478 12988 mouclass - ok
20:47:36.0520 12988 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:47:36.0523 12988 mouhid - ok
20:47:36.0577 12988 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
20:47:36.0580 12988 mountmgr - ok
20:47:36.0667 12988 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:47:36.0671 12988 MozillaMaintenance - ok
20:47:36.0723 12988 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
20:47:36.0727 12988 mpio - ok
20:47:36.0766 12988 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:47:36.0769 12988 mpsdrv - ok
20:47:36.0813 12988 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
20:47:36.0818 12988 MRxDAV - ok
20:47:36.0897 12988 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:47:36.0901 12988 mrxsmb - ok
20:47:37.0005 12988 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:47:37.0012 12988 mrxsmb10 - ok
20:47:37.0058 12988 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:47:37.0062 12988 mrxsmb20 - ok
20:47:37.0085 12988 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
20:47:37.0088 12988 msahci - ok
20:47:37.0139 12988 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
20:47:37.0143 12988 msdsm - ok
20:47:37.0218 12988 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:47:37.0224 12988 MSDTC - ok
20:47:37.0274 12988 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:47:37.0276 12988 Msfs - ok
20:47:37.0298 12988 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:47:37.0300 12988 mshidkmdf - ok
20:47:37.0319 12988 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
20:47:37.0321 12988 msisadrv - ok
20:47:37.0399 12988 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:47:37.0405 12988 MSiSCSI - ok
20:47:37.0419 12988 msiserver - ok
20:47:37.0473 12988 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:47:37.0476 12988 MSKSSRV - ok
20:47:37.0529 12988 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:47:37.0532 12988 MSPCLOCK - ok
20:47:37.0576 12988 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:47:37.0578 12988 MSPQM - ok
20:47:37.0683 12988 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
20:47:37.0690 12988 MsRPC - ok
20:47:37.0717 12988 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:47:37.0719 12988 mssmbios - ok
20:47:37.0829 12988 MSSQL$SQLEXPRESS - ok
20:47:37.0927 12988 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:47:37.0930 12988 MSSQLServerADHelper100 - ok
20:47:37.0969 12988 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:47:37.0971 12988 MSTEE - ok
20:47:39.0190 12988 msvsmon90 (cb4a082af58d1a0969f931816d5cfb05) C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
20:47:39.0263 12988 msvsmon90 - ok
20:47:39.0531 12988 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:47:39.0533 12988 MTConfig - ok
20:47:39.0597 12988 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:47:39.0601 12988 Mup - ok
20:47:39.0735 12988 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
20:47:39.0747 12988 napagent - ok
20:47:39.0857 12988 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:47:39.0864 12988 NativeWifiP - ok
20:47:40.0107 12988 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
20:47:40.0123 12988 NDIS - ok
20:47:40.0150 12988 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:47:40.0153 12988 NdisCap - ok
20:47:40.0179 12988 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:47:40.0182 12988 NdisTapi - ok
20:47:40.0211 12988 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
20:47:40.0215 12988 Ndisuio - ok
20:47:40.0268 12988 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:47:40.0272 12988 NdisWan - ok
20:47:40.0299 12988 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
20:47:40.0302 12988 NDProxy - ok
20:47:40.0326 12988 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:47:40.0329 12988 NetBIOS - ok
20:47:40.0396 12988 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
20:47:40.0401 12988 NetBT - ok
20:47:40.0461 12988 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:47:40.0466 12988 Netlogon - ok
20:47:40.0612 12988 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:47:40.0622 12988 Netman - ok
20:47:40.0743 12988 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:47:40.0754 12988 netprofm - ok
20:47:40.0928 12988 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\Windows\system32\DRIVERS\netr28x.sys
20:47:40.0939 12988 netr28x - ok
20:47:41.0034 12988 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:47:41.0037 12988 NetTcpPortSharing - ok
20:47:41.0090 12988 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:47:41.0093 12988 nfrd960 - ok
20:47:41.0222 12988 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
20:47:41.0230 12988 NlaSvc - ok
20:47:41.0310 12988 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:47:41.0312 12988 Npfs - ok
20:47:41.0351 12988 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:47:41.0356 12988 nsi - ok
20:47:41.0400 12988 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:47:41.0402 12988 nsiproxy - ok
20:47:41.0891 12988 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
20:47:41.0919 12988 Ntfs - ok
20:47:42.0033 12988 NTI IScheduleSvc (14e66f603fb187713aeb02ad3b0390cf) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
20:47:42.0037 12988 NTI IScheduleSvc - ok
20:47:42.0304 12988 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
20:47:42.0306 12988 NTIDrvr - ok
20:47:42.0340 12988 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:47:42.0342 12988 Null - ok
20:47:42.0408 12988 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
20:47:42.0412 12988 nvraid - ok
20:47:42.0494 12988 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
20:47:42.0498 12988 nvstor - ok
20:47:42.0541 12988 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
20:47:42.0545 12988 nv_agp - ok
20:47:42.0727 12988 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:47:42.0736 12988 odserv - ok
20:47:42.0767 12988 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
20:47:42.0770 12988 ohci1394 - ok
20:47:42.0830 12988 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:47:42.0834 12988 ose - ok
20:47:42.0934 12988 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:47:42.0944 12988 p2pimsvc - ok
20:47:43.0058 12988 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:47:43.0069 12988 p2psvc - ok
20:47:43.0106 12988 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:47:43.0109 12988 Parport - ok
20:47:43.0200 12988 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
20:47:43.0203 12988 partmgr - ok
20:47:43.0312 12988 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:47:43.0319 12988 PcaSvc - ok
20:47:43.0394 12988 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
20:47:43.0399 12988 pci - ok
20:47:43.0411 12988 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
20:47:43.0413 12988 pciide - ok
20:47:43.0489 12988 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:47:43.0494 12988 pcmcia - ok
20:47:43.0630 12988 PCTCore (bf907ec8c6783e861246c8060e788334) C:\Windows\system32\drivers\PCTCore64.sys
20:47:43.0636 12988 PCTCore - ok
20:47:43.0760 12988 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
20:47:43.0769 12988 pctDS - ok
20:47:44.0014 12988 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
20:47:44.0028 12988 pctEFA - ok
20:47:44.0138 12988 PCTSD (dea3e7a33e268d4f1fbb4516c784646b) C:\Windows\system32\Drivers\PCTSD64.sys
20:47:44.0144 12988 PCTSD - ok
20:47:44.0169 12988 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:47:44.0172 12988 pcw - ok
20:47:44.0339 12988 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:47:44.0350 12988 PEAUTH - ok
20:47:44.0542 12988 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:47:44.0546 12988 PerfHost - ok
20:47:45.0090 12988 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
20:47:45.0115 12988 pla - ok
20:47:45.0276 12988 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
20:47:45.0288 12988 PlugPlay - ok
20:47:45.0334 12988 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:47:45.0339 12988 PNRPAutoReg - ok
20:47:45.0458 12988 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:47:45.0467 12988 PNRPsvc - ok
20:47:45.0615 12988 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
20:47:45.0625 12988 PolicyAgent - ok
20:47:45.0699 12988 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:47:45.0707 12988 Power - ok
20:47:45.0811 12988 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
20:47:45.0815 12988 PptpMiniport - ok
20:47:45.0847 12988 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:47:45.0851 12988 Processor - ok
20:47:45.0930 12988 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
20:47:45.0938 12988 ProfSvc - ok
20:47:45.0982 12988 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:47:45.0986 12988 ProtectedStorage - ok
20:47:46.0046 12988 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
20:47:46.0050 12988 Psched - ok
20:47:46.0091 12988 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:47:46.0094 12988 PxHlpa64 - ok
20:47:46.0456 12988 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:47:46.0481 12988 ql2300 - ok
20:47:46.0752 12988 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:47:46.0756 12988 ql40xx - ok
20:47:46.0848 12988 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:47:46.0858 12988 QWAVE - ok
20:47:46.0887 12988 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:47:46.0889 12988 QWAVEdrv - ok
20:47:46.0951 12988 radpms (58435613c2537715a9423597ec6635cc) C:\Windows\system32\DRIVERS\radpms.sys
20:47:46.0953 12988 radpms - ok
20:47:46.0965 12988 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:47:46.0968 12988 RasAcd - ok
20:47:47.0023 12988 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:47:47.0026 12988 RasAgileVpn - ok
20:47:47.0070 12988 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:47:47.0077 12988 RasAuto - ok
20:47:47.0128 12988 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:47:47.0133 12988 Rasl2tp - ok
20:47:47.0235 12988 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
20:47:47.0245 12988 RasMan - ok
20:47:47.0293 12988 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:47:47.0296 12988 RasPppoe - ok
20:47:47.0339 12988 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:47:47.0342 12988 RasSstp - ok
20:47:47.0425 12988 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
20:47:47.0431 12988 rdbss - ok
20:47:47.0472 12988 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:47:47.0475 12988 rdpbus - ok
20:47:47.0513 12988 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:47:47.0516 12988 RDPCDD - ok
20:47:47.0565 12988 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:47:47.0568 12988 RDPENCDD - ok
20:47:47.0597 12988 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:47:47.0602 12988 RDPREFMP - ok
20:47:47.0678 12988 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
20:47:47.0683 12988 RDPWD - ok
20:47:47.0762 12988 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
20:47:47.0767 12988 rdyboost - ok
20:47:47.0833 12988 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:47:47.0839 12988 RemoteAccess - ok
20:47:47.0912 12988 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:47:47.0919 12988 RemoteRegistry - ok
20:47:48.0023 12988 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:47:48.0028 12988 RFCOMM - ok
20:47:48.0105 12988 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
20:47:48.0108 12988 RimUsb - ok
20:47:48.0141 12988 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:47:48.0148 12988 RpcEptMapper - ok
20:47:48.0186 12988 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:47:48.0190 12988 RpcLocator - ok
20:47:48.0320 12988 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
20:47:48.0333 12988 RpcSs - ok
20:47:48.0385 12988 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:47:48.0388 12988 rspndr - ok
20:47:48.0473 12988 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\system32\Drivers\RtsUStor.sys
20:47:48.0478 12988 RSUSBSTOR - ok
20:47:48.0527 12988 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:47:48.0532 12988 SamSs - ok
20:47:48.0569 12988 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
20:47:48.0573 12988 sbp2port - ok
20:47:48.0629 12988 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:47:48.0636 12988 SCardSvr - ok
20:47:48.0661 12988 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
20:47:48.0664 12988 scfilter - ok
20:47:48.0963 12988 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
20:47:48.0985 12988 Schedule - ok
20:47:49.0034 12988 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
20:47:49.0037 12988 SCPolicySvc - ok
20:47:49.0044 12988 sdAuxService - ok
20:47:49.0056 12988 sdCoreService - ok
20:47:49.0125 12988 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
20:47:49.0133 12988 SDRSVC - ok
20:47:49.0231 12988 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:47:49.0234 12988 secdrv - ok
20:47:49.0256 12988 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
20:47:49.0262 12988 seclogon - ok
20:47:49.0299 12988 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:47:49.0306 12988 SENS - ok
20:47:49.0364 12988 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:47:49.0370 12988 SensrSvc - ok
20:47:49.0403 12988 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:47:49.0406 12988 Serenum - ok
20:47:49.0442 12988 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:47:49.0445 12988 Serial - ok
20:47:49.0461 12988 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:47:49.0464 12988 sermouse - ok
20:47:49.0523 12988 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
20:47:49.0530 12988 SessionEnv - ok
20:47:49.0550 12988 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:47:49.0553 12988 sffdisk - ok
20:47:49.0566 12988 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:47:49.0569 12988 sffp_mmc - ok
20:47:49.0582 12988 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:47:49.0585 12988 sffp_sd - ok
20:47:49.0599 12988 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:47:49.0602 12988 sfloppy - ok
20:47:49.0723 12988 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
20:47:49.0735 12988 ShellHWDetection - ok
20:47:49.0757 12988 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:47:49.0761 12988 SiSRaid2 - ok
20:47:49.0804 12988 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:47:49.0811 12988 SiSRaid4 - ok
20:47:49.0927 12988 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:47:49.0934 12988 SkypeUpdate - ok
20:47:49.0981 12988 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:47:49.0985 12988 Smb - ok
20:47:50.0050 12988 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:47:50.0055 12988 SNMPTRAP - ok
20:47:50.0094 12988 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:47:50.0096 12988 spldr - ok
20:47:50.0524 12988 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
20:47:50.0538 12988 Spooler - ok
20:47:51.0722 12988 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
20:47:51.0782 12988 sppsvc - ok
20:47:52.0040 12988 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:47:52.0040 12988 sppuinotify - ok
20:47:52.0240 12988 SQLAgent$SQLEXPRESS (eb2fd937449b7aceb39372f875eb8e78) c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
20:47:52.0250 12988 SQLAgent$SQLEXPRESS - ok
20:47:52.0380 12988 SQLBrowser (99de6acfa5ca83fad6a765c81c6f129f) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:47:52.0380 12988 SQLBrowser - ok
20:47:52.0490 12988 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:47:52.0500 12988 SQLWriter - ok
20:47:52.0670 12988 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
20:47:52.0680 12988 srv - ok
20:47:52.0810 12988 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
20:47:52.0820 12988 srv2 - ok
20:47:52.0940 12988 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:47:52.0940 12988 SrvHsfHDA - ok
20:47:53.0310 12988 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:47:53.0340 12988 SrvHsfV92 - ok
20:47:53.0793 12988 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:47:53.0806 12988 SrvHsfWinac - ok
20:47:53.0879 12988 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
20:47:53.0884 12988 srvnet - ok
20:47:53.0972 12988 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
20:47:53.0976 12988 ssadbus - ok
20:47:54.0031 12988 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:47:54.0033 12988 ssadmdfl - ok
20:47:54.0159 12988 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
20:47:54.0165 12988 ssadmdm - ok
20:47:54.0271 12988 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:47:54.0280 12988 SSDPSRV - ok
20:47:54.0312 12988 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:47:54.0319 12988 SstpSvc - ok
20:47:54.0351 12988 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:47:54.0355 12988 stexstor - ok
20:47:54.0418 12988 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
20:47:54.0421 12988 StillCam - ok
20:47:54.0611 12988 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
20:47:54.0627 12988 stisvc - ok
20:47:54.0653 12988 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:47:54.0656 12988 swenum - ok
20:47:54.0791 12988 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:47:54.0805 12988 swprv - ok
20:47:54.0913 12988 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
20:47:54.0919 12988 SynTP - ok
20:47:55.0355 12988 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
20:47:55.0388 12988 SysMain - ok
20:47:55.0882 12988 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
20:47:55.0890 12988 TabletInputService - ok
20:47:55.0989 12988 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
20:47:55.0999 12988 TapiSrv - ok
20:47:56.0027 12988 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:47:56.0033 12988 TBS - ok
20:47:56.0593 12988 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
20:47:56.0628 12988 Tcpip - ok
20:47:57.0363 12988 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
20:47:57.0393 12988 TCPIP6 - ok
20:47:57.0693 12988 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
20:47:57.0698 12988 tcpipreg - ok
20:47:57.0723 12988 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:47:57.0728 12988 TDPIPE - ok
20:47:57.0788 12988 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
20:47:57.0788 12988 TDTCP - ok
20:47:57.0843 12988 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
20:47:57.0843 12988 tdx - ok
20:47:57.0873 12988 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
20:47:57.0878 12988 TermDD - ok
20:47:58.0078 12988 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
20:47:58.0093 12988 TermService - ok
20:47:58.0128 12988 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:47:58.0133 12988 Themes - ok
20:47:58.0173 12988 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:47:58.0178 12988 THREADORDER - ok
20:47:58.0218 12988 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:47:58.0228 12988 TrkWks - ok
20:47:58.0331 12988 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
20:47:58.0336 12988 TrustedInstaller - ok
20:47:58.0366 12988 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:47:58.0369 12988 tssecsrv - ok
20:47:58.0448 12988 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
20:47:58.0452 12988 tunnel - ok
20:47:58.0479 12988 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:47:58.0482 12988 uagp35 - ok
20:47:58.0531 12988 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
20:47:58.0533 12988 UBHelper - ok
20:47:58.0627 12988 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
20:47:58.0634 12988 udfs - ok
20:47:58.0682 12988 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:47:58.0688 12988 UI0Detect - ok
20:47:58.0723 12988 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:47:58.0726 12988 uliagpkx - ok
20:47:58.0763 12988 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
20:47:58.0765 12988 umbus - ok
20:47:58.0777 12988 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:47:58.0780 12988 UmPass - ok
20:47:58.0912 12988 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
20:47:58.0917 12988 Updater Service - ok
20:47:59.0009 12988 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:47:59.0020 12988 upnphost - ok
20:47:59.0078 12988 usbbus (c85b8247fadd432fa54fe11667c8d97d) C:\Windows\system32\DRIVERS\lgx64bus.sys
20:47:59.0080 12988 usbbus - ok
20:47:59.0153 12988 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
20:47:59.0156 12988 usbccgp - ok
20:47:59.0254 12988 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
20:47:59.0258 12988 usbcir - ok
20:47:59.0321 12988 UsbDiag (d8cdc12f5429878f23ddb3785a0fdf95) C:\Windows\system32\DRIVERS\lgx64diag.sys
20:47:59.0324 12988 UsbDiag - ok
20:47:59.0379 12988 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
20:47:59.0382 12988 usbehci - ok
20:47:59.0449 12988 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
20:47:59.0451 12988 usbfilter - ok
20:47:59.0552 12988 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
20:47:59.0559 12988 usbhub - ok
20:47:59.0587 12988 USBModem (79fa7a22b0f6f0082f640cbc82a00fce) C:\Windows\system32\DRIVERS\lgx64modem.sys
20:47:59.0590 12988 USBModem - ok
20:47:59.0617 12988 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
20:47:59.0620 12988 usbohci - ok
20:47:59.0662 12988 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:47:59.0664 12988 usbprint - ok
20:47:59.0721 12988 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:47:59.0724 12988 usbscan - ok
20:47:59.0788 12988 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:47:59.0791 12988 USBSTOR - ok
20:47:59.0816 12988 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
20:47:59.0819 12988 usbuhci - ok
20:47:59.0929 12988 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
20:47:59.0933 12988 usbvideo - ok
20:47:59.0972 12988 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:47:59.0979 12988 UxSms - ok
20:48:00.0027 12988 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
20:48:00.0031 12988 VaultSvc - ok
20:48:00.0081 12988 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:48:00.0084 12988 vdrvroot - ok
20:48:00.0237 12988 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
20:48:00.0268 12988 vds - ok
20:48:00.0311 12988 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:48:00.0314 12988 vga - ok
20:48:00.0340 12988 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:48:00.0342 12988 VgaSave - ok
20:48:00.0408 12988 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
20:48:00.0413 12988 vhdmp - ok
20:48:00.0437 12988 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
20:48:00.0440 12988 viaide - ok
20:48:00.0478 12988 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
20:48:00.0482 12988 volmgr - ok
20:48:00.0587 12988 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
20:48:00.0595 12988 volmgrx - ok
20:48:00.0672 12988 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
20:48:00.0679 12988 volsnap - ok
20:48:00.0748 12988 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:48:00.0752 12988 vsmraid - ok
20:48:01.0188 12988 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
20:48:01.0216 12988 VSS - ok
20:48:01.0621 12988 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
20:48:01.0637 12988 vToolbarUpdater11.2.0 - ok
20:48:01.0908 12988 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:48:01.0911 12988 vwifibus - ok
20:48:01.0941 12988 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:48:01.0944 12988 vwififlt - ok
20:48:01.0970 12988 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:48:01.0973 12988 vwifimp - ok
20:48:02.0081 12988 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:48:02.0093 12988 W32Time - ok
20:48:02.0123 12988 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:48:02.0126 12988 WacomPen - ok
20:48:02.0171 12988 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:48:02.0175 12988 WANARP - ok
20:48:02.0183 12988 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
20:48:02.0187 12988 Wanarpv6 - ok
20:48:02.0582 12988 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:48:02.0603 12988 WatAdminSvc - ok
20:48:02.0969 12988 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
20:48:02.0998 12988 wbengine - ok
20:48:03.0291 12988 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:48:03.0300 12988 WbioSrvc - ok
20:48:03.0439 12988 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
20:48:03.0451 12988 wcncsvc - ok
20:48:03.0485 12988 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:48:03.0492 12988 WcsPlugInService - ok
20:48:03.0549 12988 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:48:03.0552 12988 Wd - ok
20:48:03.0727 12988 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:48:03.0739 12988 Wdf01000 - ok
20:48:03.0774 12988 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:48:03.0781 12988 WdiServiceHost - ok
20:48:03.0790 12988 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:48:03.0797 12988 WdiSystemHost - ok
20:48:03.0907 12988 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
20:48:03.0917 12988 WebClient - ok
20:48:03.0995 12988 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:48:04.0004 12988 Wecsvc - ok
20:48:04.0045 12988 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:48:04.0052 12988 wercplsupport - ok
20:48:04.0101 12988 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:48:04.0109 12988 WerSvc - ok
20:48:04.0188 12988 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:48:04.0190 12988 WfpLwf - ok
20:48:04.0213 12988 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:48:04.0216 12988 WIMMount - ok
20:48:04.0428 12988 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
20:48:04.0441 12988 winachsf - ok
20:48:04.0460 12988 WinHttpAutoProxySvc - ok
20:48:04.0579 12988 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:48:04.0584 12988 Winmgmt - ok
20:48:05.0080 12988 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
20:48:05.0124 12988 WinRM - ok
20:48:05.0465 12988 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
20:48:05.0468 12988 WinUsb - ok
20:48:05.0701 12988 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:48:05.0720 12988 Wlansvc - ok
20:48:06.0459 12988 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:48:06.0497 12988 wlidsvc - ok
20:48:06.0753 12988 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:48:06.0756 12988 WmiAcpi - ok
20:48:06.0857 12988 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:48:06.0862 12988 wmiApSrv - ok
20:48:06.0911 12988 WMPNetworkSvc - ok
20:48:06.0953 12988 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:48:06.0961 12988 WPCSvc - ok
20:48:07.0002 12988 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
20:48:07.0010 12988 WPDBusEnum - ok
20:48:07.0049 12988 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:48:07.0052 12988 ws2ifsl - ok
20:48:07.0103 12988 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
20:48:07.0105 12988 WSDPrintDevice - ok
20:48:07.0114 12988 WSearch - ok
20:48:07.0818 12988 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:48:07.0864 12988 wuauserv - ok
20:48:08.0154 12988 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
20:48:08.0158 12988 WudfPf - ok
20:48:08.0231 12988 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:48:08.0236 12988 WUDFRd - ok
20:48:08.0293 12988 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
20:48:08.0300 12988 wudfsvc - ok
20:48:08.0372 12988 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:48:08.0381 12988 WwanSvc - ok
20:48:08.0415 12988 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
20:48:08.0417 12988 XAudio - ok
20:48:08.0485 12988 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:48:09.0586 12988 \Device\Harddisk0\DR0 - ok
20:48:09.0594 12988 Boot (0x1200) (fd87a1735065f5994a2558c0d665ed85) \Device\Harddisk0\DR0\Partition0
20:48:09.0599 12988 \Device\Harddisk0\DR0\Partition0 - ok
20:48:09.0631 12988 Boot (0x1200) (d794f0277ac47d775d347b5114c51ec7) \Device\Harddisk0\DR0\Partition1
20:48:09.0637 12988 \Device\Harddisk0\DR0\Partition1 - ok
20:48:09.0668 12988 Boot (0x1200) (7f873daca80c925359bf1d1673fb2b7f) \Device\Harddisk0\DR0\Partition2
20:48:09.0674 12988 \Device\Harddisk0\DR0\Partition2 - ok
20:48:09.0675 12988 ============================================================
20:48:09.0675 12988 Scan finished
20:48:09.0675 12988 ============================================================
20:48:09.0786 7976 Detected object count: 0
20:48:09.0786 7976 Actual detected object count: 0



SUPERANTISPYWARE

Found lots of items. Log below.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/17/2012 at 01:56 AM

Application Version : 5.5.1012

Core Rules Database Version : 8909
Trace Rules Database Version: 6721

Scan type : Complete Scan
Total Scan Time : 05:01:49

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 555
Memory threats detected : 0
Registry items scanned : 68217
Registry threats detected : 0
File items scanned : 121568
File threats detected : 353

Adware.Tracking Cookie
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\hope@adecn[1].txt [ /adecn ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\hope@adxpose[1].txt [ /adxpose ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\hope@apmebf[2].txt [ /apmebf ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\hope@cgm.adbureau[1].txt [ /cgm.adbureau ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\hope@clicks.emarketmakers[2].txt [ /clicks.emarketmakers ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\hope@content.yieldmanager[2].txt [ /content.yieldmanager ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\hope@content.yieldmanager[3].txt [ /content.yieldmanager ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\hope@gtp8.acecounter[1].txt [ /gtp8.acecounter ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\hope@microsoftsto.112.2o7[1].txt [ /microsoftsto.112.2o7 ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\hope@msadcenter.112.2o7[1].txt [ /msadcenter.112.2o7 ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\hope@ncp.imrworldwide[1].txt [ /ncp.imrworldwide ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\hope@server.cpmstar[1].txt [ /server.cpmstar ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\hope@statse.webtrendslive[2].txt [ /statse.webtrendslive ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\hope@trafficmp[1].txt [ /trafficmp ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\J7L0VSRE.txt [ /imrworldwide.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\QTMBRJJC.txt [ /fe.trymedia.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\5IAKJ2TV.txt [ /mediaplex.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\R0HXSMXF.txt [ /collective-media.net ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\FWB4NSUX.txt [ /ero-advertising.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\3A2G0S27.txt [ /c.atdmt.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\KZUNDER3.txt [ /tribalfusion.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\5VTHZIM1.txt [ /questionmarket.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\7I2V0KRM.txt [ /avgtechnologies.112.2o7.net ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\BAQHPE9I.txt [ /casalemedia.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\QTMTZ2CW.txt [ /fastclick.net ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\F2PSRVJ0.txt [ /ads.saymedia.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\0FIOGR95.txt [ /tribalfusion.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\92Z9RL38.txt [ /invitemedia.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\T679Y8DY.txt [ /lucidmedia.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\B2X8BOR8.txt [ /revsci.net ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\J3PNBVOC.txt [ /serving-sys.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\WH4RISLW.txt [ /d.trymedia.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\1NLA1HPG.txt [ /yieldmanager.net ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\2RM4F82P.txt [ /ads.pointroll.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\9R6HLBSG.txt [ /zedo.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\9JG9BW8T.txt [ /ru4.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\DFYWJGA5.txt [ /adlegend.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\DOUTZ16E.txt [ /interclick.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\IMC6W06A.txt [ /bs.serving-sys.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\AU20UJBQ.txt [ /micklemedia.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\PSQIE26R.txt [ /adbrite.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\VI9NY1C6.txt [ /pointroll.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\0QQ2IYGH.txt [ /media6degrees.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\YBX2I12B.txt [ /media6degrees.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\6DRB3KBY.txt [ /mediaservices-d.openxenterprise.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\FBTLSF6O.txt [ /doubleclick.net ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\HY0N3ZPO.txt [ /at.atwola.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\V4HV852L.txt [ /atdmt.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\KW282K8G.txt [ /adserver.adtechus.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\L945CERR.txt [ /ad.yieldmanager.com ]
C:\Users\Hope\AppData\Roaming\Microsoft\Windows\Cookies\X22U5VPP.txt [ /pro-market.net ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\2SVR9FK0.txt [ Cookie:hope@clkads.com/adServe ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@imrworldwide[2].txt [ Cookie:hope@imrworldwide.com/cgi-bin ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@insightexpressai[2].txt [ Cookie:hope@insightexpressai.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@collective-media[2].txt [ Cookie:hope@collective-media.net/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@specificmedia[1].txt [ Cookie:hope@specificmedia.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\7MOYAJ03.txt [ Cookie:hope@realmedia.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\WBH33MAM.txt [ Cookie:hope@liveperson.net/hc/65595271 ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@smartadserver[1].txt [ Cookie:hope@smartadserver.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@tradedoubler[1].txt [ Cookie:hope@tradedoubler.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\GBBZJHLJ.txt [ Cookie:hope@by.thetrafficstat.net/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@statcounter[1].txt [ Cookie:hope@statcounter.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@questionmarket[1].txt [ Cookie:hope@questionmarket.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@avgtechnologies.112.2o7[1].txt [ Cookie:hope@avgtechnologies.112.2o7.net/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@track.webtrekk[1].txt [ Cookie:hope@track.webtrekk.de/582796894437529/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\WJBJN9GD.txt [ Cookie:hope@api22.thetrafficstat.net/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@fastclick[2].txt [ Cookie:hope@fastclick.net/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@target.db.advertising[1].txt [ Cookie:hope@target.db.advertising.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\WIADXD4K.txt [ Cookie:hope@specificclick.net/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@msnportal.112.2o7[1].txt [ Cookie:hope@msnportal.112.2o7.net/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@xiti[1].txt [ Cookie:hope@xiti.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\E5CV5GRZ.txt [ Cookie:hope@api15.thetrafficstat.net/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@statse.webtrendslive[2].txt [ Cookie:hope@statse.webtrendslive.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@kontera[2].txt [ Cookie:hope@kontera.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\YDRTSGMG.txt [ Cookie:hope@invitemedia.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@revsci[2].txt [ Cookie:hope@revsci.net/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@apmebf[2].txt [ Cookie:hope@apmebf.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@2o7[2].txt [ Cookie:hope@2o7.net/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\BUP54WJT.txt [ Cookie:hope@liveperson.net/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\WJGXQW1O.txt [ Cookie:hope@serving-sys.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@petfinder[1].txt [ Cookie:hope@petfinder.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@cdn1.trafficmp[1].txt [ Cookie:hope@cdn1.trafficmp.com/prod/ig/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@legolas-media[1].txt [ Cookie:hope@legolas-media.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\MSBCWG81.txt [ Cookie:hope@liveperson.net/hc/76226072 ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@advertising[1].txt [ Cookie:hope@advertising.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@overture[2].txt [ Cookie:hope@overture.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@yieldmanager[1].txt [ Cookie:hope@yieldmanager.net/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@ads.bridgetrack[2].txt [ Cookie:hope@ads.bridgetrack.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\O3B5HD4F.txt [ Cookie:hope@api29.thetrafficstat.net/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\69CNHIQN.txt [ Cookie:hope@ads.pointroll.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@sesamestats[1].txt [ Cookie:hope@sesamestats.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@clkads[2].txt [ Cookie:hope@clkads.com/adServe/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\GVG5P2J8.txt [ Cookie:hope@api6.thetrafficstat.net/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@tacoda.at.atwola[2].txt [ Cookie:hope@tacoda.at.atwola.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@adbrite[1].txt [ Cookie:hope@adbrite.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\CPO0L06E.txt [ Cookie:hope@api18.thetrafficstat.net/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@chitika[1].txt [ Cookie:hope@chitika.net/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@media6degrees[1].txt [ Cookie:hope@media6degrees.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@ext-us.bestofmedia[1].txt [ Cookie:hope@ext-us.bestofmedia.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@at.atwola[1].txt [ Cookie:hope@at.atwola.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\E9P2S3DJ.txt [ Cookie:hope@atdmt.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\EKYXVBCL.txt [ Cookie:hope@h.atdmt.com/ ]
C:\USERS\HOPE\AppData\Roaming\Microsoft\Windows\Cookies\Low\hope@ad.yieldmanager[1].txt [ Cookie:hope@ad.yieldmanager.com/ ]
C:\USERS\HOPE\Cookies\J7L0VSRE.txt [ Cookie:hope@imrworldwide.com/cgi-bin ]
C:\USERS\HOPE\Cookies\hope@msadcenter.112.2o7[1].txt [ Cookie:hope@msadcenter.112.2o7.net/ ]
C:\USERS\HOPE\Cookies\QTMBRJJC.txt [ Cookie:hope@fe.trymedia.com/ ]
C:\USERS\HOPE\Cookies\R0HXSMXF.txt [ Cookie:hope@collective-media.net/ ]
C:\USERS\HOPE\Cookies\FWB4NSUX.txt [ Cookie:hope@ero-advertising.com/ ]
C:\USERS\HOPE\Cookies\hope@ncp.imrworldwide[1].txt [ Cookie:hope@ncp.imrworldwide.com/ ]
C:\USERS\HOPE\Cookies\hope@content.yieldmanager[3].txt [ Cookie:hope@content.yieldmanager.com/ak/ ]
C:\USERS\HOPE\Cookies\KZUNDER3.txt [ Cookie:hope@tribalfusion.com/ ]
C:\USERS\HOPE\Cookies\5VTHZIM1.txt [ Cookie:hope@questionmarket.com/ ]
C:\USERS\HOPE\Cookies\7I2V0KRM.txt [ Cookie:hope@avgtechnologies.112.2o7.net/ ]
C:\USERS\HOPE\Cookies\hope@cgm.adbureau[1].txt [ Cookie:hope@cgm.adbureau.net/ ]
C:\USERS\HOPE\Cookies\QTMTZ2CW.txt [ Cookie:hope@fastclick.net/ ]
C:\USERS\HOPE\Cookies\hope@statse.webtrendslive[2].txt [ Cookie:hope@statse.webtrendslive.com/ ]
C:\USERS\HOPE\Cookies\F2PSRVJ0.txt [ Cookie:hope@ads.saymedia.com/ ]
C:\USERS\HOPE\Cookies\0FIOGR95.txt [ Cookie:hope@tribalfusion.com/ ]
C:\USERS\HOPE\Cookies\hope@apmebf[2].txt [ Cookie:hope@apmebf.com/ ]
C:\USERS\HOPE\Cookies\92Z9RL38.txt [ Cookie:hope@invitemedia.com/ ]
C:\USERS\HOPE\Cookies\T679Y8DY.txt [ Cookie:hope@lucidmedia.com/ ]
C:\USERS\HOPE\Cookies\B2X8BOR8.txt [ Cookie:hope@revsci.net/ ]
C:\USERS\HOPE\Cookies\J3PNBVOC.txt [ Cookie:hope@serving-sys.com/ ]
C:\USERS\HOPE\Cookies\hope@content.yieldmanager[2].txt [ Cookie:hope@content.yieldmanager.com/ ]
C:\USERS\HOPE\Cookies\WH4RISLW.txt [ Cookie:hope@d.trymedia.com/ ]
C:\USERS\HOPE\Cookies\1NLA1HPG.txt [ Cookie:hope@yieldmanager.net/ ]
C:\USERS\HOPE\Cookies\2RM4F82P.txt [ Cookie:hope@ads.pointroll.com/ ]
C:\USERS\HOPE\Cookies\hope@gtp8.acecounter[1].txt [ Cookie:hope@gtp8.acecounter.com/ ]
C:\USERS\HOPE\Cookies\DFYWJGA5.txt [ Cookie:hope@adlegend.com/ ]
C:\USERS\HOPE\Cookies\2SVR9FK0.txt [ Cookie:hope@clkads.com/adServe ]
C:\USERS\HOPE\Cookies\IMC6W06A.txt [ Cookie:hope@bs.serving-sys.com/ ]
C:\USERS\HOPE\Cookies\AU20UJBQ.txt [ Cookie:hope@micklemedia.com/ ]
C:\USERS\HOPE\Cookies\PSQIE26R.txt [ Cookie:hope@adbrite.com/ ]
C:\USERS\HOPE\Cookies\0QQ2IYGH.txt [ Cookie:hope@media6degrees.com/ ]
C:\USERS\HOPE\Cookies\hope@clicks.emarketmakers[2].txt [ Cookie:hope@clicks.emarketmakers.com/ ]
C:\USERS\HOPE\Cookies\YBX2I12B.txt [ Cookie:hope@media6degrees.com/ ]
C:\USERS\HOPE\Cookies\HY0N3ZPO.txt [ Cookie:hope@at.atwola.com/ ]
C:\USERS\HOPE\Cookies\hope@server.cpmstar[1].txt [ Cookie:hope@server.cpmstar.com/ ]
C:\USERS\HOPE\Cookies\V4HV852L.txt [ Cookie:hope@atdmt.com/ ]
C:\USERS\HOPE\Cookies\L945CERR.txt [ Cookie:hope@ad.yieldmanager.com/ ]
C:\USERS\HOPE\Cookies\X22U5VPP.txt [ Cookie:hope@pro-market.net/ ]
core.insightexpressai.com [ M:\USERS\MOM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\WNYM7EXS ]
.amazon-adsystem.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbank.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.clickbank.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.h.atdmt.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftsto.112.2o7.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adxpose.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.prd1.netshelter.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
r2.unicornmedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.virginamerica.112.2o7.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.intentmedia.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ar.atwola.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.specificclick.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.intentmedia.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
a.intentmedia.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hotwire.112.2o7.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tacoda.at.atwola.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.networldmedia.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.hotwire.db.advertising.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.trafficmp.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ev.ads.pointroll.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.burstbeacon.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.2o7.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
server.iad.liveperson.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
stat.dealtime.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.avgtechnologies.112.2o7.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.get-answers-fast.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.get-answers-fast.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.findsearchengineresults.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
click.findsearchengineresults.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\HOPE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\USERS\HOPE\APPDATA\LOCAL\TEMP\COOKIES\HOPE@ATDMT[2].TXT [ /ATDMT ]
C:\USERS\HOPE\APPDATA\LOCAL\TEMP\COOKIES\HOPE@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
C:\USERS\HOPE\APPDATA\LOCAL\TEMP\COOKIES\HOPE@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
C:\USERS\HOPE\APPDATA\LOCAL\TEMP\LOW\COOKIES\HOPE@ATDMT[1].TXT [ /ATDMT ]
C:\USERS\HOPE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HOPE@CASALEMEDIA[1].TXT [ /CASALEMEDIA ]
C:\USERS\HOPE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HOPE@CDN4.SPECIFICCLICK[1].TXT [ /CDN4.SPECIFICCLICK ]
C:\USERS\HOPE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HOPE@EYEWONDER[1].TXT [ /EYEWONDER ]
C:\USERS\HOPE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HOPE@INTERCLICK[1].TXT [ /INTERCLICK ]
C:\USERS\HOPE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HOPE@MICROSOFTSTO.112.2O7[1].TXT [ /MICROSOFTSTO.112.2O7 ]
C:\USERS\HOPE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HOPE@RU4[2].TXT [ /RU4 ]
C:\USERS\HOPE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\HOPE@ZEDO[2].TXT [ /ZEDO ]
a.ads2.msads.net [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
account.goodgamestudios.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
ad.insightexpressai.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
ads2.msads.net [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
asset2.countrylife.joyeurs.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
b.ads2.msads.net [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
cdn.tremormedia.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
cdn2.invitemedia.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
cdn4.specificclick.net [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
cloud.bannergadgets.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
content.yieldmanager.edgesuite.net [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
convoad.technoratimedia.net [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
core.insightexpressai.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
core.saymedia.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
crackle.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
ia.media-imdb.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
imagec05.247realmedia.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
media.kimatv.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
media.king5.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
media.mtvnservices.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
media.y8.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
media1.break.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
media1.clubpenguin.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
mediabrix.hs.llnwd.net [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
objects.tremormedia.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
s.ncp.imrworldwide.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
s0.2mdn.net [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
secure-us.imrworldwide.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
sftrack.searchforce.net [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
spe.atdmt.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
speed.pointroll.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
stat.to.cupidplc.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
udn.specificclick.net [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
us.media.blizzard.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
video.unrulymedia.com [ C:\USERS\HOPE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NVZZXVTJ ]
cdn.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JNYXU3QC ]
core.insightexpressai.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JNYXU3QC ]
core.saymedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JNYXU3QC ]
media3.onsugar.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JNYXU3QC ]
msnbcmedia.msn.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JNYXU3QC ]
objects.tremormedia.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JNYXU3QC ]
secure-us.imrworldwide.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JNYXU3QC ]
tag.2bluemedia.hiro.tv [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\JNYXU3QC ]

PUP.CNETInstaller
C:\USERS\HOPE\APPDATA\LOCAL\TEMP\ICREINSTALL\CNET2_NOKIAFREE_V310_NOKIA_UNLOCK_CODES_CALCULATOR_ZIP.EXE
C:\USERS\HOPE\DOWNLOADS\CNET2_NOKIAFREE_V310_NOKIA_UNLOCK_CODES_CALCULATOR_ZIP.EXE

Spyware.RelevantKnowledge
C:\USERS\HOPE\APPDATA\LOCAL\TEMP\~OS1962.TMP\PRMRSR.EXE
C:\USERS\HOPE\APPDATA\LOCAL\TEMP\~OS7A3E.TMP\PRMRSR.EXE
C:\USERS\HOPE\APPDATA\LOCAL\TEMP\~OSB128.TMP\PRMRSR.EXE
C:\USERS\HOPE\APPDATA\LOCAL\TEMP\~OSF9F.TMP\PRMRSR.EXE

Trojan.Agent/Gen-GameVance[PUP]
C:\USERS\HOPE\DOWNLOADS\SETUPRG.EXE

Trojan.Agent/Gen-Graftor
C:\USERS\HOPE\DOWNLOADS\WORLDUNLOCK CODES CALCULATOR SETUP.EXE


Esnet running now, superantispyware took hours to run and I left it overnight. I will post results of esnet scan as soon as I can.

#4 kking611

kking611
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 17 July 2012 - 08:05 PM

Eset finally finished. Over 9 hours :o

Am I supposed to click deleted quarantined files?

AVG also popped up an additional window during this scan and reported multiple threats ( I dont think a scan was running?) in any case it said all items were resolved. they were all listed in c:windows\system32\services.exe and named Trojan Horse Dropper.Generic_c.MMI X4

Following is the log for eset.

C:\Program Files (x86)\PermissionResearch\prservice.ex_ a variant of Win32/Adware.RK application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Hope\AppData\Local\Temp\IWantThis.exe Win32/Toolbar.CrossRider application cleaned by deleting - quarantined
C:\Users\Hope\AppData\Local\Temp\speedupmypc.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Users\Hope\AppData\Local\Temp\YontooSetup-Silent.exe Win32/Adware.Yontoo application cleaned by deleting - quarantined
C:\Users\Hope\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.4.1.3099.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Hope\AppData\Local\Temp\~os1962.tmp\prservice.exe a variant of Win32/Adware.RK application cleaned by deleting - quarantined
C:\Users\Hope\AppData\Local\Temp\~os7A3E.tmp\prservice.exe a variant of Win32/Adware.RK application cleaned by deleting - quarantined
C:\Users\Hope\AppData\Local\Temp\~osB128.tmp\prservice.exe a variant of Win32/Adware.RK application cleaned by deleting - quarantined
C:\Users\Hope\AppData\Local\Temp\~osF9F.tmp\prservice.exe a variant of Win32/Adware.RK application cleaned by deleting - quarantined
C:\Users\Hope\Desktop\FreeTwitTubeSetup-Silent-B2.exe Win32/Adware.Yontoo application cleaned by deleting - quarantined
C:\Users\Hope\Downloads\cdbxp_setup_4.4.0.3018.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Hope\Downloads\SetupPlayPickle.exe a variant of Win32/Adware.Gamevance.BA application cleaned by deleting - quarantined
C:\Users\Hope\Downloads\SoftonicDownloader_for_curse-client(1).exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
C:\Users\Hope\Downloads\SoftonicDownloader_for_curse-client.exe Win32/SoftonicDownloader.D application cleaned by deleting - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\brutus-aet2 (2).zip Win32/PSWTool.Brutus application deleted - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\brutus-aet2.zip Win32/PSWTool.Brutus application deleted - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\fgdump-2.1.0-exeonly (2).zip Win32/PSWTool.Fgdump.A application deleted - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\fgdump-2.1.0-exeonly.zip Win32/PSWTool.Fgdump.A application deleted - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\framework-3.1 (2).exe multiple threats cleaned by deleting - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\framework-3.1.exe multiple threats cleaned by deleting - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\framework-3.2 (2).exe multiple threats cleaned by deleting - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\framework-3.2.exe multiple threats cleaned by deleting - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\john171w (2).zip Win32/HackTool.John application deleted - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\john171w.zip Win32/HackTool.John application deleted - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\ophcrack-win32-installer-2.4.1 (2).exe multiple threats cleaned by deleting - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\ophcrack-win32-installer-2.4.1.exe multiple threats cleaned by deleting - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\ophcrack-win32-installer-3.2.0 (2).exe multiple threats cleaned by deleting - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\ophcrack-win32-installer-3.2.0.exe multiple threats cleaned by deleting - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\pwdump6-1.6.0 (2).zip multiple threats deleted - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\pwdump6-1.6.0.zip multiple threats deleted - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\Retina49141Demo (2).exe probably a variant of Win32/Agent.BHYLSWI trojan cleaned by deleting - quarantined
C:\Users\Public\Documents save!!\flash drive 11_2010\Old School Folder\Cisco IV Stuff\Project Files IT 249\Security\Retina49141Demo.exe probably a variant of Win32/Agent.BHYLSWI trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f10a8889-e06b-1248-98ed-b532ff8ad06a}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f10a8889-e06b-1248-98ed-b532ff8ad06a}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{f10a8889-e06b-1248-98ed-b532ff8ad06a}\U\80000032.@ a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
M:\Users\Mom\Desktop\files\zergRush Android/Exploit.Lotoor.AN trojan cleaned by deleting - quarantined
M:\Users\Mom\Downloads\DooMLoRD_v4_ROOT-zergRush-busybox-su.zip Android/Exploit.Lotoor.AN trojan deleted - quarantined
Operating memory a variant of Win32/Sirefef.FD trojan


Note the folder "project files IT 249" I am aware of these.

The "Yontoo" program seems to make a few appearences (I uninstalled something like this a week or so ago because I didnt recognize it)

Edit: I think I was suppose to inform you of how it is acting now. It does not seem any better at this point. Still getting popups and redirects. I eagerly await your next post.

Edited by kking611, 17 July 2012 - 08:06 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:59 PM

Posted 17 July 2012 - 08:14 PM

Sometimes it takes a while.. depends on hiw much and what is found. Hard drive size etcc..

Let me know how it's running after.

EDIT: Yes remove thise items.
And see if it improves.. I am susupicious of some thing.

Can you do this..
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

Rerun Minitool.. Only check
•List Winsock Entries

Edited by boopme, 17 July 2012 - 08:19 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 kking611

kking611
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 17 July 2012 - 08:24 PM

Can you do this..
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.


Got this after entering that command.
"The following helper DLL cannot be loaded: WSHELPER.DLL
The Following command was not found: winsock reset."

I get the same message (first one) when doing just netsh as well.

Will reboot if needed.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:59 PM

Posted 17 July 2012 - 08:32 PM

I believe we have a zeroaccess rootkit,too many itens of interference. Lets get it out safely.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run (it may not on a 64 bit system) skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 kking611

kking611
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:08:59 AM

Posted 17 July 2012 - 08:57 PM

Post created with info you requested. You can find it here if needed. Thank you for the help, I appreciate the time you all put in to doing this.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,421 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:59 PM

Posted 17 July 2012 - 09:14 PM

Thank you,, and for linking back I meant to say that.

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 2 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users