Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Malware - Can't Remove (What Else??)


  • This topic is locked This topic is locked
18 replies to this topic

#1 jimmyz12

jimmyz12

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 19 September 2012 - 12:46 AM

Hello, I am not sure where I wound up with this Google redirect malware, but I cannot get it off this system! I have tried Malwarebytes Anti-Malware, TDSSKiller, FixTDSS and a couple of other tools without success, so I need to turn here for help! I am winding up with Google search results that randoming, like every other one take me too either 63. 209. 69. 107 IP address, or scour or any number of random sites. Reading several earlier posts, I knew enough to run the DDS program and to post the log results here:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by Video4 at 0:36:09 on 2012-09-19
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3935.1699 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files (x86)\PIXELA\Network Utility\PxDMSService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\shares\downloads\Malware Bytes Anti-Malware\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k defragsvc
C:\shares\internet\NoteTab Pro\NotePro.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
mRun: [QuickFinder Scheduler] "C:\Program Files (x86)\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
mRun: [Corel Corporation Registration] "C:\Program Files (x86)\Corel\WordPerfect Office 2002\Register\NAVBrowser.exe" /r /i "C:\Program Files (x86)\Corel\WordPerfect Office 2002\Register\NavLoad.ini"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTODE~1.LNK - C:\Program Files (x86)\iConcepts Music Express\MEAutoDetect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETWOR~1.LNK - C:\Program Files (x86)\PIXELA\Network Utility\NetworkUtility.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VIDEOB~1.LNK - C:\Program Files (x86)\PIXELA\VideoBrowser\CameraMonitor.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {001000AF-2DEF-0206-10B6-DC5BA692C858} - hxxp://gate.x10.com/control/xvidnx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{0392DEE3-4F2A-4EED-8133-34D4E6248495} : DhcpNameServer = 172.16.64.1
TCP: Interfaces\{ED56D1C1-9F9C-4B62-B89C-F75530F9722D} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{ED56D1C1-9F9C-4B62-B89C-F75530F9722D}\34F6D666F627470294E6E6 : DhcpNameServer = 0.0.0.0
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
mRun-x64: [QuickFinder Scheduler] "C:\Program Files (x86)\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
mRun-x64: [Corel Corporation Registration] "C:\Program Files (x86)\Corel\WordPerfect Office 2002\Register\NAVBrowser.exe" /r /i "C:\Program Files (x86)\Corel\WordPerfect Office 2002\Register\NavLoad.ini"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Video4\AppData\Roaming\Mozilla\Firefox\Profiles\1pro6qcf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Video4\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Users\Video4\AppData\Roaming\Mozilla\Firefox\Profiles\1pro6qcf.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\Video4\AppData\Roaming\Mozilla\Firefox\Profiles\1pro6qcf.default\extensions\LogMeInClient@logmein.com\plugins\npLMI64.dll
FF - plugin: C:\Users\Video4\AppData\Roaming\Mozilla\Firefox\Profiles\1pro6qcf.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-18 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-18 676936]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-6-14 270848]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-3 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-3 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 PxDMSService;Network Utility;C:\Program Files (x86)\PIXELA\Network Utility\PxDMSService.exe [2012-7-28 179576]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-22 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 114144]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys --> C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys [?]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbmdm_000.sys --> C:\Windows\system32\DRIVERS\nwusbmdm_000.sys [?]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbser_000.sys --> C:\Windows\system32\DRIVERS\nwusbser_000.sys [?]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);C:\Windows\system32\DRIVERS\nwusbser2_000.sys --> C:\Windows\system32\DRIVERS\nwusbser2_000.sys [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-9-3 167424]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-3 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-3 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-3 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-3 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-3 91432]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-3 468264]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-3 357672]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-3 110888]
.
=============== Created Last 30 ================
.
2012-09-19 05:16:43 -------- d-s---w- C:\ComboFix
2012-09-19 04:36:20 98816 ----a-w- C:\Windows\sed.exe
2012-09-19 04:36:20 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-19 04:36:20 256000 ----a-w- C:\Windows\PEV.exe
2012-09-19 04:36:20 208896 ----a-w- C:\Windows\MBR.exe
2012-09-19 04:05:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-19 03:12:24 -------- d-----w- C:\Users\Video4\AppData\Roaming\Malwarebytes
2012-09-19 03:12:14 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-19 03:12:13 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-19 03:12:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-01 21:34:13 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
.
==================== Find3M ====================
.
2012-08-15 17:51:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 17:51:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 0:36:38.63 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 19 September 2012 - 01:31 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jimmyz12

jimmyz12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 19 September 2012 - 07:02 AM

Thanks for the reply, Gringo! I have done as instructed in the post. None of the three functions asked me to reboot my laptop so I have not done so. AdwCleaner detected nothing so it did not delete anything, however the log file is attached. RogueKiller deleted several items, the report file is attached.

--------------------------
AdwCleaner LOG:
--------------------------

# AdwCleaner v2.002 - Logfile created 09/19/2012 at 06:52:35
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Professional (64 bits)
# User : Video4 - VIDEO4-VAIO
# Boot Mode : Normal
# Running from : C:\shares\downloads\Anti-Virus Programs\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Partner

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Found : HKLM\Software\Conduit

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Video4\AppData\Roaming\Mozilla\Firefox\Profiles\1pro6qcf.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Video4\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1236 octets] - [19/09/2012 06:52:35]

########## EOF - C:\AdwCleaner[R1].txt - [1296 octets] ##########


--------------------------
RogueKiller LOG:
--------------------------

RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Video4 [Admin rights]
Mode : Remove -- Date : 09/19/2012 06:55:58

Bad processes : 0

Registry Entries : 7
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\61883 (system32\DRIVERS\61883.sys) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\61883 (system32\DRIVERS\61883.sys) -> DELETED
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:

Driver : [NOT LOADED]

Infection :

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++
--- User ---
[MBR] 78efddf81def69798fc313b1b8098308
[BSP] b39fa02685500cd7d70c8cf8d6655ee5 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8119 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16629760 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16834560 | Size: 230254 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 19 September 2012 - 07:16 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jimmyz12

jimmyz12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 19 September 2012 - 09:40 PM

Gringo, here are the results of my latest scans. First, TDSS detected nothing. Here is the log .... I will run aswMBR next.

21:36:05.0380 2196 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:36:05.0832 2196 ============================================================
21:36:05.0832 2196 Current date / time: 2012/09/19 21:36:05.0832
21:36:05.0832 2196 SystemInfo:
21:36:05.0832 2196
21:36:05.0832 2196 OS Version: 6.1.7600 ServicePack: 0.0
21:36:05.0832 2196 Product type: Workstation
21:36:05.0832 2196 ComputerName: VIDEO4-VAIO
21:36:05.0832 2196 UserName: Video4
21:36:05.0832 2196 Windows directory: C:\Windows
21:36:05.0832 2196 System windows directory: C:\Windows
21:36:05.0832 2196 Running under WOW64
21:36:05.0832 2196 Processor architecture: Intel x64
21:36:05.0832 2196 Number of processors: 2
21:36:05.0832 2196 Page size: 0x1000
21:36:05.0832 2196 Boot type: Normal boot
21:36:05.0832 2196 ============================================================
21:36:06.0300 2196 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:36:06.0300 2196 ============================================================
21:36:06.0300 2196 \Device\Harddisk0\DR0:
21:36:06.0300 2196 MBR partitions:
21:36:06.0300 2196 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFDC000, BlocksNum 0x32000
21:36:06.0300 2196 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x100E000, BlocksNum 0x1C1B7170
21:36:06.0300 2196 ============================================================
21:36:06.0331 2196 C: <-> \Device\Harddisk0\DR0\Partition2
21:36:06.0331 2196 ============================================================
21:36:06.0331 2196 Initialize success
21:36:06.0331 2196 ============================================================
21:36:34.0349 2372 ============================================================
21:36:34.0349 2372 Scan started
21:36:34.0349 2372 Mode: Manual;
21:36:34.0349 2372 ============================================================
21:36:35.0254 2372 ================ Scan system memory ========================
21:36:35.0254 2372 System memory - ok
21:36:35.0254 2372 ================ Scan services =============================
21:36:35.0472 2372 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
21:36:35.0488 2372 1394ohci - ok
21:36:35.0613 2372 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:36:35.0628 2372 ACDaemon - ok
21:36:35.0691 2372 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
21:36:35.0706 2372 ACPI - ok
21:36:35.0769 2372 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
21:36:35.0769 2372 AcpiPmi - ok
21:36:35.0956 2372 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:36:35.0956 2372 AdobeFlashPlayerUpdateSvc - ok
21:36:36.0018 2372 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:36:36.0034 2372 adp94xx - ok
21:36:36.0081 2372 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:36:36.0081 2372 adpahci - ok
21:36:36.0127 2372 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:36:36.0127 2372 adpu320 - ok
21:36:36.0174 2372 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:36:36.0174 2372 AeLookupSvc - ok
21:36:36.0237 2372 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
21:36:36.0252 2372 AFD - ok
21:36:36.0299 2372 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
21:36:36.0299 2372 agp440 - ok
21:36:36.0330 2372 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:36:36.0330 2372 ALG - ok
21:36:36.0393 2372 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
21:36:36.0393 2372 aliide - ok
21:36:36.0408 2372 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
21:36:36.0408 2372 amdide - ok
21:36:36.0471 2372 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:36:36.0471 2372 AmdK8 - ok
21:36:36.0486 2372 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:36:36.0486 2372 AmdPPM - ok
21:36:36.0533 2372 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
21:36:36.0533 2372 amdsata - ok
21:36:36.0580 2372 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:36:36.0580 2372 amdsbs - ok
21:36:36.0627 2372 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
21:36:36.0627 2372 amdxata - ok
21:36:36.0673 2372 [ 56BD886820C4AEDF493CFCDF1CCFB004 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
21:36:36.0673 2372 ApfiltrService - ok
21:36:36.0720 2372 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
21:36:36.0720 2372 AppID - ok
21:36:36.0751 2372 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:36:36.0751 2372 AppIDSvc - ok
21:36:36.0798 2372 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
21:36:36.0798 2372 Appinfo - ok
21:36:36.0861 2372 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:36:36.0876 2372 AppMgmt - ok
21:36:36.0923 2372 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:36:36.0923 2372 arc - ok
21:36:36.0954 2372 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:36:36.0954 2372 arcsas - ok
21:36:36.0985 2372 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
21:36:36.0985 2372 ArcSoftKsUFilter - ok
21:36:37.0157 2372 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:36:37.0157 2372 aspnet_state - ok
21:36:37.0188 2372 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:36:37.0188 2372 AsyncMac - ok
21:36:37.0266 2372 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
21:36:37.0266 2372 atapi - ok
21:36:37.0344 2372 [ 5D4529AC4156E16BEDB01441AE0CF984 ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:36:37.0375 2372 athr - ok
21:36:37.0594 2372 [ DE0EDE41BC530F1759C6FFFCB8C7A0CF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:36:37.0719 2372 atikmdag - ok
21:36:37.0781 2372 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:36:37.0797 2372 AudioEndpointBuilder - ok
21:36:37.0812 2372 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:36:37.0812 2372 AudioSrv - ok
21:36:37.0859 2372 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
21:36:37.0875 2372 Avc - ok
21:36:37.0921 2372 [ 155F536D6181508929F4FE177F4167CE ] AVCSTRM C:\Windows\system32\DRIVERS\avcstrm.sys
21:36:37.0921 2372 AVCSTRM - ok
21:36:37.0968 2372 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:36:37.0984 2372 AxInstSV - ok
21:36:38.0015 2372 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:36:38.0015 2372 b06bdrv - ok
21:36:38.0077 2372 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:36:38.0077 2372 b57nd60a - ok
21:36:38.0140 2372 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:36:38.0140 2372 BcmSqlStartupSvc - ok
21:36:38.0187 2372 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:36:38.0187 2372 BDESVC - ok
21:36:38.0218 2372 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:36:38.0218 2372 Beep - ok
21:36:38.0311 2372 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
21:36:38.0311 2372 BFE - ok
21:36:38.0389 2372 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
21:36:38.0389 2372 BITS - ok
21:36:38.0436 2372 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:36:38.0436 2372 blbdrive - ok
21:36:38.0499 2372 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:36:38.0499 2372 Bonjour Service - ok
21:36:38.0530 2372 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:36:38.0530 2372 bowser - ok
21:36:38.0561 2372 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:36:38.0561 2372 BrFiltLo - ok
21:36:38.0577 2372 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:36:38.0577 2372 BrFiltUp - ok
21:36:38.0639 2372 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:36:38.0639 2372 BridgeMP - ok
21:36:38.0686 2372 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
21:36:38.0686 2372 Browser - ok
21:36:38.0717 2372 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:36:38.0717 2372 Brserid - ok
21:36:38.0748 2372 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:36:38.0748 2372 BrSerWdm - ok
21:36:38.0764 2372 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:36:38.0764 2372 BrUsbMdm - ok
21:36:38.0795 2372 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:36:38.0795 2372 BrUsbSer - ok
21:36:38.0826 2372 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
21:36:38.0842 2372 BthEnum - ok
21:36:38.0889 2372 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:36:38.0889 2372 BTHMODEM - ok
21:36:38.0935 2372 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:36:38.0935 2372 BthPan - ok
21:36:38.0967 2372 [ A51FA9D0E85D5ADABEF72E67F386309C ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:36:38.0982 2372 BTHPORT - ok
21:36:39.0013 2372 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:36:39.0013 2372 bthserv - ok
21:36:39.0060 2372 [ F740B9A16B2C06700F2130E19986BF3B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:36:39.0060 2372 BTHUSB - ok
21:36:39.0154 2372 catchme - ok
21:36:39.0185 2372 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:36:39.0185 2372 cdfs - ok
21:36:39.0232 2372 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:36:39.0247 2372 cdrom - ok
21:36:39.0294 2372 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
21:36:39.0294 2372 CertPropSvc - ok
21:36:39.0341 2372 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:36:39.0341 2372 circlass - ok
21:36:39.0372 2372 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:36:39.0372 2372 CLFS - ok
21:36:39.0435 2372 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:36:39.0450 2372 clr_optimization_v2.0.50727_32 - ok
21:36:39.0466 2372 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:36:39.0466 2372 clr_optimization_v2.0.50727_64 - ok
21:36:39.0575 2372 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:36:39.0575 2372 clr_optimization_v4.0.30319_32 - ok
21:36:39.0591 2372 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:36:39.0606 2372 clr_optimization_v4.0.30319_64 - ok
21:36:39.0637 2372 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:36:39.0637 2372 CmBatt - ok
21:36:39.0669 2372 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
21:36:39.0669 2372 cmdide - ok
21:36:39.0700 2372 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
21:36:39.0700 2372 CNG - ok
21:36:39.0747 2372 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:36:39.0747 2372 Compbatt - ok
21:36:39.0793 2372 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:36:39.0793 2372 CompositeBus - ok
21:36:39.0809 2372 COMSysApp - ok
21:36:39.0840 2372 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:36:39.0840 2372 crcdisk - ok
21:36:39.0887 2372 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:36:39.0887 2372 CryptSvc - ok
21:36:39.0934 2372 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
21:36:39.0934 2372 CSC - ok
21:36:39.0996 2372 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
21:36:40.0012 2372 CscService - ok
21:36:40.0059 2372 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:36:40.0059 2372 DcomLaunch - ok
21:36:40.0105 2372 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:36:40.0105 2372 defragsvc - ok
21:36:40.0137 2372 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:36:40.0137 2372 DfsC - ok
21:36:40.0152 2372 DgiVecp - ok
21:36:40.0183 2372 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
21:36:40.0183 2372 Dhcp - ok
21:36:40.0215 2372 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:36:40.0215 2372 discache - ok
21:36:40.0277 2372 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:36:40.0277 2372 Disk - ok
21:36:40.0339 2372 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:36:40.0339 2372 Dnscache - ok
21:36:40.0355 2372 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
21:36:40.0371 2372 dot3svc - ok
21:36:40.0386 2372 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
21:36:40.0386 2372 DPS - ok
21:36:40.0417 2372 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:36:40.0417 2372 drmkaud - ok
21:36:40.0464 2372 [ 7CB7D2B73813CE05C7BC0F5F95D27CEC ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:36:40.0464 2372 DXGKrnl - ok
21:36:40.0495 2372 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:36:40.0511 2372 EapHost - ok
21:36:40.0605 2372 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:36:40.0698 2372 ebdrv - ok
21:36:40.0729 2372 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
21:36:40.0729 2372 EFS - ok
21:36:40.0792 2372 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:36:40.0807 2372 ehRecvr - ok
21:36:40.0870 2372 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:36:40.0870 2372 ehSched - ok
21:36:40.0917 2372 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:36:40.0932 2372 elxstor - ok
21:36:40.0948 2372 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
21:36:40.0948 2372 ErrDev - ok
21:36:41.0010 2372 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:36:41.0010 2372 EventSystem - ok
21:36:41.0057 2372 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:36:41.0057 2372 exfat - ok
21:36:41.0088 2372 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:36:41.0088 2372 fastfat - ok
21:36:41.0119 2372 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
21:36:41.0135 2372 Fax - ok
21:36:41.0166 2372 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:36:41.0166 2372 fdc - ok
21:36:41.0197 2372 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:36:41.0197 2372 fdPHost - ok
21:36:41.0213 2372 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:36:41.0229 2372 FDResPub - ok
21:36:41.0260 2372 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:36:41.0260 2372 FileInfo - ok
21:36:41.0275 2372 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:36:41.0275 2372 Filetrace - ok
21:36:41.0338 2372 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:36:41.0338 2372 FLEXnet Licensing Service - ok
21:36:41.0385 2372 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:36:41.0385 2372 flpydisk - ok
21:36:41.0400 2372 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:36:41.0416 2372 FltMgr - ok
21:36:41.0463 2372 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
21:36:41.0478 2372 FontCache - ok
21:36:41.0525 2372 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:36:41.0525 2372 FontCache3.0.0.0 - ok
21:36:41.0556 2372 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:36:41.0556 2372 FsDepends - ok
21:36:41.0587 2372 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:36:41.0587 2372 Fs_Rec - ok
21:36:41.0619 2372 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:36:41.0619 2372 fvevol - ok
21:36:41.0650 2372 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:36:41.0650 2372 gagp30kx - ok
21:36:41.0681 2372 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
21:36:41.0697 2372 gpsvc - ok
21:36:41.0759 2372 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:36:41.0759 2372 gupdate - ok
21:36:41.0806 2372 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:36:41.0806 2372 gupdatem - ok
21:36:41.0868 2372 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:36:41.0868 2372 gusvc - ok
21:36:41.0915 2372 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:36:41.0915 2372 hcw85cir - ok
21:36:41.0946 2372 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:36:41.0962 2372 HdAudAddService - ok
21:36:42.0009 2372 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:36:42.0009 2372 HDAudBus - ok
21:36:42.0055 2372 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:36:42.0055 2372 HidBatt - ok
21:36:42.0071 2372 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:36:42.0071 2372 HidBth - ok
21:36:42.0102 2372 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:36:42.0102 2372 HidIr - ok
21:36:42.0133 2372 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:36:42.0133 2372 hidserv - ok
21:36:42.0165 2372 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:36:42.0165 2372 HidUsb - ok
21:36:42.0196 2372 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:36:42.0196 2372 hkmsvc - ok
21:36:42.0227 2372 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:36:42.0227 2372 HomeGroupListener - ok
21:36:42.0274 2372 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:36:42.0289 2372 HomeGroupProvider - ok
21:36:42.0352 2372 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
21:36:42.0352 2372 HpSAMD - ok
21:36:42.0445 2372 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
21:36:42.0461 2372 HsfXAudioService - ok
21:36:42.0508 2372 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:36:42.0523 2372 HTTP - ok
21:36:42.0539 2372 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:36:42.0539 2372 hwpolicy - ok
21:36:42.0570 2372 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:36:42.0570 2372 i8042prt - ok
21:36:42.0633 2372 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:36:42.0633 2372 IAANTMON - ok
21:36:42.0679 2372 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:36:42.0679 2372 iaStor - ok
21:36:42.0726 2372 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
21:36:42.0742 2372 iaStorV - ok
21:36:42.0804 2372 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:36:42.0804 2372 IDriverT - ok
21:36:42.0882 2372 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:36:42.0882 2372 idsvc - ok
21:36:43.0085 2372 [ DFEAF0A1D98D397035012C8E28D1520F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:36:43.0163 2372 igfx - ok
21:36:43.0210 2372 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:36:43.0210 2372 iirsp - ok
21:36:43.0257 2372 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
21:36:43.0257 2372 IKEEXT - ok
21:36:43.0366 2372 [ B16FC828CE7A76A8F1CE682E6EAD2627 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:36:43.0397 2372 IntcAzAudAddService - ok
21:36:43.0428 2372 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
21:36:43.0444 2372 IntcHdmiAddService - ok
21:36:43.0475 2372 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
21:36:43.0475 2372 intelide - ok
21:36:43.0506 2372 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:36:43.0506 2372 intelppm - ok
21:36:43.0537 2372 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:36:43.0537 2372 IPBusEnum - ok
21:36:43.0569 2372 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:36:43.0569 2372 IpFilterDriver - ok
21:36:43.0600 2372 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:36:43.0600 2372 iphlpsvc - ok
21:36:43.0631 2372 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:36:43.0631 2372 IPMIDRV - ok
21:36:43.0662 2372 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:36:43.0662 2372 IPNAT - ok
21:36:43.0709 2372 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:36:43.0709 2372 IRENUM - ok
21:36:43.0725 2372 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
21:36:43.0740 2372 isapnp - ok
21:36:43.0740 2372 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:36:43.0756 2372 iScsiPrt - ok
21:36:43.0787 2372 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:36:43.0787 2372 kbdclass - ok
21:36:43.0803 2372 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:36:43.0803 2372 kbdhid - ok
21:36:43.0849 2372 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
21:36:43.0849 2372 KeyIso - ok
21:36:43.0865 2372 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:36:43.0865 2372 KSecDD - ok
21:36:43.0881 2372 [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:36:43.0896 2372 KSecPkg - ok
21:36:43.0896 2372 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:36:43.0896 2372 ksthunk - ok
21:36:43.0927 2372 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:36:43.0943 2372 KtmRm - ok
21:36:43.0974 2372 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:36:43.0990 2372 LanmanServer - ok
21:36:44.0005 2372 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:36:44.0005 2372 LanmanWorkstation - ok
21:36:44.0037 2372 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:36:44.0037 2372 lltdio - ok
21:36:44.0068 2372 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:36:44.0068 2372 lltdsvc - ok
21:36:44.0083 2372 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:36:44.0083 2372 lmhosts - ok
21:36:44.0130 2372 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:36:44.0130 2372 LSI_FC - ok
21:36:44.0146 2372 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:36:44.0146 2372 LSI_SAS - ok
21:36:44.0177 2372 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:36:44.0193 2372 LSI_SAS2 - ok
21:36:44.0208 2372 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:36:44.0224 2372 LSI_SCSI - ok
21:36:44.0286 2372 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:36:44.0286 2372 luafv - ok
21:36:44.0364 2372 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:36:44.0364 2372 MBAMProtector - ok
21:36:44.0473 2372 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:36:44.0473 2372 MBAMScheduler - ok
21:36:44.0520 2372 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:36:44.0520 2372 MBAMService - ok
21:36:44.0583 2372 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:36:44.0583 2372 Mcx2Svc - ok
21:36:44.0614 2372 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:36:44.0614 2372 mdmxsdk - ok
21:36:44.0645 2372 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:36:44.0645 2372 megasas - ok
21:36:44.0661 2372 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:36:44.0661 2372 MegaSR - ok
21:36:44.0707 2372 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:36:44.0707 2372 MMCSS - ok
21:36:44.0739 2372 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:36:44.0739 2372 Modem - ok
21:36:44.0770 2372 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:36:44.0770 2372 monitor - ok
21:36:44.0801 2372 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:36:44.0801 2372 mouclass - ok
21:36:44.0832 2372 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:36:44.0832 2372 mouhid - ok
21:36:44.0848 2372 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:36:44.0848 2372 mountmgr - ok
21:36:44.0957 2372 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:36:44.0957 2372 MozillaMaintenance - ok
21:36:44.0988 2372 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
21:36:44.0988 2372 mpio - ok
21:36:45.0019 2372 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:36:45.0035 2372 mpsdrv - ok
21:36:45.0082 2372 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:36:45.0097 2372 MpsSvc - ok
21:36:45.0129 2372 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:36:45.0129 2372 MRxDAV - ok
21:36:45.0144 2372 [ CFDCD8CA87C2A657DEBC150AC35B5E08 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:36:45.0144 2372 mrxsmb - ok
21:36:45.0175 2372 [ 1BEE517B220B7F024F411AEC1571DD5A ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:36:45.0175 2372 mrxsmb10 - ok
21:36:45.0191 2372 [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:36:45.0191 2372 mrxsmb20 - ok
21:36:45.0207 2372 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
21:36:45.0222 2372 msahci - ok
21:36:45.0253 2372 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
21:36:45.0253 2372 msdsm - ok
21:36:45.0269 2372 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:36:45.0269 2372 MSDTC - ok
21:36:45.0363 2372 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
21:36:45.0363 2372 MSDV - ok
21:36:45.0394 2372 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:36:45.0394 2372 Msfs - ok
21:36:45.0394 2372 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:36:45.0394 2372 mshidkmdf - ok
21:36:45.0409 2372 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
21:36:45.0409 2372 msisadrv - ok
21:36:45.0456 2372 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:36:45.0456 2372 MSiSCSI - ok
21:36:45.0472 2372 msiserver - ok
21:36:45.0503 2372 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:36:45.0503 2372 MSKSSRV - ok
21:36:45.0534 2372 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:36:45.0534 2372 MSPCLOCK - ok
21:36:45.0550 2372 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:36:45.0550 2372 MSPQM - ok
21:36:45.0581 2372 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:36:45.0581 2372 MsRPC - ok
21:36:45.0612 2372 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:36:45.0612 2372 mssmbios - ok
21:36:45.0659 2372 MSSQL$MSSMLBIZ - ok
21:36:45.0690 2372 [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:36:45.0690 2372 MSSQLServerADHelper - ok
21:36:45.0737 2372 [ 966EC55988D580B9823C453781309450 ] MSTAPE C:\Windows\system32\DRIVERS\mstape.sys
21:36:45.0737 2372 MSTAPE - ok
21:36:45.0799 2372 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:36:45.0799 2372 MSTEE - ok
21:36:45.0815 2372 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:36:45.0815 2372 MTConfig - ok
21:36:45.0846 2372 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:36:45.0846 2372 Mup - ok
21:36:45.0893 2372 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
21:36:45.0909 2372 napagent - ok
21:36:45.0955 2372 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:36:45.0971 2372 NativeWifiP - ok
21:36:46.0002 2372 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:36:46.0018 2372 NDIS - ok
21:36:46.0049 2372 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:36:46.0065 2372 NdisCap - ok
21:36:46.0096 2372 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:36:46.0096 2372 NdisTapi - ok
21:36:46.0127 2372 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:36:46.0127 2372 Ndisuio - ok
21:36:46.0143 2372 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:36:46.0143 2372 NdisWan - ok
21:36:46.0189 2372 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:36:46.0189 2372 NDProxy - ok
21:36:46.0221 2372 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:36:46.0221 2372 NetBIOS - ok
21:36:46.0236 2372 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:36:46.0236 2372 NetBT - ok
21:36:46.0283 2372 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
21:36:46.0283 2372 Netlogon - ok
21:36:46.0345 2372 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:36:46.0361 2372 Netman - ok
21:36:46.0470 2372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:36:46.0470 2372 NetMsmqActivator - ok
21:36:46.0470 2372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:36:46.0486 2372 NetPipeActivator - ok
21:36:46.0533 2372 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:36:46.0533 2372 netprofm - ok
21:36:46.0564 2372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:36:46.0564 2372 NetTcpActivator - ok
21:36:46.0579 2372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:36:46.0579 2372 NetTcpPortSharing - ok
21:36:46.0735 2372 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
21:36:46.0767 2372 netw5v64 - ok
21:36:46.0829 2372 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:36:46.0829 2372 nfrd960 - ok
21:36:46.0891 2372 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:36:46.0891 2372 NlaSvc - ok
21:36:46.0907 2372 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:36:46.0907 2372 Npfs - ok
21:36:46.0923 2372 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:36:46.0923 2372 nsi - ok
21:36:46.0954 2372 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:36:46.0954 2372 nsiproxy - ok
21:36:47.0001 2372 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:36:47.0016 2372 Ntfs - ok
21:36:47.0032 2372 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:36:47.0032 2372 Null - ok
21:36:47.0094 2372 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
21:36:47.0094 2372 nusb3hub - ok
21:36:47.0125 2372 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:36:47.0125 2372 nusb3xhc - ok
21:36:47.0172 2372 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
21:36:47.0188 2372 nvraid - ok
21:36:47.0203 2372 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
21:36:47.0203 2372 nvstor - ok
21:36:47.0235 2372 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
21:36:47.0250 2372 nv_agp - ok
21:36:47.0297 2372 [ 6EEB54E34603DD417ECE187C8402320A ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys
21:36:47.0297 2372 NWADI - ok
21:36:47.0375 2372 [ D944D4341429093F55CB7F0EC87C86B3 ] NWUSBCDFIL64 C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys
21:36:47.0375 2372 NWUSBCDFIL64 - ok
21:36:47.0406 2372 [ 877CE72712D7860FD815884438D824B8 ] NWUSBModem_000 C:\Windows\system32\DRIVERS\nwusbmdm_000.sys
21:36:47.0406 2372 NWUSBModem_000 - ok
21:36:47.0484 2372 [ 877CE72712D7860FD815884438D824B8 ] NWUSBPort2_000 C:\Windows\system32\DRIVERS\nwusbser2_000.sys
21:36:47.0484 2372 NWUSBPort2_000 - ok
21:36:47.0531 2372 [ 877CE72712D7860FD815884438D824B8 ] NWUSBPort_000 C:\Windows\system32\DRIVERS\nwusbser_000.sys
21:36:47.0531 2372 NWUSBPort_000 - ok
21:36:47.0656 2372 [ 6F67805EBE1C879DE008ED21BFCF2F02 ] NWVZHelper C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
21:36:47.0656 2372 NWVZHelper - ok
21:36:47.0734 2372 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:36:47.0734 2372 odserv - ok
21:36:47.0781 2372 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:36:47.0781 2372 ohci1394 - ok
21:36:47.0827 2372 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:36:47.0827 2372 ose - ok
21:36:47.0874 2372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:36:47.0874 2372 p2pimsvc - ok
21:36:47.0890 2372 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:36:47.0905 2372 p2psvc - ok
21:36:47.0937 2372 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:36:47.0937 2372 Parport - ok
21:36:47.0952 2372 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:36:47.0952 2372 partmgr - ok
21:36:47.0983 2372 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:36:47.0983 2372 PcaSvc - ok
21:36:48.0015 2372 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
21:36:48.0030 2372 pci - ok
21:36:48.0046 2372 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
21:36:48.0046 2372 pciide - ok
21:36:48.0061 2372 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:36:48.0077 2372 pcmcia - ok
21:36:48.0108 2372 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:36:48.0108 2372 pcw - ok
21:36:48.0124 2372 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:36:48.0139 2372 PEAUTH - ok
21:36:48.0264 2372 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:36:48.0280 2372 PeerDistSvc - ok
21:36:48.0327 2372 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:36:48.0327 2372 PerfHost - ok
21:36:48.0373 2372 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
21:36:48.0405 2372 pla - ok
21:36:48.0436 2372 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:36:48.0436 2372 PlugPlay - ok
21:36:48.0451 2372 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:36:48.0451 2372 PNRPAutoReg - ok
21:36:48.0467 2372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:36:48.0467 2372 PNRPsvc - ok
21:36:48.0514 2372 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:36:48.0514 2372 PolicyAgent - ok
21:36:48.0545 2372 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:36:48.0545 2372 Power - ok
21:36:48.0576 2372 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:36:48.0576 2372 PptpMiniport - ok
21:36:48.0607 2372 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:36:48.0607 2372 Processor - ok
21:36:48.0639 2372 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
21:36:48.0639 2372 ProfSvc - ok
21:36:48.0654 2372 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
21:36:48.0654 2372 ProtectedStorage - ok
21:36:48.0685 2372 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:36:48.0685 2372 Psched - ok
21:36:48.0763 2372 [ 94BA2C6B2B9A43D09B79C4AA328D3BF5 ] PxDMSService C:\Program Files (x86)\PIXELA\Network Utility\PxDMSService.exe
21:36:48.0763 2372 PxDMSService - ok
21:36:48.0826 2372 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:36:48.0826 2372 PxHlpa64 - ok
21:36:48.0888 2372 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:36:48.0904 2372 ql2300 - ok
21:36:48.0951 2372 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:36:48.0951 2372 ql40xx - ok
21:36:48.0982 2372 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:36:48.0997 2372 QWAVE - ok
21:36:49.0013 2372 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:36:49.0013 2372 QWAVEdrv - ok
21:36:49.0044 2372 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:36:49.0044 2372 RasAcd - ok
21:36:49.0075 2372 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:36:49.0075 2372 RasAgileVpn - ok
21:36:49.0107 2372 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:36:49.0107 2372 RasAuto - ok
21:36:49.0122 2372 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:36:49.0122 2372 Rasl2tp - ok
21:36:49.0169 2372 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
21:36:49.0185 2372 RasMan - ok
21:36:49.0200 2372 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:36:49.0216 2372 RasPppoe - ok
21:36:49.0231 2372 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:36:49.0231 2372 RasSstp - ok
21:36:49.0263 2372 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:36:49.0263 2372 rdbss - ok
21:36:49.0309 2372 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:36:49.0309 2372 rdpbus - ok
21:36:49.0325 2372 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:36:49.0325 2372 RDPCDD - ok
21:36:49.0341 2372 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:36:49.0341 2372 RDPDR - ok
21:36:49.0372 2372 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:36:49.0372 2372 RDPENCDD - ok
21:36:49.0387 2372 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:36:49.0387 2372 RDPREFMP - ok
21:36:49.0419 2372 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:36:49.0419 2372 RDPWD - ok
21:36:49.0450 2372 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:36:49.0450 2372 rdyboost - ok
21:36:49.0481 2372 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:36:49.0481 2372 RemoteAccess - ok
21:36:49.0512 2372 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:36:49.0528 2372 RemoteRegistry - ok
21:36:49.0543 2372 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:36:49.0543 2372 RFCOMM - ok
21:36:49.0590 2372 [ 258AADB43E3F3468B5CF8CB0F84872C2 ] rimsptsk C:\Windows\system32\DRIVERS\rimssn64.sys
21:36:49.0590 2372 rimsptsk - ok
21:36:49.0637 2372 [ 71E182A0DE1CECB3F912960716345405 ] risdptsk C:\Windows\system32\DRIVERS\risdsn64.sys
21:36:49.0637 2372 risdptsk - ok
21:36:49.0715 2372 [ D02E5A46F77C182CA1964080BCD586F7 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
21:36:49.0715 2372 Roxio UPnP Renderer 10 - ok
21:36:49.0746 2372 [ E5809597278802D09273EE07B5FC56E1 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
21:36:49.0746 2372 Roxio Upnp Server 10 - ok
21:36:49.0793 2372 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:36:49.0793 2372 RpcEptMapper - ok
21:36:49.0824 2372 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:36:49.0824 2372 RpcLocator - ok
21:36:49.0855 2372 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
21:36:49.0871 2372 RpcSs - ok
21:36:49.0902 2372 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:36:49.0918 2372 rspndr - ok
21:36:49.0965 2372 [ 34F05C417F038FFA3BEF69B798D7D7DD ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
21:36:49.0965 2372 RTHDMIAzAudService - ok
21:36:50.0027 2372 [ 01E6A1E53E39A0B1E2B6AE62BF52E8EC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
21:36:50.0027 2372 RtkAudioService - ok
21:36:50.0058 2372 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
21:36:50.0058 2372 s3cap - ok
21:36:50.0136 2372 [ 9A5FB8DE6567BC86FCCDE2F0336857A3 ] SampleCollector C:\Program Files\Sony\VAIO Care\collsvc.exe
21:36:50.0152 2372 SampleCollector - ok
21:36:50.0167 2372 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
21:36:50.0167 2372 SamSs - ok
21:36:50.0199 2372 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
21:36:50.0199 2372 sbp2port - ok
21:36:50.0230 2372 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:36:50.0245 2372 SCardSvr - ok
21:36:50.0277 2372 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:36:50.0277 2372 scfilter - ok
21:36:50.0308 2372 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
21:36:50.0323 2372 Schedule - ok
21:36:50.0355 2372 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:36:50.0355 2372 SCPolicySvc - ok
21:36:50.0401 2372 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:36:50.0401 2372 sdbus - ok
21:36:50.0433 2372 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:36:50.0448 2372 SDRSVC - ok
21:36:50.0464 2372 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:36:50.0464 2372 secdrv - ok
21:36:50.0479 2372 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
21:36:50.0479 2372 seclogon - ok
21:36:50.0511 2372 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:36:50.0511 2372 SENS - ok
21:36:50.0542 2372 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:36:50.0557 2372 SensrSvc - ok
21:36:50.0573 2372 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:36:50.0573 2372 Serenum - ok
21:36:50.0604 2372 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:36:50.0604 2372 Serial - ok
21:36:50.0651 2372 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:36:50.0651 2372 sermouse - ok
21:36:50.0682 2372 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
21:36:50.0698 2372 SessionEnv - ok
21:36:50.0729 2372 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
21:36:50.0729 2372 SFEP - ok
21:36:50.0760 2372 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
21:36:50.0760 2372 sffdisk - ok
21:36:50.0776 2372 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:36:50.0776 2372 sffp_mmc - ok
21:36:50.0807 2372 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
21:36:50.0807 2372 sffp_sd - ok
21:36:50.0838 2372 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:36:50.0838 2372 sfloppy - ok
21:36:50.0885 2372 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:36:50.0901 2372 SharedAccess - ok
21:36:50.0932 2372 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:36:50.0947 2372 ShellHWDetection - ok
21:36:50.0994 2372 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:36:50.0994 2372 SiSRaid2 - ok
21:36:51.0025 2372 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:36:51.0025 2372 SiSRaid4 - ok
21:36:51.0228 2372 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:36:51.0244 2372 Skype C2C Service - ok
21:36:51.0306 2372 [ 579BA0A911FF5EA70CB604CD3B744B0A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:36:51.0306 2372 SkypeUpdate - ok
21:36:51.0353 2372 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:36:51.0353 2372 Smb - ok
21:36:51.0400 2372 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:36:51.0400 2372 SNMPTRAP - ok
21:36:51.0493 2372 [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
21:36:51.0493 2372 SOHCImp - ok
21:36:51.0509 2372 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
21:36:51.0509 2372 SOHDBSvr - ok
21:36:51.0540 2372 [ 556681BE668D71DC162391A45422B52C ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
21:36:51.0540 2372 SOHDms - ok
21:36:51.0587 2372 [ 72B46103E4111439109ACF5882627C24 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
21:36:51.0587 2372 SOHDs - ok
21:36:51.0618 2372 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
21:36:51.0618 2372 SOHPlMgr - ok
21:36:51.0634 2372 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:36:51.0634 2372 spldr - ok
21:36:51.0681 2372 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
21:36:51.0681 2372 Spooler - ok
21:36:51.0759 2372 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
21:36:51.0821 2372 sppsvc - ok
21:36:51.0837 2372 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:36:51.0837 2372 sppuinotify - ok
21:36:51.0915 2372 [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:36:51.0915 2372 SQLBrowser - ok
21:36:51.0977 2372 [ D63FC56C7C3F9B576BC25F617E3F7963 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:36:51.0993 2372 SQLWriter - ok
21:36:52.0024 2372 [ EC8F67289105BF270498095F14963464 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:36:52.0039 2372 srv - ok
21:36:52.0055 2372 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:36:52.0071 2372 srv2 - ok
21:36:52.0086 2372 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:36:52.0102 2372 SrvHsfHDA - ok
21:36:52.0149 2372 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:36:52.0164 2372 SrvHsfV92 - ok
21:36:52.0195 2372 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:36:52.0195 2372 SrvHsfWinac - ok
21:36:52.0227 2372 [ 26E84D3649019C3244622E654DFCD75B ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:36:52.0227 2372 srvnet - ok
21:36:52.0273 2372 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:36:52.0273 2372 SSDPSRV - ok
21:36:52.0336 2372 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
21:36:52.0336 2372 SSPORT - ok
21:36:52.0336 2372 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:36:52.0336 2372 SstpSvc - ok
21:36:52.0367 2372 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:36:52.0367 2372 stexstor - ok
21:36:52.0414 2372 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
21:36:52.0414 2372 stisvc - ok
21:36:52.0429 2372 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
21:36:52.0429 2372 storflt - ok
21:36:52.0476 2372 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
21:36:52.0476 2372 StorSvc - ok
21:36:52.0507 2372 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
21:36:52.0507 2372 storvsc - ok
21:36:52.0539 2372 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:36:52.0539 2372 swenum - ok
21:36:52.0710 2372 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:36:52.0710 2372 SwitchBoard - ok
21:36:52.0773 2372 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:36:52.0788 2372 swprv - ok
21:36:52.0851 2372 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
21:36:52.0866 2372 SysMain - ok
21:36:52.0913 2372 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:36:52.0913 2372 TabletInputService - ok
21:36:52.0929 2372 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
21:36:52.0929 2372 TapiSrv - ok
21:36:52.0944 2372 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:36:52.0960 2372 TBS - ok
21:36:53.0038 2372 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:36:53.0069 2372 Tcpip - ok
21:36:53.0131 2372 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:36:53.0131 2372 TCPIP6 - ok
21:36:53.0163 2372 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:36:53.0163 2372 tcpipreg - ok
21:36:53.0209 2372 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:36:53.0209 2372 TDPIPE - ok
21:36:53.0209 2372 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:36:53.0209 2372 TDTCP - ok
21:36:53.0241 2372 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:36:53.0241 2372 tdx - ok
21:36:53.0272 2372 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:36:53.0272 2372 TermDD - ok
21:36:53.0319 2372 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
21:36:53.0319 2372 TermService - ok
21:36:53.0334 2372 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:36:53.0334 2372 Themes - ok
21:36:53.0381 2372 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:36:53.0381 2372 THREADORDER - ok
21:36:53.0397 2372 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:36:53.0397 2372 TrkWks - ok
21:36:53.0459 2372 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:36:53.0459 2372 TrustedInstaller - ok
21:36:53.0490 2372 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:36:53.0490 2372 tssecsrv - ok
21:36:53.0537 2372 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:36:53.0537 2372 tunnel - ok
21:36:53.0568 2372 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:36:53.0568 2372 uagp35 - ok
21:36:53.0615 2372 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
21:36:53.0615 2372 uCamMonitor - ok
21:36:53.0646 2372 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:36:53.0646 2372 udfs - ok
21:36:53.0693 2372 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:36:53.0693 2372 UI0Detect - ok
21:36:53.0709 2372 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
21:36:53.0709 2372 uliagpkx - ok
21:36:53.0755 2372 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:36:53.0755 2372 umbus - ok
21:36:53.0787 2372 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:36:53.0787 2372 UmPass - ok
21:36:53.0849 2372 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
21:36:53.0849 2372 UmRdpService - ok
21:36:53.0865 2372 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:36:53.0880 2372 upnphost - ok
21:36:53.0896 2372 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:36:53.0911 2372 usbccgp - ok
21:36:53.0943 2372 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
21:36:53.0943 2372 usbcir - ok
21:36:53.0958 2372 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:36:53.0958 2372 usbehci - ok
21:36:54.0005 2372 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:36:54.0005 2372 usbhub - ok
21:36:54.0021 2372 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:36:54.0021 2372 usbohci - ok
21:36:54.0052 2372 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:36:54.0067 2372 usbprint - ok
21:36:54.0114 2372 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:36:54.0114 2372 USBSTOR - ok
21:36:54.0130 2372 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:36:54.0130 2372 usbuhci - ok
21:36:54.0161 2372 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:36:54.0161 2372 usbvideo - ok
21:36:54.0192 2372 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:36:54.0192 2372 UxSms - ok
21:36:54.0286 2372 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
21:36:54.0286 2372 VAIO Entertainment TV Device Arbitration Service - ok
21:36:54.0411 2372 [ D4197CF0C8567046FD4AF28FF47AF528 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
21:36:54.0411 2372 VAIO Event Service - ok
21:36:54.0473 2372 [ 2D6605C1F0BBD0F71A4CB3A5B1E07240 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
21:36:54.0473 2372 VAIO Power Management - ok
21:36:54.0504 2372 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
21:36:54.0504 2372 VaultSvc - ok
21:36:54.0582 2372 [ 06FE5BEDDADB158D84E6DE33CBE19F3E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
21:36:54.0582 2372 VCFw - ok
21:36:54.0660 2372 [ 34063C0B842E73662067F9B03947C55C ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
21:36:54.0660 2372 VcmIAlzMgr - ok
21:36:54.0707 2372 [ A8F5D1651A324ABC6C308891A1252EE3 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
21:36:54.0707 2372 VcmINSMgr - ok
21:36:54.0801 2372 [ DB544B487F360128DC1C383E0A6FCC2F ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
21:36:54.0801 2372 VcmXmlIfHelper - ok
21:36:54.0801 2372 Vcsw - ok
21:36:54.0847 2372 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
21:36:54.0863 2372 vdrvroot - ok
21:36:54.0894 2372 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
21:36:54.0910 2372 vds - ok
21:36:54.0925 2372 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:36:54.0925 2372 vga - ok
21:36:54.0957 2372 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:36:54.0957 2372 VgaSave - ok
21:36:54.0988 2372 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
21:36:55.0003 2372 vhdmp - ok
21:36:55.0035 2372 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
21:36:55.0035 2372 viaide - ok
21:36:55.0066 2372 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
21:36:55.0081 2372 vmbus - ok
21:36:55.0113 2372 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
21:36:55.0113 2372 VMBusHID - ok
21:36:55.0128 2372 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
21:36:55.0144 2372 volmgr - ok
21:36:55.0191 2372 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:36:55.0191 2372 volmgrx - ok
21:36:55.0206 2372 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
21:36:55.0222 2372 volsnap - ok
21:36:55.0269 2372 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:36:55.0269 2372 vsmraid - ok
21:36:55.0331 2372 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
21:36:55.0362 2372 VSS - ok
21:36:55.0378 2372 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:36:55.0378 2372 vwifibus - ok
21:36:55.0409 2372 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:36:55.0409 2372 vwififlt - ok
21:36:55.0440 2372 [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
21:36:55.0440 2372 VzCdbSvc - ok
21:36:55.0487 2372 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:36:55.0503 2372 W32Time - ok
21:36:55.0534 2372 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:36:55.0534 2372 WacomPen - ok
21:36:55.0565 2372 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:36:55.0565 2372 WANARP - ok
21:36:55.0581 2372 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:36:55.0581 2372 Wanarpv6 - ok
21:36:55.0643 2372 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
21:36:55.0659 2372 wbengine - ok
21:36:55.0690 2372 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:36:55.0690 2372 WbioSrvc - ok
21:36:55.0705 2372 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:36:55.0721 2372 wcncsvc - ok
21:36:55.0737 2372 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:36:55.0752 2372 WcsPlugInService - ok
21:36:55.0768 2372 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:36:55.0768 2372 Wd - ok
21:36:55.0799 2372 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:36:55.0815 2372 Wdf01000 - ok
21:36:55.0846 2372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:36:55.0846 2372 WdiServiceHost - ok
21:36:55.0861 2372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:36:55.0861 2372 WdiSystemHost - ok
21:36:55.0877 2372 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
21:36:55.0893 2372 WebClient - ok
21:36:55.0908 2372 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:36:55.0924 2372 Wecsvc - ok
21:36:55.0939 2372 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:36:55.0955 2372 wercplsupport - ok
21:36:55.0986 2372 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:36:55.0986 2372 WerSvc - ok
21:36:56.0017 2372 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:36:56.0017 2372 WfpLwf - ok
21:36:56.0033 2372 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:36:56.0033 2372 WIMMount - ok
21:36:56.0049 2372 WinDefend - ok
21:36:56.0064 2372 WinHttpAutoProxySvc - ok
21:36:56.0127 2372 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:36:56.0127 2372 Winmgmt - ok
21:36:56.0189 2372 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
21:36:56.0205 2372 WinRM - ok
21:36:56.0314 2372 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:36:56.0314 2372 WinUsb - ok
21:36:56.0392 2372 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:36:56.0407 2372 Wlansvc - ok
21:36:56.0439 2372 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:36:56.0439 2372 WmiAcpi - ok
21:36:56.0485 2372 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:36:56.0485 2372 wmiApSrv - ok
21:36:56.0517 2372 WMPNetworkSvc - ok
21:36:56.0532 2372 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:36:56.0532 2372 WPCSvc - ok
21:36:56.0563 2372 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:36:56.0563 2372 WPDBusEnum - ok
21:36:56.0595 2372 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:36:56.0595 2372 ws2ifsl - ok
21:36:56.0626 2372 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:36:56.0641 2372 wscsvc - ok
21:36:56.0641 2372 WSearch - ok
21:36:56.0719 2372 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
21:36:56.0735 2372 wuauserv - ok
21:36:56.0766 2372 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:36:56.0766 2372 WudfPf - ok
21:36:56.0797 2372 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:36:56.0813 2372 WUDFRd - ok
21:36:56.0844 2372 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:36:56.0844 2372 wudfsvc - ok
21:36:56.0860 2372 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:36:56.0875 2372 WwanSvc - ok
21:36:56.0907 2372 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
21:36:56.0907 2372 XAudio - ok
21:36:56.0953 2372 [ 6AFFD75C6807B3DD3AB018E27B88EF95 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
21:36:56.0953 2372 yukonw7 - ok
21:36:56.0969 2372 ================ Scan global ===============================
21:36:56.0985 2372 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:36:57.0016 2372 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
21:36:57.0031 2372 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
21:36:57.0063 2372 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:36:57.0094 2372 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:36:57.0094 2372 [Global] - ok
21:36:57.0094 2372 ================ Scan MBR ==================================
21:36:57.0109 2372 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:36:57.0343 2372 \Device\Harddisk0\DR0 - ok
21:36:57.0343 2372 ================ Scan VBR ==================================
21:36:57.0343 2372 [ F1E87244CEFAF03CED43B889B9312D56 ] \Device\Harddisk0\DR0\Partition1
21:36:57.0343 2372 \Device\Harddisk0\DR0\Partition1 - ok
21:36:57.0375 2372 [ 61F81954C9968E3D6D6701BE25912ECE ] \Device\Harddisk0\DR0\Partition2
21:36:57.0375 2372 \Device\Harddisk0\DR0\Partition2 - ok
21:36:57.0375 2372 ============================================================
21:36:57.0375 2372 Scan finished
21:36:57.0375 2372 ============================================================
21:36:57.0390 6124 Detected object count: 0
21:36:57.0390 6124 Actual detected object count: 0
21:37:08.0560 3248 ============================================================
21:37:08.0560 3248 Scan started
21:37:08.0560 3248 Mode: Manual; TDLFS;
21:37:08.0560 3248 ============================================================
21:37:08.0809 3248 ================ Scan system memory ========================
21:37:08.0809 3248 System memory - ok
21:37:08.0809 3248 ================ Scan services =============================
21:37:08.0950 3248 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
21:37:08.0950 3248 1394ohci - ok
21:37:09.0059 3248 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:37:09.0075 3248 ACDaemon - ok
21:37:09.0106 3248 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
21:37:09.0106 3248 ACPI - ok
21:37:09.0137 3248 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
21:37:09.0137 3248 AcpiPmi - ok
21:37:09.0277 3248 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:37:09.0277 3248 AdobeFlashPlayerUpdateSvc - ok
21:37:09.0309 3248 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:37:09.0324 3248 adp94xx - ok
21:37:09.0340 3248 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:37:09.0340 3248 adpahci - ok
21:37:09.0371 3248 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:37:09.0371 3248 adpu320 - ok
21:37:09.0418 3248 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:37:09.0418 3248 AeLookupSvc - ok
21:37:09.0465 3248 [ B9384E03479D2506BC924C16A3DB87BC ] AFD C:\Windows\system32\drivers\afd.sys
21:37:09.0480 3248 AFD - ok
21:37:09.0511 3248 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
21:37:09.0511 3248 agp440 - ok
21:37:09.0543 3248 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:37:09.0543 3248 ALG - ok
21:37:09.0574 3248 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
21:37:09.0574 3248 aliide - ok
21:37:09.0589 3248 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
21:37:09.0589 3248 amdide - ok
21:37:09.0605 3248 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:37:09.0605 3248 AmdK8 - ok
21:37:09.0636 3248 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:37:09.0652 3248 AmdPPM - ok
21:37:09.0683 3248 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
21:37:09.0683 3248 amdsata - ok
21:37:09.0714 3248 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:37:09.0714 3248 amdsbs - ok
21:37:09.0745 3248 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
21:37:09.0745 3248 amdxata - ok
21:37:09.0792 3248 [ 56BD886820C4AEDF493CFCDF1CCFB004 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
21:37:09.0792 3248 ApfiltrService - ok
21:37:09.0808 3248 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
21:37:09.0823 3248 AppID - ok
21:37:09.0839 3248 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:37:09.0839 3248 AppIDSvc - ok
21:37:09.0855 3248 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
21:37:09.0870 3248 Appinfo - ok
21:37:09.0870 3248 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:37:09.0886 3248 AppMgmt - ok
21:37:09.0917 3248 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:37:09.0917 3248 arc - ok
21:37:09.0948 3248 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:37:09.0948 3248 arcsas - ok
21:37:09.0964 3248 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
21:37:09.0964 3248 ArcSoftKsUFilter - ok
21:37:10.0120 3248 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:37:10.0120 3248 aspnet_state - ok
21:37:10.0167 3248 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:37:10.0167 3248 AsyncMac - ok
21:37:10.0182 3248 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
21:37:10.0182 3248 atapi - ok
21:37:10.0245 3248 [ 5D4529AC4156E16BEDB01441AE0CF984 ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:37:10.0245 3248 athr - ok
21:37:10.0416 3248 [ DE0EDE41BC530F1759C6FFFCB8C7A0CF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:37:10.0447 3248 atikmdag - ok
21:37:10.0494 3248 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:37:10.0494 3248 AudioEndpointBuilder - ok
21:37:10.0510 3248 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:37:10.0510 3248 AudioSrv - ok
21:37:10.0541 3248 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
21:37:10.0541 3248 Avc - ok
21:37:10.0588 3248 [ 155F536D6181508929F4FE177F4167CE ] AVCSTRM C:\Windows\system32\DRIVERS\avcstrm.sys
21:37:10.0588 3248 AVCSTRM - ok
21:37:10.0619 3248 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:37:10.0619 3248 AxInstSV - ok
21:37:10.0650 3248 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:37:10.0650 3248 b06bdrv - ok
21:37:10.0681 3248 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:37:10.0681 3248 b57nd60a - ok
21:37:10.0744 3248 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:37:10.0744 3248 BcmSqlStartupSvc - ok
21:37:10.0775 3248 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:37:10.0775 3248 BDESVC - ok
21:37:10.0806 3248 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:37:10.0806 3248 Beep - ok
21:37:10.0837 3248 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
21:37:10.0853 3248 BFE - ok
21:37:10.0900 3248 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
21:37:10.0900 3248 BITS - ok
21:37:10.0931 3248 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:37:10.0931 3248 blbdrive - ok
21:37:10.0978 3248 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:37:10.0993 3248 Bonjour Service - ok
21:37:11.0009 3248 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:37:11.0009 3248 bowser - ok
21:37:11.0040 3248 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:37:11.0040 3248 BrFiltLo - ok
21:37:11.0056 3248 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:37:11.0056 3248 BrFiltUp - ok
21:37:11.0071 3248 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:37:11.0071 3248 BridgeMP - ok
21:37:11.0103 3248 [ 94FBC06F294D58D02361918418F996E3 ] Browser C:\Windows\System32\browser.dll
21:37:11.0103 3248 Browser - ok
21:37:11.0134 3248 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:37:11.0134 3248 Brserid - ok
21:37:11.0149 3248 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:37:11.0149 3248 BrSerWdm - ok
21:37:11.0181 3248 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:37:11.0181 3248 BrUsbMdm - ok
21:37:11.0196 3248 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:37:11.0196 3248 BrUsbSer - ok
21:37:11.0227 3248 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
21:37:11.0227 3248 BthEnum - ok
21:37:11.0259 3248 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:37:11.0259 3248 BTHMODEM - ok
21:37:11.0274 3248 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:37:11.0274 3248 BthPan - ok
21:37:11.0305 3248 [ A51FA9D0E85D5ADABEF72E67F386309C ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:37:11.0305 3248 BTHPORT - ok
21:37:11.0337 3248 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:37:11.0337 3248 bthserv - ok
21:37:11.0352 3248 [ F740B9A16B2C06700F2130E19986BF3B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:37:11.0352 3248 BTHUSB - ok
21:37:11.0399 3248 catchme - ok
21:37:11.0430 3248 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:37:11.0430 3248 cdfs - ok
21:37:11.0461 3248 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:37:11.0461 3248 cdrom - ok
21:37:11.0493 3248 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
21:37:11.0493 3248 CertPropSvc - ok
21:37:11.0524 3248 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:37:11.0524 3248 circlass - ok
21:37:11.0539 3248 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:37:11.0539 3248 CLFS - ok
21:37:11.0617 3248 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:37:11.0617 3248 clr_optimization_v2.0.50727_32 - ok
21:37:11.0633 3248 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:37:11.0633 3248 clr_optimization_v2.0.50727_64 - ok
21:37:11.0742 3248 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:37:11.0742 3248 clr_optimization_v4.0.30319_32 - ok
21:37:11.0758 3248 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:37:11.0758 3248 clr_optimization_v4.0.30319_64 - ok
21:37:11.0789 3248 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:37:11.0789 3248 CmBatt - ok
21:37:11.0820 3248 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
21:37:11.0820 3248 cmdide - ok
21:37:11.0851 3248 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1 ] CNG C:\Windows\system32\Drivers\cng.sys
21:37:11.0851 3248 CNG - ok
21:37:11.0883 3248 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:37:11.0883 3248 Compbatt - ok
21:37:11.0898 3248 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:37:11.0898 3248 CompositeBus - ok
21:37:11.0914 3248 COMSysApp - ok
21:37:11.0945 3248 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:37:11.0945 3248 crcdisk - ok
21:37:11.0976 3248 [ 8C57411B66282C01533CB776F98AD384 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:37:11.0976 3248 CryptSvc - ok
21:37:12.0007 3248 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
21:37:12.0007 3248 CSC - ok
21:37:12.0039 3248 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
21:37:12.0054 3248 CscService - ok
21:37:12.0101 3248 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:37:12.0101 3248 DcomLaunch - ok
21:37:12.0132 3248 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:37:12.0148 3248 defragsvc - ok
21:37:12.0148 3248 [ 3F1DC527070ACB87E40AFE46EF6DA749 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:37:12.0148 3248 DfsC - ok
21:37:12.0163 3248 DgiVecp - ok
21:37:12.0179 3248 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
21:37:12.0195 3248 Dhcp - ok
21:37:12.0195 3248 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:37:12.0195 3248 discache - ok
21:37:12.0241 3248 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:37:12.0241 3248 Disk - ok
21:37:12.0304 3248 [ 676108C4E3AA6F6B34633748BD0BEBD9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:37:12.0304 3248 Dnscache - ok
21:37:12.0319 3248 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
21:37:12.0335 3248 dot3svc - ok
21:37:12.0335 3248 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
21:37:12.0335 3248 DPS - ok
21:37:12.0366 3248 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:37:12.0366 3248 drmkaud - ok
21:37:12.0397 3248 [ 7CB7D2B73813CE05C7BC0F5F95D27CEC ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:37:12.0413 3248 DXGKrnl - ok
21:37:12.0444 3248 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:37:12.0444 3248 EapHost - ok
21:37:12.0569 3248 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:37:12.0600 3248 ebdrv - ok
21:37:12.0631 3248 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
21:37:12.0631 3248 EFS - ok
21:37:12.0694 3248 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:37:12.0709 3248 ehRecvr - ok
21:37:12.0725 3248 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:37:12.0725 3248 ehSched - ok
21:37:12.0772 3248 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:37:12.0787 3248 elxstor - ok
21:37:12.0803 3248 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
21:37:12.0803 3248 ErrDev - ok
21:37:12.0850 3248 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:37:12.0850 3248 EventSystem - ok
21:37:12.0897 3248 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:37:12.0897 3248 exfat - ok
21:37:12.0912 3248 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:37:12.0912 3248 fastfat - ok
21:37:12.0943 3248 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
21:37:12.0943 3248 Fax - ok
21:37:12.0975 3248 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:37:12.0975 3248 fdc - ok
21:37:13.0006 3248 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:37:13.0006 3248 fdPHost - ok
21:37:13.0021 3248 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:37:13.0021 3248 FDResPub - ok
21:37:13.0068 3248 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:37:13.0068 3248 FileInfo - ok
21:37:13.0084 3248 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:37:13.0084 3248 Filetrace - ok
21:37:13.0146 3248 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:37:13.0146 3248 FLEXnet Licensing Service - ok
21:37:13.0193 3248 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:37:13.0193 3248 flpydisk - ok
21:37:13.0224 3248 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:37:13.0224 3248 FltMgr - ok
21:37:13.0255 3248 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A ] FontCache C:\Windows\system32\FntCache.dll
21:37:13.0271 3248 FontCache - ok
21:37:13.0318 3248 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:37:13.0318 3248 FontCache3.0.0.0 - ok
21:37:13.0349 3248 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:37:13.0349 3248 FsDepends - ok
21:37:13.0380 3248 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:37:13.0380 3248 Fs_Rec - ok
21:37:13.0396 3248 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:37:13.0396 3248 fvevol - ok
21:37:13.0427 3248 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:37:13.0427 3248 gagp30kx - ok
21:37:13.0474 3248 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
21:37:13.0474 3248 gpsvc - ok
21:37:13.0505 3248 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:37:13.0505 3248 gupdate - ok
21:37:13.0521 3248 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:37:13.0521 3248 gupdatem - ok
21:37:13.0536 3248 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:37:13.0536 3248 gusvc - ok
21:37:13.0552 3248 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:37:13.0552 3248 hcw85cir - ok
21:37:13.0583 3248 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:37:13.0583 3248 HdAudAddService - ok
21:37:13.0599 3248 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:37:13.0599 3248 HDAudBus - ok
21:37:13.0630 3248 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:37:13.0630 3248 HidBatt - ok
21:37:13.0661 3248 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:37:13.0661 3248 HidBth - ok
21:37:13.0677 3248 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:37:13.0692 3248 HidIr - ok
21:37:13.0723 3248 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:37:13.0723 3248 hidserv - ok
21:37:13.0723 3248 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:37:13.0723 3248 HidUsb - ok
21:37:13.0770 3248 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:37:13.0770 3248 hkmsvc - ok
21:37:13.0786 3248 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:37:13.0786 3248 HomeGroupListener - ok
21:37:13.0817 3248 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:37:13.0817 3248 HomeGroupProvider - ok
21:37:13.0848 3248 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
21:37:13.0848 3248 HpSAMD - ok
21:37:13.0942 3248 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
21:37:13.0942 3248 HsfXAudioService - ok
21:37:14.0004 3248 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:37:14.0004 3248 HTTP - ok
21:37:14.0035 3248 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:37:14.0035 3248 hwpolicy - ok
21:37:14.0067 3248 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:37:14.0067 3248 i8042prt - ok
21:37:14.0129 3248 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:37:14.0129 3248 IAANTMON - ok
21:37:14.0160 3248 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:37:14.0160 3248 iaStor - ok
21:37:14.0207 3248 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
21:37:14.0223 3248 iaStorV - ok
21:37:14.0285 3248 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:37:14.0285 3248 IDriverT - ok
21:37:14.0363 3248 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:37:14.0379 3248 idsvc - ok
21:37:14.0566 3248 [ DFEAF0A1D98D397035012C8E28D1520F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:37:14.0613 3248 igfx - ok
21:37:14.0644 3248 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:37:14.0644 3248 iirsp - ok
21:37:14.0691 3248 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
21:37:14.0691 3248 IKEEXT - ok
21:37:14.0753 3248 [ B16FC828CE7A76A8F1CE682E6EAD2627 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:37:14.0769 3248 IntcAzAudAddService - ok
21:37:14.0800 3248 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
21:37:14.0800 3248 IntcHdmiAddService - ok
21:37:14.0831 3248 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
21:37:14.0831 3248 intelide - ok
21:37:14.0847 3248 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:37:14.0847 3248 intelppm - ok
21:37:14.0893 3248 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:37:14.0893 3248 IPBusEnum - ok
21:37:14.0909 3248 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:37:14.0909 3248 IpFilterDriver - ok
21:37:14.0940 3248 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:37:14.0940 3248 iphlpsvc - ok
21:37:14.0971 3248 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:37:14.0971 3248 IPMIDRV - ok
21:37:14.0987 3248 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:37:14.0987 3248 IPNAT - ok
21:37:15.0018 3248 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:37:15.0018 3248 IRENUM - ok
21:37:15.0049 3248 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
21:37:15.0049 3248 isapnp - ok
21:37:15.0065 3248 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:37:15.0065 3248 iScsiPrt - ok
21:37:15.0096 3248 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:37:15.0096 3248 kbdclass - ok
21:37:15.0112 3248 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:37:15.0112 3248 kbdhid - ok
21:37:15.0127 3248 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
21:37:15.0127 3248 KeyIso - ok
21:37:15.0159 3248 [ E8B6FCC9C83535C67F835D407620BD27 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:37:15.0159 3248 KSecDD - ok
21:37:15.0174 3248 [ BBE1BF6D9B661C354D4857D5FADB943B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:37:15.0174 3248 KSecPkg - ok
21:37:15.0190 3248 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:37:15.0190 3248 ksthunk - ok
21:37:15.0221 3248 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:37:15.0237 3248 KtmRm - ok
21:37:15.0252 3248 [ C926920B8978DE6ACFE9E15C709E9B57 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:37:15.0268 3248 LanmanServer - ok
21:37:15.0283 3248 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:37:15.0283 3248 LanmanWorkstation - ok
21:37:15.0299 3248 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:37:15.0299 3248 lltdio - ok
21:37:15.0330 3248 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:37:15.0346 3248 lltdsvc - ok
21:37:15.0361 3248 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:37:15.0361 3248 lmhosts - ok
21:37:15.0393 3248 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:37:15.0393 3248 LSI_FC - ok
21:37:15.0424 3248 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:37:15.0424 3248 LSI_SAS - ok
21:37:15.0424 3248 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:37:15.0424 3248 LSI_SAS2 - ok
21:37:15.0455 3248 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:37:15.0455 3248 LSI_SCSI - ok
21:37:15.0486 3248 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:37:15.0486 3248 luafv - ok
21:37:15.0533 3248 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:37:15.0533 3248 MBAMProtector - ok
21:37:15.0564 3248 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:37:15.0564 3248 MBAMScheduler - ok
21:37:15.0595 3248 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:37:15.0611 3248 MBAMService - ok
21:37:15.0627 3248 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:37:15.0642 3248 Mcx2Svc - ok
21:37:15.0658 3248 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:37:15.0658 3248 mdmxsdk - ok
21:37:15.0689 3248 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:37:15.0689 3248 megasas - ok
21:37:15.0705 3248 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:37:15.0705 3248 MegaSR - ok
21:37:15.0736 3248 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:37:15.0751 3248 MMCSS - ok
21:37:15.0783 3248 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:37:15.0783 3248 Modem - ok
21:37:15.0798 3248 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:37:15.0798 3248 monitor - ok
21:37:15.0814 3248 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:37:15.0814 3248 mouclass - ok
21:37:15.0829 3248 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:37:15.0829 3248 mouhid - ok
21:37:15.0845 3248 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:37:15.0845 3248 mountmgr - ok
21:37:15.0907 3248 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:37:15.0907 3248 MozillaMaintenance - ok
21:37:15.0939 3248 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
21:37:15.0939 3248 mpio - ok
21:37:15.0970 3248 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:37:15.0970 3248 mpsdrv - ok
21:37:16.0032 3248 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:37:16.0048 3248 MpsSvc - ok
21:37:16.0063 3248 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:37:16.0063 3248 MRxDAV - ok
21:37:16.0095 3248 [ CFDCD8CA87C2A657DEBC150AC35B5E08 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:37:16.0095 3248 mrxsmb - ok
21:37:16.0110 3248 [ 1BEE517B220B7F024F411AEC1571DD5A ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:37:16.0126 3248 mrxsmb10 - ok
21:37:16.0141 3248 [ 6B2D5FEF385828B6E485C1C90AFB8195 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:37:16.0141 3248 mrxsmb20 - ok
21:37:16.0157 3248 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
21:37:16.0157 3248 msahci - ok
21:37:16.0204 3248 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
21:37:16.0204 3248 msdsm - ok
21:37:16.0219 3248 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:37:16.0219 3248 MSDTC - ok
21:37:16.0282 3248 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
21:37:16.0282 3248 MSDV - ok
21:37:16.0297 3248 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:37:16.0297 3248 Msfs - ok
21:37:16.0329 3248 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:37:16.0329 3248 mshidkmdf - ok
21:37:16.0344 3248 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
21:37:16.0344 3248 msisadrv - ok
21:37:16.0375 3248 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:37:16.0391 3248 MSiSCSI - ok
21:37:16.0391 3248 msiserver - ok
21:37:16.0422 3248 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:37:16.0422 3248 MSKSSRV - ok
21:37:16.0453 3248 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:37:16.0453 3248 MSPCLOCK - ok
21:37:16.0469 3248 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:37:16.0469 3248 MSPQM - ok
21:37:16.0485 3248 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:37:16.0485 3248 MsRPC - ok
21:37:16.0531 3248 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:37:16.0531 3248 mssmbios - ok
21:37:16.0563 3248 MSSQL$MSSMLBIZ - ok
21:37:16.0594 3248 [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:37:16.0594 3248 MSSQLServerADHelper - ok
21:37:16.0656 3248 [ 966EC55988D580B9823C453781309450 ] MSTAPE C:\Windows\system32\DRIVERS\mstape.sys
21:37:16.0656 3248 MSTAPE - ok
21:37:16.0687 3248 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:37:16.0687 3248 MSTEE - ok
21:37:16.0719 3248 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:37:16.0719 3248 MTConfig - ok
21:37:16.0734 3248 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:37:16.0734 3248 Mup - ok
21:37:16.0781 3248 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
21:37:16.0781 3248 napagent - ok
21:37:16.0812 3248 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:37:16.0812 3248 NativeWifiP - ok
21:37:16.0843 3248 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
21:37:16.0859 3248 NDIS - ok
21:37:16.0875 3248 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:37:16.0875 3248 NdisCap - ok
21:37:16.0890 3248 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:37:16.0890 3248 NdisTapi - ok
21:37:16.0921 3248 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:37:16.0921 3248 Ndisuio - ok
21:37:16.0937 3248 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:37:16.0937 3248 NdisWan - ok
21:37:16.0984 3248 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:37:16.0984 3248 NDProxy - ok
21:37:16.0999 3248 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:37:16.0999 3248 NetBIOS - ok
21:37:17.0015 3248 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:37:17.0015 3248 NetBT - ok
21:37:17.0031 3248 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
21:37:17.0031 3248 Netlogon - ok
21:37:17.0077 3248 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:37:17.0077 3248 Netman - ok
21:37:17.0171 3248 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:37:17.0171 3248 NetMsmqActivator - ok
21:37:17.0187 3248 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:37:17.0187 3248 NetPipeActivator - ok
21:37:17.0218 3248 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:37:17.0218 3248 netprofm - ok
21:37:17.0233 3248 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:37:17.0233 3248 NetTcpActivator - ok
21:37:17.0249 3248 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:37:17.0249 3248 NetTcpPortSharing - ok
21:37:17.0389 3248 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
21:37:17.0421 3248 netw5v64 - ok
21:37:17.0467 3248 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:37:17.0467 3248 nfrd960 - ok
21:37:17.0514 3248 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:37:17.0514 3248 NlaSvc - ok
21:37:17.0530 3248 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:37:17.0530 3248 Npfs - ok
21:37:17.0545 3248 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:37:17.0545 3248 nsi - ok
21:37:17.0561 3248 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:37:17.0561 3248 nsiproxy - ok
21:37:17.0608 3248 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:37:17.0623 3248 Ntfs - ok
21:37:17.0639 3248 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:37:17.0639 3248 Null - ok
21:37:17.0686 3248 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
21:37:17.0686 3248 nusb3hub - ok
21:37:17.0717 3248 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:37:17.0733 3248 nusb3xhc - ok
21:37:17.0764 3248 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
21:37:17.0764 3248 nvraid - ok
21:37:17.0779 3248 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
21:37:17.0779 3248 nvstor - ok
21:37:17.0826 3248 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
21:37:17.0826 3248 nv_agp - ok
21:37:17.0873 3248 [ 6EEB54E34603DD417ECE187C8402320A ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys
21:37:17.0873 3248 NWADI - ok
21:37:17.0920 3248 [ D944D4341429093F55CB7F0EC87C86B3 ] NWUSBCDFIL64 C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys
21:37:17.0920 3248 NWUSBCDFIL64 - ok
21:37:17.0951 3248 [ 877CE72712D7860FD815884438D824B8 ] NWUSBModem_000 C:\Windows\system32\DRIVERS\nwusbmdm_000.sys
21:37:17.0951 3248 NWUSBModem_000 - ok
21:37:18.0013 3248 [ 877CE72712D7860FD815884438D824B8 ] NWUSBPort2_000 C:\Windows\system32\DRIVERS\nwusbser2_000.sys
21:37:18.0013 3248 NWUSBPort2_000 - ok
21:37:18.0076 3248 [ 877CE72712D7860FD815884438D824B8 ] NWUSBPort_000 C:\Windows\system32\DRIVERS\nwusbser_000.sys
21:37:18.0076 3248 NWUSBPort_000 - ok
21:37:18.0123 3248 [ 6F67805EBE1C879DE008ED21BFCF2F02 ] NWVZHelper C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
21:37:18.0138 3248 NWVZHelper - ok
21:37:18.0216 3248 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:37:18.0216 3248 odserv - ok
21:37:18.0263 3248 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:37:18.0263 3248 ohci1394 - ok
21:37:18.0294 3248 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:37:18.0310 3248 ose - ok
21:37:18.0341 3248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:37:18.0341 3248 p2pimsvc - ok
21:37:18.0357 3248 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:37:18.0372 3248 p2psvc - ok
21:37:18.0403 3248 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:37:18.0403 3248 Parport - ok
21:37:18.0419 3248 [ 7DAA117143316C4A1537E074A5A9EAF0 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:37:18.0419 3248 partmgr - ok
21:37:18.0450 3248 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:37:18.0450 3248 PcaSvc - ok
21:37:18.0497 3248 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
21:37:18.0497 3248 pci - ok
21:37:18.0513 3248 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
21:37:18.0513 3248 pciide - ok
21:37:18.0544 3248 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:37:18.0544 3248 pcmcia - ok
21:37:18.0575 3248 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:37:18.0575 3248 pcw - ok
21:37:18.0606 3248 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:37:18.0622 3248 PEAUTH - ok
21:37:18.0684 3248 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:37:18.0684 3248 PeerDistSvc - ok
21:37:18.0731 3248 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:37:18.0731 3248 PerfHost - ok
21:37:18.0778 3248 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
21:37:18.0793 3248 pla - ok
21:37:18.0825 3248 [ 23157D583244400E1D7FBAEE2E4B31B7 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:37:18.0825 3248 PlugPlay - ok
21:37:18.0840 3248 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:37:18.0840 3248 PNRPAutoReg - ok
21:37:18.0871 3248 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:37:18.0871 3248 PNRPsvc - ok
21:37:18.0903 3248 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:37:18.0918 3248 PolicyAgent - ok
21:37:18.0949 3248 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:37:18.0949 3248 Power - ok
21:37:18.0965 3248 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:37:18.0965 3248 PptpMiniport - ok
21:37:18.0996 3248 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:37:18.0996 3248 Processor - ok
21:37:19.0012 3248 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
21:37:19.0012 3248 ProfSvc - ok
21:37:19.0027 3248 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
21:37:19.0027 3248 ProtectedStorage - ok
21:37:19.0043 3248 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:37:19.0043 3248 Psched - ok
21:37:19.0121 3248 [ 94BA2C6B2B9A43D09B79C4AA328D3BF5 ] PxDMSService C:\Program Files (x86)\PIXELA\Network Utility\PxDMSService.exe
21:37:19.0121 3248 PxDMSService - ok
21:37:19.0183 3248 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:37:19.0183 3248 PxHlpa64 - ok
21:37:19.0246 3248 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:37:19.0261 3248 ql2300 - ok
21:37:19.0293 3248 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:37:19.0293 3248 ql40xx - ok
21:37:19.0339 3248 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:37:19.0339 3248 QWAVE - ok
21:37:19.0371 3248 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:37:19.0371 3248 QWAVEdrv - ok
21:37:19.0386 3248 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:37:19.0386 3248 RasAcd - ok
21:37:19.0402 3248 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:37:19.0402 3248 RasAgileVpn - ok
21:37:19.0433 3248 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:37:19.0433 3248 RasAuto - ok
21:37:19.0449 3248 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:37:19.0449 3248 Rasl2tp - ok
21:37:19.0480 3248 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
21:37:19.0480 3248 RasMan - ok
21:37:19.0495 3248 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:37:19.0495 3248 RasPppoe - ok
21:37:19.0511 3248 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:37:19.0511 3248 RasSstp - ok
21:37:19.0558 3248 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:37:19.0558 3248 rdbss - ok
21:37:19.0589 3248 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:37:19.0589 3248 rdpbus - ok
21:37:19.0605 3248 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:37:19.0605 3248 RDPCDD - ok
21:37:19.0636 3248 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:37:19.0636 3248 RDPDR - ok
21:37:19.0651 3248 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:37:19.0651 3248 RDPENCDD - ok
21:37:19.0667 3248 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:37:19.0667 3248 RDPREFMP - ok
21:37:19.0698 3248 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:37:19.0698 3248 RDPWD - ok
21:37:19.0714 3248 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:37:19.0729 3248 rdyboost - ok
21:37:19.0745 3248 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:37:19.0761 3248 RemoteAccess - ok
21:37:19.0792 3248 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:37:19.0792 3248 RemoteRegistry - ok
21:37:19.0807 3248 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:37:19.0807 3248 RFCOMM - ok
21:37:19.0839 3248 [ 258AADB43E3F3468B5CF8CB0F84872C2 ] rimsptsk C:\Windows\system32\DRIVERS\rimssn64.sys
21:37:19.0839 3248 rimsptsk - ok
21:37:19.0854 3248 [ 71E182A0DE1CECB3F912960716345405 ] risdptsk C:\Windows\system32\DRIVERS\risdsn64.sys
21:37:19.0870 3248 risdptsk - ok
21:37:19.0948 3248 [ D02E5A46F77C182CA1964080BCD586F7 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
21:37:19.0948 3248 Roxio UPnP Renderer 10 - ok
21:37:19.0979 3248 [ E5809597278802D09273EE07B5FC56E1 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
21:37:19.0979 3248 Roxio Upnp Server 10 - ok
21:37:20.0026 3248 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:37:20.0026 3248 RpcEptMapper - ok
21:37:20.0073 3248 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:37:20.0073 3248 RpcLocator - ok
21:37:20.0104 3248 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
21:37:20.0119 3248 RpcSs - ok
21:37:20.0151 3248 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:37:20.0151 3248 rspndr - ok
21:37:20.0182 3248 [ 34F05C417F038FFA3BEF69B798D7D7DD ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
21:37:20.0182 3248 RTHDMIAzAudService - ok
21:37:20.0260 3248 [ 01E6A1E53E39A0B1E2B6AE62BF52E8EC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
21:37:20.0275 3248 RtkAudioService - ok
21:37:20.0307 3248 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
21:37:20.0307 3248 s3cap - ok
21:37:20.0385 3248 [ 9A5FB8DE6567BC86FCCDE2F0336857A3 ] SampleCollector C:\Program Files\Sony\VAIO Care\collsvc.exe
21:37:20.0385 3248 SampleCollector - ok
21:37:20.0416 3248 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
21:37:20.0416 3248 SamSs - ok
21:37:20.0463 3248 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
21:37:20.0463 3248 sbp2port - ok
21:37:20.0494 3248 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:37:20.0494 3248 SCardSvr - ok
21:37:20.0525 3248 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:37:20.0525 3248 scfilter - ok
21:37:20.0556 3248 [ EC56B171F85C7E855E7B0588AC503EEA ] Schedule C:\Windows\system32\schedsvc.dll
21:37:20.0572 3248 Schedule - ok
21:37:20.0603 3248 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:37:20.0603 3248 SCPolicySvc - ok
21:37:20.0650 3248 [ 54E47AD086782D3AE9417C155CDCEB9B ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:37:20.0650 3248 sdbus - ok
21:37:20.0681 3248 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:37:20.0681 3248 SDRSVC - ok
21:37:20.0697 3248 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:37:20.0697 3248 secdrv - ok
21:37:20.0712 3248 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
21:37:20.0712 3248 seclogon - ok
21:37:20.0743 3248 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:37:20.0743 3248 SENS - ok
21:37:20.0759 3248 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:37:20.0759 3248 SensrSvc - ok
21:37:20.0790 3248 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:37:20.0790 3248 Serenum - ok
21:37:20.0806 3248 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:37:20.0806 3248 Serial - ok
21:37:20.0853 3248 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:37:20.0853 3248 sermouse - ok
21:37:20.0899 3248 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
21:37:20.0899 3248 SessionEnv - ok
21:37:20.0931 3248 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
21:37:20.0931 3248 SFEP - ok
21:37:20.0962 3248 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
21:37:20.0962 3248 sffdisk - ok
21:37:20.0977 3248 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:37:20.0977 3248 sffp_mmc - ok
21:37:21.0009 3248 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
21:37:21.0009 3248 sffp_sd - ok
21:37:21.0040 3248 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:37:21.0040 3248 sfloppy - ok
21:37:21.0071 3248 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:37:21.0071 3248 SharedAccess - ok
21:37:21.0102 3248 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:37:21.0102 3248 ShellHWDetection - ok
21:37:21.0133 3248 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:37:21.0133 3248 SiSRaid2 - ok
21:37:21.0165 3248 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:37:21.0180 3248 SiSRaid4 - ok
21:37:21.0336 3248 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:37:21.0367 3248 Skype C2C Service - ok
21:37:21.0414 3248 [ 579BA0A911FF5EA70CB604CD3B744B0A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:37:21.0414 3248 SkypeUpdate - ok
21:37:21.0445 3248 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:37:21.0445 3248 Smb - ok
21:37:21.0477 3248 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:37:21.0477 3248 SNMPTRAP - ok
21:37:21.0570 3248 [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
21:37:21.0570 3248 SOHCImp - ok
21:37:21.0586 3248 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
21:37:21.0586 3248 SOHDBSvr - ok
21:37:21.0617 3248 [ 556681BE668D71DC162391A45422B52C ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
21:37:21.0617 3248 SOHDms - ok
21:37:21.0664 3248 [ 72B46103E4111439109ACF5882627C24 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
21:37:21.0679 3248 SOHDs - ok
21:37:21.0695 3248 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
21:37:21.0695 3248 SOHPlMgr - ok
21:37:21.0726 3248 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:37:21.0726 3248 spldr - ok
21:37:21.0757 3248 [ 89E8550C5862999FCF482EA562B0E98E ] Spooler C:\Windows\System32\spoolsv.exe
21:37:21.0757 3248 Spooler - ok
21:37:21.0851 3248 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
21:37:21.0867 3248 sppsvc - ok
21:37:21.0898 3248 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:37:21.0898 3248 sppuinotify - ok
21:37:21.0945 3248 [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:37:21.0945 3248 SQLBrowser - ok
21:37:21.0991 3248 [ D63FC56C7C3F9B576BC25F617E3F7963 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:37:21.0991 3248 SQLWriter - ok
21:37:22.0038 3248 [ EC8F67289105BF270498095F14963464 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:37:22.0038 3248 srv - ok
21:37:22.0054 3248 [ F773D2ED090B7BAA1C1A034F3CA476C8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:37:22.0054 3248 srv2 - ok
21:37:22.0085 3248 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:37:22.0085 3248 SrvHsfHDA - ok
21:37:22.0147 3248 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:37:22.0163 3248 SrvHsfV92 - ok
21:37:22.0194 3248 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:37:22.0194 3248 SrvHsfWinac - ok
21:37:22.0241 3248 [ 26E84D3649019C3244622E654DFCD75B ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:37:22.0241 3248 srvnet - ok
21:37:22.0272 3248 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:37:22.0272 3248 SSDPSRV - ok
21:37:22.0319 3248 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
21:37:22.0319 3248 SSPORT - ok
21:37:22.0335 3248 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:37:22.0335 3248 SstpSvc - ok
21:37:22.0366 3248 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:37:22.0366 3248 stexstor - ok
21:37:22.0397 3248 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
21:37:22.0413 3248 stisvc - ok
21:37:22.0428 3248 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
21:37:22.0428 3248 storflt - ok
21:37:22.0459 3248 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
21:37:22.0459 3248 StorSvc - ok
21:37:22.0475 3248 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
21:37:22.0475 3248 storvsc - ok
21:37:22.0491 3248 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:37:22.0491 3248 swenum - ok
21:37:22.0615 3248 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:37:22.0615 3248 SwitchBoard - ok
21:37:22.0647 3248 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:37:22.0662 3248 swprv - ok
21:37:22.0725 3248 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
21:37:22.0725 3248 SysMain - ok
21:37:22.0771 3248 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:37:22.0771 3248 TabletInputService - ok
21:37:22.0787 3248 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
21:37:22.0787 3248 TapiSrv - ok
21:37:22.0803 3248 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:37:22.0818 3248 TBS - ok
21:37:22.0881 3248 [ 912107716BAB424C7870E8E6AF5E07E1 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:37:22.0896 3248 Tcpip - ok
21:37:22.0927 3248 [ 912107716BAB424C7870E8E6AF5E07E1 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:37:22.0943 3248 TCPIP6 - ok
21:37:22.0959 3248 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:37:22.0959 3248 tcpipreg - ok
21:37:22.0990 3248 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:37:22.0990 3248 TDPIPE - ok
21:37:22.0990 3248 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:37:22.0990 3248 TDTCP - ok
21:37:23.0021 3248 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:37:23.0021 3248 tdx - ok
21:37:23.0052 3248 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:37:23.0052 3248 TermDD - ok
21:37:23.0099 3248 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
21:37:23.0099 3248 TermService - ok
21:37:23.0115 3248 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:37:23.0115 3248 Themes - ok
21:37:23.0146 3248 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:37:23.0146 3248 THREADORDER - ok
21:37:23.0161 3248 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:37:23.0161 3248 TrkWks - ok
21:37:23.0224 3248 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:37:23.0224 3248 TrustedInstaller - ok
21:37:23.0255 3248 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:37:23.0255 3248 tssecsrv - ok
21:37:23.0271 3248 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:37:23.0271 3248 tunnel - ok
21:37:23.0317 3248 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:37:23.0317 3248 uagp35 - ok
21:37:23.0364 3248 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
21:37:23.0364 3248 uCamMonitor - ok
21:37:23.0380 3248 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:37:23.0380 3248 udfs - ok
21:37:23.0411 3248 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:37:23.0411 3248 UI0Detect - ok
21:37:23.0427 3248 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
21:37:23.0442 3248 uliagpkx - ok
21:37:23.0458 3248 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:37:23.0458 3248 umbus - ok
21:37:23.0489 3248 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:37:23.0489 3248 UmPass - ok
21:37:23.0520 3248 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
21:37:23.0520 3248 UmRdpService - ok
21:37:23.0536 3248 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:37:23.0551 3248 upnphost - ok
21:37:23.0567 3248 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:37:23.0567 3248 usbccgp - ok
21:37:23.0614 3248 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
21:37:23.0614 3248 usbcir - ok
21:37:23.0629 3248 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:37:23.0629 3248 usbehci - ok
21:37:23.0661 3248 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:37:23.0661 3248 usbhub - ok
21:37:23.0676 3248 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:37:23.0676 3248 usbohci - ok
21:37:23.0707 3248 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:37:23.0707 3248 usbprint - ok
21:37:23.0754 3248 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:37:23.0754 3248 USBSTOR - ok
21:37:23.0785 3248 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:37:23.0785 3248 usbuhci - ok
21:37:23.0817 3248 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:37:23.0817 3248 usbvideo - ok
21:37:23.0832 3248 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:37:23.0832 3248 UxSms - ok
21:37:23.0926 3248 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
21:37:23.0926 3248 VAIO Entertainment TV Device Arbitration Service - ok
21:37:24.0035 3248 [ D4197CF0C8567046FD4AF28FF47AF528 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
21:37:24.0035 3248 VAIO Event Service - ok
21:37:24.0097 3248 [ 2D6605C1F0BBD0F71A4CB3A5B1E07240 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
21:37:24.0097 3248 VAIO Power Management - ok
21:37:24.0129 3248 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
21:37:24.0129 3248 VaultSvc - ok
21:37:24.0253 3248 [ 06FE5BEDDADB158D84E6DE33CBE19F3E ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
21:37:24.0269 3248 VCFw - ok
21:37:24.0331 3248 [ 34063C0B842E73662067F9B03947C55C ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
21:37:24.0347 3248 VcmIAlzMgr - ok
21:37:24.0378 3248 [ A8F5D1651A324ABC6C308891A1252EE3 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
21:37:24.0378 3248 VcmINSMgr - ok
21:37:24.0472 3248 [ DB544B487F360128DC1C383E0A6FCC2F ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
21:37:24.0487 3248 VcmXmlIfHelper - ok
21:37:24.0487 3248 Vcsw - ok
21:37:24.0534 3248 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
21:37:24.0534 3248 vdrvroot - ok
21:37:24.0581 3248 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
21:37:24.0581 3248 vds - ok
21:37:24.0612 3248 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:37:24.0612 3248 vga - ok
21:37:24.0628 3248 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:37:24.0628 3248 VgaSave - ok
21:37:24.0659 3248 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
21:37:24.0659 3248 vhdmp - ok
21:37:24.0706 3248 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
21:37:24.0706 3248 viaide - ok
21:37:24.0737 3248 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
21:37:24.0737 3248 vmbus - ok
21:37:24.0753 3248 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
21:37:24.0753 3248 VMBusHID - ok
21:37:24.0784 3248 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
21:37:24.0784 3248 volmgr - ok
21:37:24.0831 3248 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:37:24.0831 3248 volmgrx - ok
21:37:24.0862 3248 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
21:37:24.0862 3248 volsnap - ok
21:37:24.0893 3248 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:37:24.0893 3248 vsmraid - ok
21:37:24.0971 3248 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
21:37:24.0987 3248 VSS - ok
21:37:25.0002 3248 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:37:25.0002 3248 vwifibus - ok
21:37:25.0018 3248 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:37:25.0018 3248 vwififlt - ok
21:37:25.0049 3248 [ D8BEF4AC1EAC809DBDBD441D6CFF6C4C ] VzCdbSvc C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
21:37:25.0049 3248 VzCdbSvc - ok
21:37:25.0096 3248 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:37:25.0096 3248 W32Time - ok
21:37:25.0143 3248 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:37:25.0143 3248 WacomPen - ok
21:37:25.0174 3248 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:37:25.0174 3248 WANARP - ok
21:37:25.0174 3248 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:37:25.0174 3248 Wanarpv6 - ok
21:37:25.0236 3248 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
21:37:25.0252 3248 wbengine - ok
21:37:25.0283 3248 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:37:25.0283 3248 WbioSrvc - ok
21:37:25.0299 3248 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:37:25.0299 3248 wcncsvc - ok
21:37:25.0330 3248 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:37:25.0330 3248 WcsPlugInService - ok
21:37:25.0361 3248 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:37:25.0361 3248 Wd - ok
21:37:25.0392 3248 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:37:25.0408 3248 Wdf01000 - ok
21:37:25.0423 3248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:37:25.0439 3248 WdiServiceHost - ok
21:37:25.0439 3248 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:37:25.0439 3248 WdiSystemHost - ok
21:37:25.0455 3248 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
21:37:25.0470 3248 WebClient - ok
21:37:25.0486 3248 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:37:25.0486 3248 Wecsvc - ok
21:37:25.0517 3248 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:37:25.0517 3248 wercplsupport - ok
21:37:25.0533 3248 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:37:25.0533 3248 WerSvc - ok
21:37:25.0533 3248 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:37:25.0533 3248 WfpLwf - ok
21:37:25.0564 3248 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:37:25.0564 3248 WIMMount - ok
21:37:25.0579 3248 WinDefend - ok
21:37:25.0595 3248 WinHttpAutoProxySvc - ok
21:37:25.0642 3248 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:37:25.0642 3248 Winmgmt - ok
21:37:25.0704 3248 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
21:37:25.0720 3248 WinRM - ok
21:37:25.0782 3248 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:37:25.0782 3248 WinUsb - ok
21:37:25.0845 3248 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:37:25.0860 3248 Wlansvc - ok
21:37:25.0891 3248 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:37:25.0891 3248 WmiAcpi - ok
21:37:25.0923 3248 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:37:25.0923 3248 wmiApSrv - ok
21:37:25.0938 3248 WMPNetworkSvc - ok
21:37:25.0969 3248 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:37:25.0969 3248 WPCSvc - ok
21:37:25.0985 3248 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:37:25.0985 3248 WPDBusEnum - ok
21:37:26.0016 3248 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:37:26.0016 3248 ws2ifsl - ok
21:37:26.0047 3248 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:37:26.0047 3248 wscsvc - ok
21:37:26.0047 3248 WSearch - ok
21:37:26.0125 3248 [ 38340204A2D0228F1E87740FC5E554A7 ] wuauserv C:\Windows\system32\wuaueng.dll
21:37:26.0141 3248 wuauserv - ok
21:37:26.0172 3248 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:37:26.0188 3248 WudfPf - ok
21:37:26.0188 3248 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:37:26.0203 3248 WUDFRd - ok
21:37:26.0250 3248 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:37:26.0250 3248 wudfsvc - ok
21:37:26.0266 3248 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:37:26.0281 3248 WwanSvc - ok
21:37:26.0313 3248 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
21:37:26.0313 3248 XAudio - ok
21:37:26.0328 3248 [ 6AFFD75C6807B3DD3AB018E27B88EF95 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
21:37:26.0344 3248 yukonw7 - ok
21:37:26.0344 3248 ================ Scan global ===============================
21:37:26.0375 3248 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:37:26.0391 3248 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
21:37:26.0406 3248 [ 457B44AB6D502E55F64A867D4F35C76C ] C:\Windows\system32\winsrv.dll
21:37:26.0437 3248 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:37:26.0469 3248 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:37:26.0469 3248 [Global] - ok
21:37:26.0469 3248 ================ Scan MBR ==================================
21:37:26.0484 3248 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:37:27.0576 3248 \Device\Harddisk0\DR0 - ok
21:37:27.0576 3248 ================ Scan VBR ==================================
21:37:27.0607 3248 [ F1E87244CEFAF03CED43B889B9312D56 ] \Device\Harddisk0\DR0\Partition1
21:37:27.0607 3248 \Device\Harddisk0\DR0\Partition1 - ok
21:37:27.0623 3248 [ 61F81954C9968E3D6D6701BE25912ECE ] \Device\Harddisk0\DR0\Partition2
21:37:27.0623 3248 \Device\Harddisk0\DR0\Partition2 - ok
21:37:27.0623 3248 ============================================================
21:37:27.0623 3248 Scan finished
21:37:27.0623 3248 ============================================================
21:37:27.0654 1680 Detected object count: 0
21:37:27.0654 1680 Actual detected object count: 0

#6 jimmyz12

jimmyz12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 19 September 2012 - 10:06 PM

Here is the logfile for the aswMBR scan:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-19 21:39:31
-----------------------------
21:39:31.655 OS Version: Windows x64 6.1.7600
21:39:31.655 Number of processors: 2 586 0x170A
21:39:31.655 ComputerName: VIDEO4-VAIO UserName: Video4
21:39:32.591 Initialize success
21:45:55.840 AVAST engine defs: 12091901
21:46:06.791 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:46:06.791 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
21:46:06.791 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006c
21:46:06.806 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
21:46:06.806 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006d
21:46:06.806 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
21:46:06.838 Disk 0 MBR read successfully
21:46:06.838 Disk 0 MBR scan
21:46:06.853 Disk 0 Windows 7 default MBR code
21:46:06.869 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8119 MB offset 2048
21:46:06.884 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 16629760
21:46:06.884 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 230254 MB offset 16834560
21:46:06.916 Disk 0 scanning C:\Windows\system32\drivers
21:46:19.146 Service scanning
21:47:05.010 Modules scanning
21:47:05.010 Disk 0 trace - called modules:
21:47:05.057 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:47:05.072 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bff060]
21:47:05.088 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8004a7ae10]
21:47:05.088 5 ACPI.sys[fffff88000e0b781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a7d050]
21:47:05.962 AVAST engine scan C:\Windows
21:47:09.347 AVAST engine scan C:\Windows\system32
21:50:12.538 AVAST engine scan C:\Windows\system32\drivers
21:50:27.545 AVAST engine scan C:\Users\Video4
21:57:03.536 AVAST engine scan C:\ProgramData
22:02:54.116 Scan finished successfully
22:05:38.509 Disk 0 MBR has been saved successfully to "C:\shares\downloads\Anti-Virus Programs\MBR.dat"
22:05:38.524 The log file has been saved successfully to "C:\shares\downloads\Anti-Virus Programs\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 20 September 2012 - 12:24 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 jimmyz12

jimmyz12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 20 September 2012 - 03:03 AM

Gringo,

I ran ComboFix and the program did not restart my computer. I launched Firefox and attempted a Google search for "removing vinyl tiles from concrete floor" (something I am trying to do in my house!) and the when I attempted to click on a link, I was redirected to a Merchant Circle listing instead of the eHow article I clicked on, so it appears the malware is still infecting this machine. It ia redirecting through the IP address 88.214.193.77 Here is the log text from ComboFix:





ComboFix 12-09-18.07 - Video4 09/20/2012 2:24.2.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3935.2152 [GMT -5:00]
Running from: c:\shares\downloads\Anti-Virus Programs\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-20 to 2012-09-20 )))))))))))))))))))))))))))))))
.
.
2012-09-20 07:34 . 2012-09-20 07:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-19 04:05 . 2012-09-19 04:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-19 03:12 . 2012-09-19 03:12 -------- d-----w- c:\users\Video4\AppData\Roaming\Malwarebytes
2012-09-19 03:12 . 2012-09-19 03:12 -------- d-----w- c:\programdata\Malwarebytes
2012-09-19 03:12 . 2012-09-19 03:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-19 03:12 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 21:34 . 2012-09-10 14:51 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 17:51 . 2012-04-22 15:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 17:51 . 2011-07-10 15:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-19_04.54.52 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-02-04 19:16 . 2012-09-18 17:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-04 19:16 . 2012-09-20 07:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-04 19:16 . 2012-09-18 17:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-04 19:16 . 2012-09-20 07:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-20 07:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-18 17:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-19 04:17 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-19 10:26 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-19 10:26 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-19 04:17 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-19 10:26 2129920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-09-19 04:17 2129920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 02:34 . 2012-09-20 05:11 9437184 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-09-15 05:11 9437184 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 39408]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-08-27 79872]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-12-09 606208]
"QuickFinder Scheduler"="c:\program files (x86)\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2003-12-10 77887]
"Corel Corporation Registration"="c:\program files (x86)\Corel\WordPerfect Office 2002\Register\NAVBrowser.exe" [2001-03-29 212992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Auto Detect.lnk - c:\program files (x86)\iConcepts Music Express\MEAutoDetect.exe [2011-12-24 374104]
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2012-3-20 292240]
Network Utility.lnk - c:\program files (x86)\PIXELA\Network Utility\NetworkUtility.exe [2012-7-28 2112376]
VideoBrowser Camera Monitor.lnk - c:\program files (x86)\PIXELA\VideoBrowser\CameraMonitor.exe [2012-7-28 425336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 56564350
*NewlyCreated* - 59339064
*NewlyCreated* - 87290919
*NewlyCreated* - ASWMBR
*NewlyCreated* - FIXTDSS
*Deregistered* - 56564350
*Deregistered* - 59339064
*Deregistered* - 87290919
*Deregistered* - aswMBR
*Deregistered* - FixTDSS
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 17:51]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 06:09]
.
2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 06:09]
.
2012-09-19 c:\windows\Tasks\NetworkUtility??.job
- c:\program files (x86)\PIXELA\Network Utility\NWLaunch.bat [2012-07-28 21:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Video4\AppData\Roaming\Mozilla\Firefox\Profiles\1pro6qcf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-20 02:49:45
ComboFix-quarantined-files.txt 2012-09-20 07:49
ComboFix2.txt 2012-09-19 05:11
.
Pre-Run: 113,714,327,552 bytes free
Post-Run: 113,726,603,264 bytes free
.
- - End Of File - - EDB4D3E5497BC72E9420AD7811FC2384

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 20 September 2012 - 12:56 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 jimmyz12

jimmyz12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 20 September 2012 - 02:30 PM

Here are the contents of the OTL scan:


OTL logfile created on: 9/20/2012 2:17:54 PM - Run 1
OTL by OldTimer - Version 3.2.64.0 Folder = C:\shares\downloads\Anti-Virus Programs
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 24.93% Memory free
7.68 Gb Paging File | 4.69 Gb Available in Paging File | 61.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 224.86 Gb Total Space | 105.33 Gb Free Space | 46.84% Space Free | Partition Type: NTFS
Drive G: | 931.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: VIDEO4-VAIO | User Name: Video4 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\shares\downloads\Anti-Virus Programs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\YouSendIt\Express\YouSendIt.exe (YouSendIt)
PRC - C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
PRC - C:\Program Files (x86)\PIXELA\Network Utility\PxDMSService.exe (PIXELA CORPORATION)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe (Panasonic Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe ()
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe ()
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\iConcepts Music Express\MEAutoDetect.exe ()
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe (Adobe Systems, Incorporated)
PRC - C:\Program Files (x86)\Ipswitch\WS_FTP Professional\wsftpgui.exe (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
PRC - C:\Program Files (x86)\Corel\WordPerfect Office 2002\Programs\wpwin10.exe (Corel Corporation Limited)
PRC - C:\shares\internet\NoteTab Pro\NotePro.exe (Fookes Software)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll ()
MOD - C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\Program Files (x86)\iConcepts Music Express\MEAutoDetect.exe ()
MOD - C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\QuickTimeGlue.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\AdobeXMP.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\configuration\Resources.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\configuration\JSExtensions\TSL.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\Workspace.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\configuration\JSExtensions\MM.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\configuration\JSExtensions\DWfile.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\configuration\JSExtensions\SWFFile.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\libcurl.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\NetIO.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\CoreTypes.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\libeay32.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\ssleay32.dll ()
MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\plug-ins\BMP Import Export.x32 ()
MOD - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS3\configuration\flash player\authplay.dll ()
MOD - C:\Program Files (x86)\Corel\WordPerfect Office 2002\Programs\axcntrls.dll ()
MOD - C:\shares\internet\NoteTab Pro\EfoMacro.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Intel Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PxDMSService) -- C:\Program Files (x86)\PIXELA\Network Utility\PxDMSService.exe (PIXELA CORPORATION)
SRV - (NWVZHelper) -- C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe (Novatel Wireless Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV:64bit: - (NWUSBPort2_000) -- C:\Windows\SysNative\drivers\nwusbser2_000.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBPort_000) -- C:\Windows\SysNative\drivers\nwusbser_000.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBModem_000) -- C:\Windows\SysNative\drivers\nwusbmdm_000.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBCDFIL64) -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys (Novatel Wireless Inc.)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (AVCSTRM) -- C:\Windows\SysNative\drivers\avcstrm.sys (Microsoft Corporation)
DRV:64bit: - (MSTAPE) -- C:\Windows\SysNative\drivers\mstape.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2486584770-190495371-2616711161-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2486584770-190495371-2616711161-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2486584770-190495371-2616711161-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2486584770-190495371-2616711161-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT_enUS365
IE - HKU\S-1-5-21-2486584770-190495371-2616711161-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2486584770-190495371-2616711161-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2486584770-190495371-2616711161-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: LogMeInClient@logmein.com:1.0.0.932
FF - prefs.js..extensions.enabledAddons: wsjsziuerg@wsjsziuerg.org:1.0
FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.2.0.10687
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.652
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Video4\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/28 02:54:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/10 09:51:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/22 23:18:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/20 16:37:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/07/28 02:54:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/10 09:51:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/22 23:18:55 | 000,000,000 | ---D | M]

[2011/01/14 13:21:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Video4\AppData\Roaming\Mozilla\Extensions
[2011/01/14 13:21:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Video4\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/07/18 11:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Video4\AppData\Roaming\Mozilla\Firefox\Profiles\1pro6qcf.default\extensions
[2011/08/30 14:04:05 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Video4\AppData\Roaming\Mozilla\Firefox\Profiles\1pro6qcf.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/06/06 19:30:14 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Video4\AppData\Roaming\Mozilla\Firefox\Profiles\1pro6qcf.default\extensions\LogMeInClient@logmein.com
[1832/11/28 23:37:17 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Video4\AppData\Roaming\Mozilla\Firefox\Profiles\1pro6qcf.default\extensions\wsjsziuerg@wsjsziuerg.org.xpi
[2012/05/30 22:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/25 11:38:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/28 02:54:03 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/09/10 09:51:16 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/22 23:18:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/01 16:34:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/01 16:34:10 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
CHR - Extension: Skype Click to Call = C:\Users\Video4\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Video4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/09/18 23:54:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-2486584770-190495371-2616711161-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [Corel Corporation Registration] C:\Program Files (x86)\Corel\WordPerfect Office 2002\Register\NAVBrowser.exe (Naviant, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files (x86)\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE (Novell, Inc., c/o Corel Corporation Limited)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2486584770-190495371-2616711161-1003..\Run: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
O4 - HKU\S-1-5-21-2486584770-190495371-2616711161-1003..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2486584770-190495371-2616711161-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2486584770-190495371-2616711161-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {001000AF-2DEF-0206-10B6-DC5BA692C858} http://gate.x10.com/control/xvidnx.cab (Xvidnc Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0392DEE3-4F2A-4EED-8133-34D4E6248495}: DhcpNameServer = 172.16.64.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED56D1C1-9F9C-4B62-B89C-F75530F9722D}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/20 02:50:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/19 06:54:49 | 000,000,000 | ---D | C] -- C:\Users\Video4\Desktop\RK_Quarantine
[2012/09/18 23:36:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/18 23:36:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/18 23:36:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/18 23:36:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/18 23:35:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/18 23:05:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/18 22:40:59 | 000,000,000 | ---D | C] -- C:\Users\Video4\Desktop\rkill
[2012/09/18 22:12:24 | 000,000,000 | ---D | C] -- C:\Users\Video4\AppData\Roaming\Malwarebytes
[2012/09/18 22:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/18 22:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/18 22:12:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/18 22:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2012/09/20 13:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/20 13:26:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/19 15:26:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/19 06:50:34 | 000,000,000 | ---- | M] () -- C:\Users\Video4\defogger_reenable
[2012/09/18 23:54:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/18 23:24:49 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/18 23:24:48 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/18 23:17:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/18 23:17:04 | 3094,622,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/18 22:12:14 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/10 09:51:19 | 000,002,044 | ---- | M] () -- C:\Users\Video4\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/06 07:47:53 | 000,857,118 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/06 07:47:53 | 000,715,294 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/06 07:47:53 | 000,142,262 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/04 15:23:17 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/30 08:18:22 | 000,009,186 | ---- | M] () -- C:\Users\Public\Documents\SCRIPT 8-29-12 GEC Introduction - Revised.zap

========== Files Created - No Company Name ==========

[2012/09/19 06:50:34 | 000,000,000 | ---- | C] () -- C:\Users\Video4\defogger_reenable
[2012/09/18 23:36:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/18 23:36:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/18 23:36:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/18 23:36:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/18 23:36:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/18 22:12:14 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/29 00:24:04 | 000,009,186 | ---- | C] () -- C:\Users\Public\Documents\SCRIPT 8-29-12 GEC Introduction - Revised.zap
[2012/06/17 14:06:20 | 000,006,144 | ---- | C] () -- C:\Users\Video4\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/21 17:12:46 | 000,004,990 | ---- | C] () -- C:\ProgramData\surkpqid.bdr
[2012/04/19 10:52:44 | 000,004,405 | -H-- | C] () -- C:\Users\Video4\AppData\Local\ceiiceie.ini
[2012/03/20 21:57:14 | 000,000,119 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/01/11 10:32:00 | 000,000,017 | ---- | C] () -- C:\Users\Video4\AppData\Local\resmon.resmoncfg
[2011/09/13 15:07:52 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/09/13 15:07:52 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/03 12:41:41 | 000,000,108 | -HS- | C] () -- C:\Windows\WSYS049.SYS
[2011/01/13 01:04:02 | 000,000,116 | ---- | C] () -- C:\Users\Video4\Adobe Encore_AME.pref
[2010/08/24 10:01:45 | 000,061,678 | ---- | C] () -- C:\Users\Video4\AppData\Roaming\PFP100JPR.{PB
[2010/08/24 10:01:45 | 000,012,358 | ---- | C] () -- C:\Users\Video4\AppData\Roaming\PFP100JCM.{PB

========== ZeroAccess Check ==========

[2011/08/20 08:47:58 | 000,001,778 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1037385321@Top1[1]
[2011/08/20 08:48:13 | 000,000,465 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1055796890@Left[1]
[2011/08/20 08:56:26 | 000,002,506 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11126249978@x23[1].htm
[2011/08/20 08:57:08 | 000,000,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11391412489@x90[1].htm
[2011/08/20 08:57:08 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11575671707@x23[1].htm
[2011/08/20 08:49:00 | 000,000,511 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1169139089@Position1[1]
[2011/08/20 08:57:26 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11855263440@x23[1].htm
[2011/08/20 08:57:14 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11862663890@x23[1].htm
[2011/08/20 08:49:44 | 000,002,137 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1307751110@Top[1]
[2011/08/20 08:57:26 | 000,001,785 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1386429405@x15[1]
[2011/08/20 08:50:34 | 000,000,493 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1457225840@Position1[1]
[2011/08/20 08:56:24 | 000,000,522 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\18213798@x90[1].htm
[2011/08/20 08:49:47 | 000,000,510 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1821713586@Position1[1]
[2011/08/20 08:57:13 | 000,001,794 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1849285846@x15[1]
[2011/08/20 08:48:18 | 000,000,482 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1906215027@Position2[1]
[2011/08/20 08:48:58 | 000,000,431 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1999136076@Left[1]
[2011/08/20 08:47:12 | 000,011,058 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=19796&s=&y=24289&z=16&s=Galil[1].png
[2011/08/20 08:49:56 | 000,007,418 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=4054&y=5790&z=14&s=[1].png
[2011/08/20 08:49:58 | 000,003,457 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=4054&y=5791&z=14&s=G[1].png
[2011/08/20 08:49:59 | 000,002,815 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=4056&y=5791&z=14&s=Galileo[1].png
[2011/08/20 08:49:55 | 000,002,364 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=4057&y=5790&z=14&s=G[1].png
[2011/08/20 08:56:10 | 000,000,178 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=504567&y=755012&z=21&s=G[1].png
[2011/08/20 08:56:09 | 000,000,178 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=504568&y=755012&z=21&s=Gali[1].png
[2011/08/20 08:56:10 | 000,000,408 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=504569&y=755009&z=21&s=Gali[1].png
[2011/08/20 08:50:03 | 000,010,642 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=8007&s=&y=11718&z=15&s=Gal[1].png
[2011/08/20 08:49:57 | 000,004,248 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=8007&s=&y=11719&z=15&s=Gali[1].png
[2011/08/20 08:49:58 | 000,001,920 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=8007&s=&y=11720&z=15&s=Galil[1].png
[2011/08/20 08:57:14 | 000,000,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11167360966@x90[1].htm
[2011/08/20 08:57:36 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11228542818@x23[1].htm
[2011/08/20 08:57:36 | 000,000,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11284217935@x90[1].htm
[2011/08/20 08:57:24 | 000,000,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11315847570@x90[1].htm
[2011/08/20 08:48:01 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11472280959@x23[1].htm
[2011/08/20 08:47:59 | 000,000,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1245772740@x90[1].htm
[2011/08/20 08:57:14 | 000,001,790 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1281761749@Top1[1]
[2011/08/20 08:57:36 | 000,001,778 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1319093222@Top1[1]
[2011/08/20 08:57:07 | 000,001,794 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1460963586@x15[1]
[2011/08/20 08:57:28 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1505241761@x23[1].htm
[2011/08/20 08:49:54 | 000,000,503 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1640659713@x90[1].htm
[2011/08/20 08:57:36 | 000,001,794 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1744842817@x15[1]
[2011/08/20 08:57:37 | 000,000,504 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1957083986@x90[1].htm
[2011/08/20 08:48:01 | 000,000,492 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1964477568@Position1[1]
[2011/08/20 08:47:10 | 000,007,664 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=19796&s=&y=24291&z=16&s=Galileo[1].png
[2011/08/20 08:47:20 | 000,010,389 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=19797&s=&y=24289&z=16&s=[1].png
[2011/08/20 08:49:54 | 000,000,215 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=4054&y=5789&z=14&s=Galileo[1].png
[2011/08/20 08:49:55 | 000,014,734 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=4055&y=5790&z=14&s=Gal[1].png
[2011/08/20 08:56:09 | 000,000,178 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=504567&y=755011&z=21&s=[1].png
[2011/08/20 08:56:10 | 000,000,178 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=504569&y=755011&z=21&s=Galile[1].png
[2011/08/20 08:56:10 | 000,000,178 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=504569&y=755012&z=21&s=Galileo[1].png
[2011/08/20 08:54:53 | 000,016,801 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=60&y=91&z=8&s=Galileo[1].png
[2011/08/20 08:54:54 | 000,012,061 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=60&y=93&z=8&s=G[1].png
[2011/08/20 08:54:54 | 000,013,802 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=62&y=93&z=8&s=Galileo[1].png
[2011/08/20 08:49:59 | 000,001,591 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=8004&s=&y=11718&z=15&s=Ga[1].png
[2011/08/20 08:49:59 | 000,000,650 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=8004&s=&y=11720&z=15&s=Gali[1].png
[2011/08/20 08:49:56 | 000,002,838 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=8005&s=&y=11719&z=15&s=Galile[1].png
[2011/08/20 08:49:56 | 000,001,364 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=8005&s=&y=11720&z=15&s=Galileo[1].png
[2011/08/20 08:49:58 | 000,003,598 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=8006&s=&y=11718&z=15&s=[1].png
[2011/08/20 08:49:56 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\11275037388@x23[1].htm
[2011/08/20 08:57:24 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\11561605063@x23[1].htm
[2011/08/20 08:57:15 | 000,001,455 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1185363397@Top1[1]
[2011/08/20 08:57:26 | 000,000,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1214185794@x90[1].htm
[2011/08/20 08:57:28 | 000,000,504 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1228200435@x90[1].htm
[2011/08/20 08:48:58 | 000,002,133 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1348773817@Top[1]
[2011/08/20 08:49:53 | 000,001,778 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1463823846@Top1[1]
[2011/08/20 08:50:27 | 000,000,490 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1469595724@Position1[1]
[2011/08/20 08:50:27 | 000,002,049 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1477976723@Top[1]
[2011/08/20 08:49:53 | 000,001,790 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1691460836@Top1[1]
[2011/08/20 08:49:54 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\174087999@x23[1].htm
[2011/08/20 08:48:12 | 000,002,277 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1794418838@Top[1]
[2011/08/20 08:49:45 | 000,000,430 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1885710956@Left[1]
[2011/08/20 08:50:27 | 000,000,410 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1925305162@Left[1]
[2011/08/20 08:57:07 | 000,001,455 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1933232497@Top1[1]
[2011/08/20 08:47:15 | 000,011,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=19799&s=&y=24291&z=16&s=[1].png
[2011/08/20 08:49:54 | 000,006,664 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=4055&y=5789&z=14&s=Ga[1].png
[2011/08/20 08:49:58 | 000,015,480 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=4056&y=5789&z=14&s=Galil[1].png
[2011/08/20 08:49:57 | 000,008,284 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=4056&y=5790&z=14&s=Galile[1].png
[2011/08/20 08:56:08 | 000,000,383 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=504568&y=755010&z=21&s=Ga[1].png
[2011/08/20 08:56:08 | 000,000,178 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=504568&y=755011&z=21&s=Gal[1].png
[2011/08/20 08:54:53 | 000,018,943 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=61&y=91&z=8&s=Ga[1].png
[2011/08/20 08:54:53 | 000,021,907 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=61&y=92&z=8&s=Gal[1].png
[2011/08/20 08:54:53 | 000,016,246 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=62&y=91&z=8&s=Galil[1].png
[2011/08/20 08:49:56 | 000,003,580 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=8005&s=&y=11718&z=15&s=Galil[1].png
[2011/08/20 08:57:28 | 000,001,781 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1080579483@Top1[1]
[2011/08/20 08:49:54 | 000,000,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11149819669@x90[1].htm
[2011/08/20 08:57:37 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1128453811@x23[1].htm
[2011/08/20 08:57:14 | 000,000,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11355364539@x90[1].htm
[2011/08/20 08:57:15 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\12041300456@x23[1].htm
[2011/08/20 08:49:47 | 000,000,468 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1258334641@Position2[1]
[2011/08/20 08:48:17 | 000,002,373 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1302173216@Position1[1]
[2011/08/20 08:49:03 | 000,001,406 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1357385884@Position2[1]
[2011/08/20 08:57:23 | 000,001,787 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1550319140@Top1[1]
[2011/08/20 08:54:52 | 000,009,438 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=0&y=0&z=0&s=[1].png
[2011/08/20 08:47:09 | 000,007,588 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19796&s=&y=24290&z=16&s=Galile[1].png
[2011/08/20 08:47:07 | 000,012,789 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19797&s=&y=24290&z=16&s=G[1].png
[2011/08/20 08:47:09 | 000,011,964 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19797&s=&y=24291&z=16&s=Ga[1].png
[2011/08/20 08:47:09 | 000,008,160 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19798&s=&y=24289&z=16&s=Gal[1].png
[2011/08/20 08:47:07 | 000,008,859 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19798&s=&y=24290&z=16&s=Gali[1].png
[2011/08/20 08:47:07 | 000,008,654 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19798&s=&y=24291&z=16&s=Galil[1].png
[2011/08/20 08:47:17 | 000,009,786 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19799&s=&y=24289&z=16&s=Galile[1].png
[2011/08/20 08:47:12 | 000,009,260 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19799&s=&y=24290&z=16&s=Galileo[1].png
[2011/08/20 08:49:54 | 000,003,194 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=4055&y=5791&z=14&s=Gali[1].png
[2011/08/20 08:49:56 | 000,004,107 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=4057&y=5789&z=14&s=[1].png
[2011/08/20 08:49:56 | 000,002,062 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=4057&y=5791&z=14&s=Ga[1].png
[2011/08/20 08:56:09 | 000,000,178 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=504567&y=755009&z=21&s=Galile[1].png
[2011/08/20 08:56:08 | 000,000,451 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=504567&y=755010&z=21&s=Galileo[1].png
[2011/08/20 08:56:08 | 000,000,232 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=504568&y=755009&z=21&s=G[1].png
[2011/08/20 08:56:08 | 000,000,214 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=504569&y=755010&z=21&s=Galil[1].png
[2011/08/20 08:54:53 | 000,009,966 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=60&y=92&z=8&s=[1].png
[2011/08/20 08:54:53 | 000,014,348 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=61&y=93&z=8&s=Gali[1].png
[2011/08/20 08:54:53 | 000,015,701 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=62&y=92&z=8&s=Galile[1].png
[2011/08/20 08:49:58 | 000,000,539 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=8004&s=&y=11719&z=15&s=Gal[1].png
[2011/08/20 08:49:58 | 000,003,109 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=8006&s=&y=11719&z=15&s=G[1].png
[2011/08/20 08:49:59 | 000,001,054 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=8006&s=&y=11720&z=15&s=Ga[1].png
[2011/08/20 08:32:40 | 000,000,373 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@1008827.r.msn[1].txt
[2011/08/20 08:56:08 | 000,000,216 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@11072-8952.bidvalidation[2].txt
[2011/08/20 08:55:59 | 000,000,374 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@1286953.r.msn[1].txt
[2011/08/20 08:32:48 | 000,000,372 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@134715.r.msn[1].txt
[2011/08/20 08:43:12 | 000,000,115 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@1734847885.pub.ezanga[1].txt
[2011/08/20 08:44:07 | 000,000,110 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@1819045062.pub.ezanga[1].txt
[2011/08/20 08:57:49 | 000,000,070 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@194.11.16[1].txt
[2011/08/20 08:47:44 | 000,000,092 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[1].txt
[2011/08/20 08:48:44 | 000,000,372 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@25757.r.msn[1].txt
[2011/08/20 08:56:44 | 000,000,111 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2668896081.pub.ezanga[1].txt
[2011/08/20 08:34:35 | 000,000,373 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@269614.r.msn[1].txt
[2011/08/20 08:43:15 | 000,000,115 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2733762453.pub.ezanga[1].txt
[2011/08/20 08:55:43 | 000,000,137 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2o7[1].txt
[2011/08/20 08:43:40 | 000,000,109 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@3102329076.pub.ezanga[1].txt
[2011/08/20 08:32:26 | 000,000,130 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@33across[1].txt
[2011/08/20 08:57:10 | 000,000,398 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@37millionminutes[2].txt
[2011/08/20 08:43:13 | 000,000,115 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@3902209715.pub.ezanga[1].txt
[2011/08/20 08:55:33 | 000,000,117 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@4029427265.pub.ezanga[1].txt
[2011/08/20 08:47:35 | 000,000,372 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@635004.r.msn[2].txt
[2011/08/20 08:32:31 | 000,000,083 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@65.60.9[1].txt
[2011/08/20 08:29:25 | 000,000,099 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@66.230.138[1].txt
[2011/08/20 08:43:16 | 000,000,099 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@66.230.138[2].txt
[2011/08/20 08:43:02 | 000,000,086 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.36[2].txt
[2011/08/20 08:43:32 | 000,000,080 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[10].txt
[2011/08/20 08:43:07 | 000,000,086 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[11].txt
[2011/08/20 08:29:01 | 000,000,080 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[1].txt
[2011/08/20 08:30:47 | 000,000,081 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[2].txt
[2011/08/20 08:31:09 | 000,000,080 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[3].txt
[2011/08/20 08:31:18 | 000,000,081 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[4].txt
[2011/08/20 08:32:22 | 000,000,081 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[5].txt
[2011/08/20 08:43:02 | 000,000,087 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[6].txt
[2011/08/20 08:43:03 | 000,000,087 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[7].txt
[2011/08/20 08:43:03 | 000,000,087 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[8].txt
[2011/08/20 08:43:05 | 000,000,086 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[9].txt
[2011/08/20 08:29:49 | 000,000,097 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@68.169.92[1].txt
[2011/08/20 08:33:50 | 000,000,086 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@72.233.76[1].txt
[2011/08/20 08:31:50 | 000,000,373 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@884202.r.msn[1].txt
[2011/08/20 08:33:43 | 000,000,372 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@961881.r.msn[1].txt
[2011/08/20 08:56:02 | 000,000,202 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@abmr[2].txt
[2011/08/20 08:47:57 | 000,000,253 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.360yield[2].txt
[2011/08/20 08:29:54 | 000,000,188 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.wsod[2].txt
[2011/08/20 08:57:51 | 000,002,467 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt
[2011/08/20 08:34:51 | 000,000,113 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adadvisor[1].txt
[2011/08/20 08:57:57 | 000,001,466 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adap[2].txt
[2011/08/20 08:57:57 | 000,001,314 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[1].txt
[2011/08/20 08:32:37 | 000,000,109 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbuyer[2].txt
[2011/08/20 08:43:20 | 000,000,232 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adcirrus[2].txt
[2011/08/20 08:47:57 | 000,001,187 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@addresses[2].txt
[2011/08/20 08:57:46 | 000,000,696 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@addthis[2].txt
[2011/08/20 08:29:11 | 000,000,101 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adimpserv[1].txt
[2011/08/20 08:47:56 | 000,000,354 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@admailtiser[2].txt
[2011/08/20 08:57:12 | 000,003,955 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adnxs[1].txt
[2011/08/20 08:56:45 | 000,000,524 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.blogtalkradio[2].txt
[2011/08/20 08:35:18 | 000,000,283 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.gamersmedia[1].txt
[2011/08/20 08:49:52 | 000,000,234 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.lycos[1].txt
[2011/08/20 08:56:09 | 000,000,917 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pointroll[1].txt
[2011/08/20 08:33:11 | 000,000,338 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pubmatic[2].txt
[2011/08/20 08:56:58 | 000,000,492 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.undertone[2].txt
[2011/08/20 08:28:48 | 000,000,105 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[1].txt
[2011/08/20 08:47:55 | 000,000,107 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adsrvr[2].txt
[2011/08/20 08:28:48 | 000,000,099 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt
[2011/08/20 08:44:54 | 000,000,184 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[1].txt
[2011/08/20 08:49:08 | 000,000,695 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[1].txt
[2011/08/20 08:29:49 | 000,000,107 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[1].txt
[2011/08/20 08:48:06 | 000,000,353 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@afy11[2].txt
[2011/08/20 08:50:12 | 000,000,262 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@agkn[2].txt
[2011/08/20 08:31:56 | 000,000,197 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@amazon-cornerstone[2].txt
[2011/08/20 08:31:55 | 000,000,704 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@amazon[2].txt
[2011/08/20 08:53:39 | 000,000,831 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@amgdgt[2].txt
[2011/08/20 08:49:15 | 000,000,856 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apex-ad[2].txt
[2011/08/20 08:46:13 | 000,000,090 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@api.dimestore[1].txt
[2011/08/20 08:30:47 | 000,000,097 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[2].txt
[2011/08/20 08:47:16 | 000,000,089 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@appssavvy[1].txt
[2011/08/20 08:29:37 | 000,000,188 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt
[2011/08/20 08:32:14 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@au.vizisense[1].txt
[2011/08/20 08:48:06 | 000,000,093 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@audienceiq[2].txt
[2011/08/20 08:48:45 | 000,000,093 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@auto-geek[1].txt
[2011/08/20 08:37:23 | 000,001,212 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@autocenterstore[2].txt
[2011/08/20 08:48:45 | 000,000,086 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@autogeek[1].txt
[2011/08/20 08:57:37 | 000,000,168 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@b3.mookie1[2].txt
[2011/08/20 08:33:17 | 000,000,404 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@badgerbasementsystems[1].txt
[2011/08/20 08:37:24 | 000,000,443 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bandtools.nabbr[2].txt
[2011/08/20 08:37:31 | 000,000,180 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bandtools.nabbr[3].txt
[2011/08/20 08:38:00 | 000,000,463 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bestflasher[1].txt
[2011/08/20 08:56:54 | 000,000,096 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bidsystem[2].txt
[2011/08/20 08:31:20 | 000,000,213 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizrate[2].txt
[2011/08/20 08:55:52 | 000,000,128 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[1].txt
[2011/08/20 08:35:07 | 000,000,469 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@blinkxremote51.ourtoolbar[1].txt
[2011/08/20 08:47:36 | 000,000,499 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@blinkx[1].txt
[2011/08/20 08:57:49 | 000,001,767 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@blogtalkradio[2].txt
[2011/08/20 08:57:32 | 000,001,495 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bluekai[2].txt
[2011/08/20 08:56:06 | 000,000,292 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bnmla[1].txt
[2011/08/20 08:38:22 | 000,000,129 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@brand[1].txt
[2011/08/20 08:48:45 | 000,000,697 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@break[2].txt
[2011/08/20 08:56:40 | 000,000,123 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@brilig[2].txt
[2011/08/20 08:48:44 | 000,000,144 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[2].txt
[2011/08/20 08:46:02 | 000,000,099 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@btg.mtvnservices[1].txt
[2011/08/20 08:49:49 | 000,000,228 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@btrll[2].txt
[2011/08/20 08:56:03 | 000,000,086 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[1].txt
[2011/08/20 08:56:03 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@c.ypcdn[2].txt
[2011/08/20 08:47:48 | 000,000,515 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@c3metrics[1].txt
[2011/08/20 08:56:47 | 000,000,079 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@CAJIL4N1.txt
[2011/08/20 08:49:49 | 000,000,277 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cas.ny.us.criteo[1].txt
[2011/08/20 08:57:14 | 000,000,790 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[2].txt
[2011/08/20 08:44:45 | 000,000,079 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@CAYP1TG8.txt
[2011/08/20 08:56:53 | 000,000,329 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn.jemamedia[2].txt
[2011/08/20 08:57:49 | 000,000,897 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chango[1].txt
[2011/08/20 08:56:06 | 000,000,119 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@choicestream[2].txt
[2011/08/20 08:56:37 | 000,000,736 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@citi.bridgetrack[1].txt
[2011/08/20 08:56:05 | 000,000,452 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@citygridmedia[2].txt
[2011/08/20 08:49:55 | 000,000,512 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@citysearch[1].txt
[2011/08/20 08:38:08 | 000,000,410 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ck.ads.affinity[1].txt
[2011/08/20 08:42:40 | 000,000,647 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@claim.windailygadgets[1].txt
[2011/08/20 08:55:33 | 000,000,119 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.thespecialsearch[1].txt
[2011/08/20 08:57:57 | 000,001,295 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[2].txt
[2011/08/20 08:32:59 | 000,000,222 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@comparestores[2].txt
[2011/08/20 08:29:15 | 000,000,359 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@connectbar[2].txt
[2011/08/20 08:32:27 | 000,000,085 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[2].txt
[2011/08/20 08:32:27 | 000,000,220 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[3].txt
[2011/08/20 08:55:54 | 000,001,242 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@contextweb[1].txt
[2011/08/20 08:43:15 | 000,001,000 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cpvtgt[2].txt
[2011/08/20 08:57:19 | 000,001,120 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@criteo[2].txt
[2011/08/20 08:46:43 | 000,000,096 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@crux.mevio[1].txt
[2011/08/20 08:57:57 | 000,000,942 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@crwdcntrl[2].txt
[2011/08/20 08:32:03 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@d.adroll[1].txt
[2011/08/20 08:57:54 | 000,000,104 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@d.gossipcenter[1].txt
[2011/08/20 08:49:37 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@d.tradex.openx[1].txt
[2011/08/20 08:49:41 | 000,001,444 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dailyrx[2].txt
[2011/08/20 08:57:54 | 000,000,114 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[2].txt
[2011/08/20 08:55:24 | 000,000,128 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc1e.3vg58t1[1].txt
[2011/08/20 08:32:47 | 000,000,122 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc2w.3vg58t1[1].txt
[2011/08/20 08:29:43 | 000,000,196 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@demdex[2].txt
[2011/08/20 08:49:57 | 000,000,257 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@demr.opt.fimserve[1].txt
[2011/08/20 08:57:23 | 000,000,393 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@digitaltrends[2].txt
[2011/08/20 08:57:40 | 000,000,080 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@displaymarketplace[2].txt
[2011/08/20 08:38:32 | 000,000,830 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dogster[1].txt
[2011/08/20 08:30:51 | 000,000,177 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@domdex[2].txt
[2011/08/20 08:45:45 | 000,000,242 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
[2011/08/20 08:29:43 | 000,000,110 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dpm.demdex[1].txt
[2011/08/20 08:49:33 | 000,000,380 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@drivesober.nhtsa[2].txt
[2011/08/20 08:31:12 | 000,000,407 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@e-referencedesk[2].txt
[2011/08/20 08:51:12 | 000,000,810 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@emusician[2].txt
[2011/08/20 08:45:06 | 000,000,214 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@everesttech[1].txt
[2011/08/20 08:57:50 | 000,003,639 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@exelator[1].txt
[2011/08/20 08:32:16 | 000,000,463 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eyewonder[1].txt
[2011/08/20 08:54:46 | 000,000,390 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ezanga[2].txt
[2011/08/20 08:32:58 | 000,000,097 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@facebook[1].txt
[2011/08/20 08:51:09 | 000,000,088 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[1].txt
[2011/08/20 08:48:35 | 000,001,133 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fetchback[2].txt
[2011/08/20 08:32:50 | 000,000,131 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@filter.popxml[1].txt
[2011/08/20 08:55:26 | 000,000,386 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@findology[1].txt
[2011/08/20 08:35:35 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@flashtalking[1].txt
[2011/08/20 08:55:59 | 000,000,096 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@forms.aweber[1].txt
[2011/08/20 08:48:01 | 000,000,814 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@freegametopia[2].txt
[2011/08/20 08:49:10 | 000,000,235 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@glam[2].txt
[2011/08/20 08:49:55 | 000,000,136 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@google[1].txt
[2011/08/20 08:54:53 | 000,000,356 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@google[3].txt
[2011/08/20 08:32:47 | 000,000,510 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@grastengenerators[1].txt
[2011/08/20 08:38:27 | 000,000,106 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@gravity[1].txt
[2011/08/20 08:56:14 | 000,000,557 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@greeting-cards[1].txt
[2011/08/20 08:48:00 | 000,000,169 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@gwallet[2].txt
[2011/08/20 08:57:52 | 000,000,449 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hark[1].txt
[2011/08/20 08:56:06 | 000,000,747 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hellominneapolis[1].txt
[2011/08/20 08:49:30 | 000,000,095 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hostingprod[1].txt
[2011/08/20 08:57:25 | 000,000,272 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hotoff.mevio[2].txt
[2011/08/20 08:57:38 | 000,000,125 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ib.mookie1[1].txt
[2011/08/20 08:28:51 | 000,000,210 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt
[2011/08/20 08:51:48 | 000,000,081 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@indieclick[2].txt
[2011/08/20 08:32:19 | 000,000,361 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@info.break[2].txt
[2011/08/20 08:35:35 | 000,000,365 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[1].txt
[2011/08/20 08:28:47 | 000,000,098 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@intellitxt[1].txt
[2011/08/20 08:30:38 | 000,000,139 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interchangecorporation.122.2o7[1].txt
[2011/08/20 08:30:53 | 000,000,271 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[1].txt
[2011/08/20 08:29:19 | 000,000,102 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@inuvo[1].txt
[2011/08/20 08:49:13 | 000,002,102 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[1].txt
[2011/08/20 08:33:58 | 000,000,361 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@jampaper[1].txt
[2011/08/20 08:52:27 | 000,000,347 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@joost[1].txt
[2011/08/20 08:56:57 | 000,000,596 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@koonzie[2].txt
[2011/08/20 08:33:19 | 000,000,197 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ktr.t134[1].txt
[2011/08/20 08:51:08 | 000,000,086 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@legolas-media[1].txt
[2011/08/20 08:48:03 | 000,000,975 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lijit[2].txt
[2011/08/20 08:55:03 | 000,000,087 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@live.37millionminutes[1].txt
[2011/08/20 08:33:36 | 000,000,077 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liverail[2].txt
[2011/08/20 08:57:17 | 000,000,397 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@local-discount-shopping[2].txt
[2011/08/20 08:30:42 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@local[1].txt
[2011/08/20 08:32:12 | 000,000,332 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@looksmart.adveright[2].txt
[2011/08/20 08:43:12 | 000,000,614 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@looksmart[2].txt
[2011/08/20 08:46:48 | 000,000,082 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lucidmedia[1].txt
[2011/08/20 08:46:48 | 000,000,201 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lycos[2].txt
[2011/08/20 08:30:16 | 000,000,127 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@madethecut.112.2o7[1].txt
[2011/08/20 08:57:54 | 000,000,397 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mathtag[2].txt
[2011/08/20 08:57:49 | 000,001,119 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[1].txt
[2011/08/20 08:48:06 | 000,000,096 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[1].txt
[2011/08/20 08:38:27 | 000,000,282 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[1].txt
[2011/08/20 08:57:25 | 000,000,279 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@meebo[1].txt
[2011/08/20 08:49:45 | 000,000,306 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@meviomusicvideos.mevio[2].txt
[2011/08/20 08:57:32 | 000,000,774 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mevio[1].txt
[2011/08/20 08:55:05 | 000,000,473 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@miva.cinomedia[1].txt
[2011/08/20 08:49:53 | 000,000,934 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[2].txt
[2011/08/20 08:57:25 | 000,000,091 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mmismm[2].txt
[2011/08/20 08:56:30 | 000,000,517 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mookie1[1].txt
[2011/08/20 08:56:57 | 000,000,375 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mv.bidsystem[2].txt
[2011/08/20 08:31:33 | 000,000,146 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mybuys[1].txt
[2011/08/20 08:51:47 | 000,000,509 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mydamnchannel[1].txt
[2011/08/20 08:56:24 | 000,001,118 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mygeek[1].txt
[2011/08/20 08:37:14 | 000,000,098 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@nabbr[1].txt
[2011/08/20 08:44:46 | 000,000,188 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@natpal[1].txt
[2011/08/20 08:51:24 | 000,000,390 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@nearstop[1].txt
[2011/08/20 08:47:06 | 000,000,144 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@netseer[1].txt
[2011/08/20 08:55:26 | 000,000,095 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@network.dsidemarketing[2].txt
[2011/08/20 08:56:57 | 000,000,736 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@newpharmameds[1].txt
[2011/08/20 08:34:37 | 000,000,156 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@nexac[2].txt
[2011/08/20 08:51:11 | 000,000,462 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@noisey[2].txt
[2011/08/20 08:31:20 | 000,000,102 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@onlinesports[1].txt
[2011/08/20 08:31:32 | 000,000,594 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@onlinesports[3].txt
[2011/08/20 08:57:14 | 000,000,102 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@openx[1].txt
[2011/08/20 08:50:07 | 000,000,520 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@opt.fimserve[1].txt
[2011/08/20 08:51:48 | 000,000,315 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@optimize.indieclick[1].txt
[2011/08/20 08:56:53 | 000,000,415 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@outbrain[2].txt
[2011/08/20 08:51:03 | 000,000,249 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[2].txt
[2011/08/20 08:50:04 | 000,000,126 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ox-d.patientconversation[1].txt
[2011/08/20 08:49:17 | 000,000,087 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p-td[1].txt
[2011/08/20 08:49:10 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pictela[1].txt
[2011/08/20 08:56:07 | 000,000,458 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pixel.rubiconproject[1].txt
[2011/08/20 08:30:04 | 000,000,160 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[2].txt
[2011/08/20 08:57:21 | 000,000,157 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pool.bitp[1].txt
[2011/08/20 08:57:19 | 000,001,208 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pro-market[1].txt
[2011/08/20 08:49:17 | 000,002,198 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pubmatic[2].txt
[2011/08/20 08:47:00 | 000,000,811 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pulsemgr[2].txt
[2011/08/20 08:35:46 | 000,000,184 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@quantserve[2].txt
[2011/08/20 08:56:23 | 000,000,294 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[1].txt
[2011/08/20 08:32:54 | 000,000,071 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@quikdig[1].txt
[2011/08/20 08:46:46 | 000,000,088 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@qydjuk[2].txt
[2011/08/20 08:30:15 | 000,000,243 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@r.msn[1].txt
[2011/08/20 08:32:59 | 000,000,142 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@r1-ads.ace.advertising[2].txt
[2011/08/20 08:30:53 | 000,000,154 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@raasnet[1].txt
[2011/08/20 08:29:10 | 000,000,548 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@rateit[2].txt
[2011/08/20 08:57:36 | 000,000,291 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[1].txt
[2011/08/20 08:30:58 | 000,000,416 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmilitarygames[2].txt
[2011/08/20 08:30:27 | 000,000,090 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@relestar[1].txt
[2011/08/20 08:38:07 | 000,000,109 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@results.thinkavenue[1].txt
[2011/08/20 08:31:35 | 000,001,164 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@retrevo[1].txt
[2011/08/20 08:57:51 | 000,002,381 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[1].txt
[2011/08/20 08:45:00 | 000,000,605 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@rfihub[1].txt
[2011/08/20 08:44:03 | 000,000,126 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@rs.gwallet[1].txt
[2011/08/20 08:31:55 | 000,000,399 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[2].txt
[2011/08/20 08:57:54 | 000,003,486 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@rubiconproject[2].txt
[2011/08/20 08:43:31 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@safecart[1].txt
[2011/08/20 08:57:32 | 000,002,111 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@scanscout[2].txt
[2011/08/20 08:57:57 | 000,000,112 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@scorecardresearch[2].txt
[2011/08/20 08:31:32 | 000,000,090 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.amazead[1].txt
[2011/08/20 08:42:46 | 000,000,089 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.chillcow[1].txt
[2011/08/20 08:56:11 | 000,000,091 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.clickbowl[1].txt
[2011/08/20 08:30:08 | 000,000,092 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.clicksare[1].txt
[2011/08/20 08:43:45 | 000,000,095 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.fastsearchers[1].txt
[2011/08/20 08:45:07 | 000,000,090 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.lookcow[1].txt
[2011/08/20 08:43:57 | 000,000,093 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.lovesthings[1].txt
[2011/08/20 08:56:23 | 000,000,094 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.searchgaggle[1].txt
[2011/08/20 08:30:24 | 000,000,093 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.seekslocal[1].txt
[2011/08/20 08:47:46 | 000,000,451 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@searchmagnified[2].txt
[2011/08/20 08:57:45 | 000,000,135 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@searchsitesonline[1].txt
[2011/08/20 08:38:09 | 000,000,385 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search[2].txt
[2011/08/20 08:33:48 | 000,000,385 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@seatcoversunlimited[1].txt
[2011/08/20 08:35:05 | 000,000,449 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@seg.sharethis[1].txt
[2011/08/20 08:56:17 | 000,000,234 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sensic[1].txt
[2011/08/20 08:30:24 | 000,000,121 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serve.inadcoads[1].txt
[2011/08/20 08:44:47 | 000,000,118 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@service.optify[1].txt
[2011/08/20 08:47:41 | 000,000,187 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@servicemaster-durand-mondovi[1].txt
[2011/08/20 08:57:55 | 000,000,856 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[1].txt
[2011/08/20 08:35:05 | 000,000,179 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sharethis[2].txt
[2011/08/20 08:35:52 | 000,000,452 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@shearcomfort[1].txt
[2011/08/20 08:56:20 | 000,000,691 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@shockwave[1].txt
[2011/08/20 08:31:19 | 000,000,857 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@shopzilla[2].txt
[2011/08/20 08:31:02 | 000,000,137 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@showadsak.pubmatic[2].txt
[2011/08/20 08:29:20 | 000,000,092 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@simpli[1].txt
[2011/08/20 08:57:15 | 000,000,113 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@skimresources[1].txt
[2011/08/20 08:32:16 | 000,000,193 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sklz[1].txt
[2011/08/20 08:43:39 | 000,000,239 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@smartmomdeals[2].txt
[2011/08/20 08:46:22 | 000,000,243 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@smartmompicks[2].txt
[2011/08/20 08:57:15 | 000,000,089 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[1].txt
[2011/08/20 08:57:32 | 000,001,710 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@spotxchange[2].txt
[2011/08/20 08:48:45 | 000,000,143 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@store.yahoo[1].txt
[2011/08/20 08:49:49 | 000,000,077 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@stumbleupon[2].txt
[2011/08/20 08:57:57 | 000,000,369 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@suitesmart[2].txt
[2011/08/20 08:48:06 | 000,000,412 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@synd.shopflick[2].txt
[2011/08/20 08:32:55 | 000,000,192 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@t3.rec0rder[2].txt
[2011/08/20 08:44:00 | 000,000,245 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tag.admeld[1].txt
[2011/08/20 08:57:41 | 000,000,087 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tap.rubiconproject[2].txt
[2011/08/20 08:33:37 | 000,000,362 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@telemetryverification[1].txt
[2011/08/20 08:49:18 | 000,000,230 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@teracent[2].txt
[2011/08/20 08:31:27 | 000,000,144 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@test.coremetrics[1].txt
[2011/08/20 08:34:14 | 000,000,401 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@theclickcheck[2].txt
[2011/08/20 08:28:40 | 000,000,140 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@thefutoncritic[1].txt
[2011/08/20 08:48:10 | 000,000,377 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@thenewsagregator[2].txt
[2011/08/20 08:55:33 | 000,000,202 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@thespecialsearch[2].txt
[2011/08/20 08:42:19 | 000,000,102 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@thinkavenue[1].txt
[2011/08/20 08:56:40 | 000,000,114 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tidaltv[1].txt
[2011/08/20 08:37:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficking.nabbr[2].txt
[2011/08/20 08:57:13 | 000,000,296 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[1].txt
[2011/08/20 08:28:28 | 000,000,202 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffikcntr[2].txt
[2011/08/20 08:45:54 | 000,000,151 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@translate.googleapis[1].txt
[2011/08/20 08:36:20 | 000,000,193 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[1].txt
[2011/08/20 08:46:28 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@triggit[1].txt
[2011/08/20 08:43:39 | 000,000,103 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trusearch[1].txt
[2011/08/20 08:52:11 | 000,000,494 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tumblr[2].txt
[2011/08/20 08:57:33 | 000,000,346 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tunber[2].txt
[2011/08/20 08:57:37 | 000,002,057 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@turn[1].txt
[2011/08/20 08:57:14 | 000,000,142 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tweetmeme[1].txt
[2011/08/20 08:50:39 | 000,000,536 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@twitter[2].txt
[2011/08/20 08:32:15 | 000,000,091 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tynt[1].txt
[2011/08/20 08:33:12 | 000,000,129 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@undertone[2].txt
[2011/08/20 08:31:36 | 000,000,252 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@veruta[1].txt
[2011/08/20 08:53:44 | 000,000,112 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@viacom.adbureau[2].txt
[2011/08/20 08:33:05 | 000,000,332 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@vidasco.rotator.hadj7.adjuggler[1].txt
[2011/08/20 08:56:53 | 000,000,188 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@vizu[2].txt
[2011/08/20 08:56:27 | 000,000,827 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@voicefive[2].txt
[2011/08/20 08:56:40 | 000,000,421 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@w55c[1].txt
[2011/08/20 08:31:28 | 000,000,099 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@w99.onlinesports[1].txt
[2011/08/20 08:32:20 | 000,000,672 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@weplay.sklz[1].txt
[2011/08/20 08:30:17 | 000,000,730 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@weplay[1].txt
[2011/08/20 08:34:08 | 000,000,073 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@west.05tz2e9[1].txt
[2011/08/20 08:34:46 | 000,000,353 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@wetokole[2].txt
[2011/08/20 08:56:41 | 000,001,457 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@wtp101[2].txt
[2011/08/20 08:47:58 | 000,000,115 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.adfusion[2].txt
[2011/08/20 08:33:09 | 000,000,077 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.amazon[2].txt
[2011/08/20 08:49:29 | 000,000,328 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.autogeek[1].txt
[2011/08/20 08:29:20 | 000,000,822 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.bargainmatch[2].txt
[2011/08/20 08:47:12 | 000,000,260 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.blinkx[2].txt
[2011/08/20 08:57:46 | 000,000,347 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.blogtalkradio[1].txt
[2011/08/20 08:43:22 | 000,000,142 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.break[1].txt
[2011/08/20 08:45:09 | 000,000,085 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.break[3].txt
[2011/08/20 08:48:45 | 000,000,933 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.break[4].txt
[2011/08/20 08:57:24 | 000,000,207 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstnet[2].txt
[2011/08/20 08:42:35 | 000,000,202 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.digitalpicturesinfo[2].txt
[2011/08/20 08:57:33 | 000,000,238 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.digitaltrends[1].txt
[2011/08/20 08:38:31 | 000,000,598 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.dogster[1].txt
[2011/08/20 08:31:50 | 000,000,152 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.expandsearchanswers[1].txt
[2011/08/20 08:28:29 | 000,000,147 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.find-fast-answers[1].txt
[2011/08/20 08:32:38 | 000,000,516 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.goalbuilder[2].txt
[2011/08/20 08:57:23 | 000,000,088 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.hark[2].txt
[2011/08/20 08:30:23 | 000,000,119 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.inadcoads[1].txt
[2011/08/20 08:30:14 | 000,000,517 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.livingfrugal[2].txt
[2011/08/20 08:51:11 | 000,000,272 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.noisey[2].txt
[2011/08/20 08:36:04 | 000,000,103 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.paypal[1].txt
[2011/08/20 08:31:50 | 000,000,511 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.pebble[2].txt
[2011/08/20 08:38:09 | 000,000,727 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.search[1].txt
[2011/08/20 08:33:44 | 000,000,094 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.seatcoversunlimited[1].txt
[2011/08/20 08:31:31 | 000,000,516 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.servicecafe[2].txt
[2011/08/20 08:55:56 | 000,000,520 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.servicemountain[2].txt
[2011/08/20 08:55:51 | 000,000,122 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.shockwave[1].txt
[2011/08/20 08:30:51 | 000,000,513 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.shopzilla[1].txt
[2011/08/20 08:46:29 | 000,000,099 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.thenewsagregator[1].txt
[2011/08/20 08:43:45 | 000,000,113 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.theretaillinks[1].txt
[2011/08/20 08:42:36 | 000,000,125 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.tracklead[1].txt
[2011/08/20 08:52:10 | 000,000,095 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.tumblr[1].txt
[2011/08/20 08:55:38 | 000,000,086 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.wagbrag[1].txt
[2011/08/20 08:29:51 | 000,000,514 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.webparent[1].txt
[2011/08/20 08:34:36 | 000,000,110 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.wetokole[1].txt
[2011/08/20 08:32:47 | 000,000,513 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.wiseshop[2].txt
[2011/08/20 08:33:00 | 000,000,272 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.yellowpages[1].txt
[2011/08/20 08:57:16 | 000,000,083 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www2.chameleonsearch[1].txt
[2011/08/20 08:32:27 | 000,000,315 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xgraph[2].txt
[2011/08/20 08:55:32 | 000,000,089 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.happytofind[1].txt
[2011/08/20 08:43:06 | 000,000,176 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.provenpixel[2].txt
[2011/08/20 08:55:24 | 000,000,751 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xmladfeed[2].txt
[2011/08/20 08:29:20 | 000,000,087 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yahoo[1].txt
[2011/08/20 08:48:45 | 000,000,089 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yahoo[2].txt
[2011/08/20 08:55:59 | 000,001,852 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yellowpages.lycos[2].txt
[2011/08/20 08:33:00 | 000,000,405 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yellowpages[1].txt
[2011/08/20 08:45:52 | 000,000,102 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yieldmanager[1].txt
[2011/08/20 08:32:13 | 000,000,091 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@youtube[1].txt
[2011/08/20 08:37:54 | 000,000,324 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yttrk[2].txt
[2011/08/20 08:33:30 | 000,000,202 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yumenetworks[2].txt
[2011/08/20 08:32:12 | 000,000,470 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[1].txt
[2011/08/20 08:30:33 | 000,000,289 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ziffdavis.demdex[1].txt
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== Files - Unicode (All) ==========
[2012/09/18 23:17:46 | 000,000,274 | ---- | M] ()(C:\Windows\tasks\NetworkUtility??.job) -- C:\Windows\tasks\NetworkUtility起動.job
[2012/07/28 02:51:15 | 000,000,274 | ---- | C] ()(C:\Windows\tasks\NetworkUtility??.job) -- C:\Windows\tasks\NetworkUtility起動.job

========== Alternate Data Streams ==========

@Alternate Data Stream - 1074 bytes -> C:\Users\Video4\AppData\Local\fohcmFnnoY:ftdAc7wIjgwFRJ9xl7

< End of report >

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 20 September 2012 - 05:12 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    [2011/08/20 08:47:58 | 000,001,778 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1037385321@Top1[1]
    [2011/08/20 08:48:13 | 000,000,465 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1055796890@Left[1]
    [2011/08/20 08:56:26 | 000,002,506 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11126249978@x23[1].htm
    [2011/08/20 08:57:08 | 000,000,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11391412489@x90[1].htm
    [2011/08/20 08:57:08 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11575671707@x23[1].htm
    [2011/08/20 08:49:00 | 000,000,511 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1169139089@Position1[1]
    [2011/08/20 08:57:26 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11855263440@x23[1].htm
    [2011/08/20 08:57:14 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11862663890@x23[1].htm
    [2011/08/20 08:49:44 | 000,002,137 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1307751110@Top[1]
    [2011/08/20 08:57:26 | 000,001,785 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1386429405@x15[1]
    [2011/08/20 08:50:34 | 000,000,493 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1457225840@Position1[1]
    [2011/08/20 08:56:24 | 000,000,522 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\18213798@x90[1].htm
    [2011/08/20 08:49:47 | 000,000,510 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1821713586@Position1[1]
    [2011/08/20 08:57:13 | 000,001,794 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1849285846@x15[1]
    [2011/08/20 08:48:18 | 000,000,482 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1906215027@Position2[1]
    [2011/08/20 08:48:58 | 000,000,431 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1999136076@Left[1]
    [2011/08/20 08:47:12 | 000,011,058 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=19796&s=&y=24289&z=16&s=Galil[1].png
    [2011/08/20 08:49:56 | 000,007,418 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=4054&y=5790&z=14&s=[1].png
    [2011/08/20 08:49:58 | 000,003,457 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=4054&y=5791&z=14&s=G[1].png
    [2011/08/20 08:49:59 | 000,002,815 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=4056&y=5791&z=14&s=Galileo[1].png
    [2011/08/20 08:49:55 | 000,002,364 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=4057&y=5790&z=14&s=G[1].png
    [2011/08/20 08:56:10 | 000,000,178 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=504567&y=755012&z=21&s=G[1].png
    [2011/08/20 08:56:09 | 000,000,178 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=504568&y=755012&z=21&s=Gali[1].png
    [2011/08/20 08:56:10 | 000,000,408 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=504569&y=755009&z=21&s=Gali[1].png
    [2011/08/20 08:50:03 | 000,010,642 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=8007&s=&y=11718&z=15&s=Gal[1].png
    [2011/08/20 08:49:57 | 000,004,248 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=8007&s=&y=11719&z=15&s=Gali[1].png
    [2011/08/20 08:49:58 | 000,001,920 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=8007&s=&y=11720&z=15&s=Galil[1].png
    [2011/08/20 08:57:14 | 000,000,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11167360966@x90[1].htm
    [2011/08/20 08:57:36 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11228542818@x23[1].htm
    [2011/08/20 08:57:36 | 000,000,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11284217935@x90[1].htm
    [2011/08/20 08:57:24 | 000,000,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11315847570@x90[1].htm
    [2011/08/20 08:48:01 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11472280959@x23[1].htm
    [2011/08/20 08:47:59 | 000,000,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1245772740@x90[1].htm
    [2011/08/20 08:57:14 | 000,001,790 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1281761749@Top1[1]
    [2011/08/20 08:57:36 | 000,001,778 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1319093222@Top1[1]
    [2011/08/20 08:57:07 | 000,001,794 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1460963586@x15[1]
    [2011/08/20 08:57:28 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1505241761@x23[1].htm
    [2011/08/20 08:49:54 | 000,000,503 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1640659713@x90[1].htm
    [2011/08/20 08:57:36 | 000,001,794 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1744842817@x15[1]
    [2011/08/20 08:57:37 | 000,000,504 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1957083986@x90[1].htm
    [2011/08/20 08:48:01 | 000,000,492 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1964477568@Position1[1]
    [2011/08/20 08:47:10 | 000,007,664 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=19796&s=&y=24291&z=16&s=Galileo[1].png
    [2011/08/20 08:47:20 | 000,010,389 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=19797&s=&y=24289&z=16&s=[1].png
    [2011/08/20 08:49:54 | 000,000,215 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=4054&y=5789&z=14&s=Galileo[1].png
    [2011/08/20 08:49:55 | 000,014,734 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=4055&y=5790&z=14&s=Gal[1].png
    [2011/08/20 08:56:09 | 000,000,178 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=504567&y=755011&z=21&s=[1].png
    [2011/08/20 08:56:10 | 000,000,178 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=504569&y=755011&z=21&s=Galile[1].png
    [2011/08/20 08:56:10 | 000,000,178 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=504569&y=755012&z=21&s=Galileo[1].png
    [2011/08/20 08:54:53 | 000,016,801 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=60&y=91&z=8&s=Galileo[1].png
    [2011/08/20 08:54:54 | 000,012,061 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=60&y=93&z=8&s=G[1].png
    [2011/08/20 08:54:54 | 000,013,802 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=62&y=93&z=8&s=Galileo[1].png
    [2011/08/20 08:49:59 | 000,001,591 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=8004&s=&y=11718&z=15&s=Ga[1].png
    [2011/08/20 08:49:59 | 000,000,650 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=8004&s=&y=11720&z=15&s=Gali[1].png
    [2011/08/20 08:49:56 | 000,002,838 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=8005&s=&y=11719&z=15&s=Galile[1].png
    [2011/08/20 08:49:56 | 000,001,364 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=8005&s=&y=11720&z=15&s=Galileo[1].png
    [2011/08/20 08:49:58 | 000,003,598 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=8006&s=&y=11718&z=15&s=[1].png
    [2011/08/20 08:49:56 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\11275037388@x23[1].htm
    [2011/08/20 08:57:24 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\11561605063@x23[1].htm
    [2011/08/20 08:57:15 | 000,001,455 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1185363397@Top1[1]
    [2011/08/20 08:57:26 | 000,000,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1214185794@x90[1].htm
    [2011/08/20 08:57:28 | 000,000,504 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1228200435@x90[1].htm
    [2011/08/20 08:48:58 | 000,002,133 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1348773817@Top[1]
    [2011/08/20 08:49:53 | 000,001,778 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1463823846@Top1[1]
    [2011/08/20 08:50:27 | 000,000,490 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1469595724@Position1[1]
    [2011/08/20 08:50:27 | 000,002,049 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1477976723@Top[1]
    [2011/08/20 08:49:53 | 000,001,790 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1691460836@Top1[1]
    [2011/08/20 08:49:54 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\174087999@x23[1].htm
    [2011/08/20 08:48:12 | 000,002,277 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1794418838@Top[1]
    [2011/08/20 08:49:45 | 000,000,430 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1885710956@Left[1]
    [2011/08/20 08:50:27 | 000,000,410 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1925305162@Left[1]
    [2011/08/20 08:57:07 | 000,001,455 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1933232497@Top1[1]
    [2011/08/20 08:47:15 | 000,011,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=19799&s=&y=24291&z=16&s=[1].png
    [2011/08/20 08:49:54 | 000,006,664 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=4055&y=5789&z=14&s=Ga[1].png
    [2011/08/20 08:49:58 | 000,015,480 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=4056&y=5789&z=14&s=Galil[1].png
    [2011/08/20 08:49:57 | 000,008,284 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=4056&y=5790&z=14&s=Galile[1].png
    [2011/08/20 08:56:08 | 000,000,383 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=504568&y=755010&z=21&s=Ga[1].png
    [2011/08/20 08:56:08 | 000,000,178 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=504568&y=755011&z=21&s=Gal[1].png
    [2011/08/20 08:54:53 | 000,018,943 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=61&y=91&z=8&s=Ga[1].png
    [2011/08/20 08:54:53 | 000,021,907 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=61&y=92&z=8&s=Gal[1].png
    [2011/08/20 08:54:53 | 000,016,246 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=62&y=91&z=8&s=Galil[1].png
    [2011/08/20 08:49:56 | 000,003,580 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=8005&s=&y=11718&z=15&s=Galil[1].png
    [2011/08/20 08:57:28 | 000,001,781 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1080579483@Top1[1]
    [2011/08/20 08:49:54 | 000,000,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11149819669@x90[1].htm
    [2011/08/20 08:57:37 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1128453811@x23[1].htm
    [2011/08/20 08:57:14 | 000,000,505 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11355364539@x90[1].htm
    [2011/08/20 08:57:15 | 000,002,500 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\12041300456@x23[1].htm
    [2011/08/20 08:49:47 | 000,000,468 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1258334641@Position2[1]
    [2011/08/20 08:48:17 | 000,002,373 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1302173216@Position1[1]
    [2011/08/20 08:49:03 | 000,001,406 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1357385884@Position2[1]
    [2011/08/20 08:57:23 | 000,001,787 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1550319140@Top1[1]
    [2011/08/20 08:54:52 | 000,009,438 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=0&y=0&z=0&s=[1].png
    [2011/08/20 08:47:09 | 000,007,588 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19796&s=&y=24290&z=16&s=Galile[1].png
    [2011/08/20 08:47:07 | 000,012,789 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19797&s=&y=24290&z=16&s=G[1].png
    [2011/08/20 08:47:09 | 000,011,964 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19797&s=&y=24291&z=16&s=Ga[1].png
    [2011/08/20 08:47:09 | 000,008,160 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19798&s=&y=24289&z=16&s=Gal[1].png
    [2011/08/20 08:47:07 | 000,008,859 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19798&s=&y=24290&z=16&s=Gali[1].png
    [2011/08/20 08:47:07 | 000,008,654 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19798&s=&y=24291&z=16&s=Galil[1].png
    [2011/08/20 08:47:17 | 000,009,786 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19799&s=&y=24289&z=16&s=Galile[1].png
    [2011/08/20 08:47:12 | 000,009,260 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19799&s=&y=24290&z=16&s=Galileo[1].png
    [2011/08/20 08:49:54 | 000,003,194 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=4055&y=5791&z=14&s=Gali[1].png
    [2011/08/20 08:49:56 | 000,004,107 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=4057&y=5789&z=14&s=[1].png
    [2011/08/20 08:49:56 | 000,002,062 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=4057&y=5791&z=14&s=Ga[1].png
    [2011/08/20 08:56:09 | 000,000,178 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=504567&y=755009&z=21&s=Galile[1].png
    [2011/08/20 08:56:08 | 000,000,451 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=504567&y=755010&z=21&s=Galileo[1].png
    [2011/08/20 08:56:08 | 000,000,232 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=504568&y=755009&z=21&s=G[1].png
    [2011/08/20 08:56:08 | 000,000,214 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=504569&y=755010&z=21&s=Galil[1].png
    [2011/08/20 08:54:53 | 000,009,966 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=60&y=92&z=8&s=[1].png
    [2011/08/20 08:54:53 | 000,014,348 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=61&y=93&z=8&s=Gali[1].png
    [2011/08/20 08:54:53 | 000,015,701 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=62&y=92&z=8&s=Galile[1].png
    [2011/08/20 08:49:58 | 000,000,539 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=8004&s=&y=11719&z=15&s=Gal[1].png
    [2011/08/20 08:49:58 | 000,003,109 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=8006&s=&y=11719&z=15&s=G[1].png
    [2011/08/20 08:49:59 | 000,001,054 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=8006&s=&y=11720&z=15&s=Ga[1].png
    [2011/08/20 08:32:40 | 000,000,373 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@1008827.r.msn[1].txt
    [2011/08/20 08:56:08 | 000,000,216 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@11072-8952.bidvalidation[2].txt
    [2011/08/20 08:55:59 | 000,000,374 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@1286953.r.msn[1].txt
    [2011/08/20 08:32:48 | 000,000,372 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@134715.r.msn[1].txt
    [2011/08/20 08:43:12 | 000,000,115 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@1734847885.pub.ezanga[1].txt
    [2011/08/20 08:44:07 | 000,000,110 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@1819045062.pub.ezanga[1].txt
    [2011/08/20 08:57:49 | 000,000,070 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@194.11.16[1].txt
    [2011/08/20 08:47:44 | 000,000,092 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[1].txt
    [2011/08/20 08:48:44 | 000,000,372 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@25757.r.msn[1].txt
    [2011/08/20 08:56:44 | 000,000,111 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2668896081.pub.ezanga[1].txt
    [2011/08/20 08:34:35 | 000,000,373 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@269614.r.msn[1].txt
    [2011/08/20 08:43:15 | 000,000,115 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2733762453.pub.ezanga[1].txt
    [2011/08/20 08:55:43 | 000,000,137 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2o7[1].txt
    [2011/08/20 08:43:40 | 000,000,109 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@3102329076.pub.ezanga[1].txt
    [2011/08/20 08:32:26 | 000,000,130 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@33across[1].txt
    [2011/08/20 08:57:10 | 000,000,398 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@37millionminutes[2].txt
    [2011/08/20 08:43:13 | 000,000,115 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@3902209715.pub.ezanga[1].txt
    [2011/08/20 08:55:33 | 000,000,117 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@4029427265.pub.ezanga[1].txt
    [2011/08/20 08:47:35 | 000,000,372 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@635004.r.msn[2].txt
    [2011/08/20 08:32:31 | 000,000,083 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@65.60.9[1].txt
    [2011/08/20 08:29:25 | 000,000,099 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@66.230.138[1].txt
    [2011/08/20 08:43:16 | 000,000,099 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@66.230.138[2].txt
    [2011/08/20 08:43:02 | 000,000,086 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.36[2].txt
    [2011/08/20 08:43:32 | 000,000,080 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[10].txt
    [2011/08/20 08:43:07 | 000,000,086 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[11].txt
    [2011/08/20 08:29:01 | 000,000,080 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[1].txt
    [2011/08/20 08:30:47 | 000,000,081 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[2].txt
    [2011/08/20 08:31:09 | 000,000,080 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[3].txt
    [2011/08/20 08:31:18 | 000,000,081 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[4].txt
    [2011/08/20 08:32:22 | 000,000,081 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[5].txt
    [2011/08/20 08:43:02 | 000,000,087 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[6].txt
    [2011/08/20 08:43:03 | 000,000,087 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[7].txt
    [2011/08/20 08:43:03 | 000,000,087 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[8].txt
    [2011/08/20 08:43:05 | 000,000,086 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[9].txt
    [2011/08/20 08:29:49 | 000,000,097 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@68.169.92[1].txt
    [2011/08/20 08:33:50 | 000,000,086 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@72.233.76[1].txt
    [2011/08/20 08:31:50 | 000,000,373 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@884202.r.msn[1].txt
    [2011/08/20 08:33:43 | 000,000,372 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@961881.r.msn[1].txt
    [2011/08/20 08:56:02 | 000,000,202 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@abmr[2].txt
    [2011/08/20 08:47:57 | 000,000,253 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.360yield[2].txt
    [2011/08/20 08:29:54 | 000,000,188 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.wsod[2].txt
    [2011/08/20 08:57:51 | 000,002,467 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt
    [2011/08/20 08:34:51 | 000,000,113 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adadvisor[1].txt
    [2011/08/20 08:57:57 | 000,001,466 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adap[2].txt
    [2011/08/20 08:57:57 | 000,001,314 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[1].txt
    [2011/08/20 08:32:37 | 000,000,109 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbuyer[2].txt
    [2011/08/20 08:43:20 | 000,000,232 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adcirrus[2].txt
    [2011/08/20 08:47:57 | 000,001,187 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@addresses[2].txt
    [2011/08/20 08:57:46 | 000,000,696 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@addthis[2].txt
    [2011/08/20 08:29:11 | 000,000,101 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adimpserv[1].txt
    [2011/08/20 08:47:56 | 000,000,354 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@admailtiser[2].txt
    [2011/08/20 08:57:12 | 000,003,955 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adnxs[1].txt
    [2011/08/20 08:56:45 | 000,000,524 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.blogtalkradio[2].txt
    [2011/08/20 08:35:18 | 000,000,283 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.gamersmedia[1].txt
    [2011/08/20 08:49:52 | 000,000,234 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.lycos[1].txt
    [2011/08/20 08:56:09 | 000,000,917 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pointroll[1].txt
    [2011/08/20 08:33:11 | 000,000,338 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pubmatic[2].txt
    [2011/08/20 08:56:58 | 000,000,492 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.undertone[2].txt
    [2011/08/20 08:28:48 | 000,000,105 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[1].txt
    [2011/08/20 08:47:55 | 000,000,107 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adsrvr[2].txt
    [2011/08/20 08:28:48 | 000,000,099 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt
    [2011/08/20 08:44:54 | 000,000,184 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[1].txt
    [2011/08/20 08:49:08 | 000,000,695 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[1].txt
    [2011/08/20 08:29:49 | 000,000,107 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[1].txt
    [2011/08/20 08:48:06 | 000,000,353 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@afy11[2].txt
    [2011/08/20 08:50:12 | 000,000,262 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@agkn[2].txt
    [2011/08/20 08:31:56 | 000,000,197 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@amazon-cornerstone[2].txt
    [2011/08/20 08:31:55 | 000,000,704 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@amazon[2].txt
    [2011/08/20 08:53:39 | 000,000,831 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@amgdgt[2].txt
    [2011/08/20 08:49:15 | 000,000,856 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apex-ad[2].txt
    [2011/08/20 08:46:13 | 000,000,090 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@api.dimestore[1].txt
    [2011/08/20 08:30:47 | 000,000,097 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[2].txt
    [2011/08/20 08:47:16 | 000,000,089 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@appssavvy[1].txt
    [2011/08/20 08:29:37 | 000,000,188 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt
    [2011/08/20 08:32:14 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@au.vizisense[1].txt
    [2011/08/20 08:48:06 | 000,000,093 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@audienceiq[2].txt
    [2011/08/20 08:48:45 | 000,000,093 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@auto-geek[1].txt
    [2011/08/20 08:37:23 | 000,001,212 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@autocenterstore[2].txt
    [2011/08/20 08:48:45 | 000,000,086 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@autogeek[1].txt
    [2011/08/20 08:57:37 | 000,000,168 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@b3.mookie1[2].txt
    [2011/08/20 08:33:17 | 000,000,404 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@badgerbasementsystems[1].txt
    [2011/08/20 08:37:24 | 000,000,443 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bandtools.nabbr[2].txt
    [2011/08/20 08:37:31 | 000,000,180 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bandtools.nabbr[3].txt
    [2011/08/20 08:38:00 | 000,000,463 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bestflasher[1].txt
    [2011/08/20 08:56:54 | 000,000,096 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bidsystem[2].txt
    [2011/08/20 08:31:20 | 000,000,213 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizrate[2].txt
    [2011/08/20 08:55:52 | 000,000,128 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[1].txt
    [2011/08/20 08:35:07 | 000,000,469 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@blinkxremote51.ourtoolbar[1].txt
    [2011/08/20 08:47:36 | 000,000,499 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@blinkx[1].txt
    [2011/08/20 08:57:49 | 000,001,767 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@blogtalkradio[2].txt
    [2011/08/20 08:57:32 | 000,001,495 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bluekai[2].txt
    [2011/08/20 08:56:06 | 000,000,292 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bnmla[1].txt
    [2011/08/20 08:38:22 | 000,000,129 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@brand[1].txt
    [2011/08/20 08:48:45 | 000,000,697 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@break[2].txt
    [2011/08/20 08:56:40 | 000,000,123 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@brilig[2].txt
    [2011/08/20 08:48:44 | 000,000,144 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[2].txt
    [2011/08/20 08:46:02 | 000,000,099 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@btg.mtvnservices[1].txt
    [2011/08/20 08:49:49 | 000,000,228 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@btrll[2].txt
    [2011/08/20 08:56:03 | 000,000,086 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[1].txt
    [2011/08/20 08:56:03 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@c.ypcdn[2].txt
    [2011/08/20 08:47:48 | 000,000,515 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@c3metrics[1].txt
    [2011/08/20 08:56:47 | 000,000,079 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@CAJIL4N1.txt
    [2011/08/20 08:49:49 | 000,000,277 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cas.ny.us.criteo[1].txt
    [2011/08/20 08:57:14 | 000,000,790 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[2].txt
    [2011/08/20 08:44:45 | 000,000,079 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@CAYP1TG8.txt
    [2011/08/20 08:56:53 | 000,000,329 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn.jemamedia[2].txt
    [2011/08/20 08:57:49 | 000,000,897 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chango[1].txt
    [2011/08/20 08:56:06 | 000,000,119 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@choicestream[2].txt
    [2011/08/20 08:56:37 | 000,000,736 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@citi.bridgetrack[1].txt
    [2011/08/20 08:56:05 | 000,000,452 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@citygridmedia[2].txt
    [2011/08/20 08:49:55 | 000,000,512 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@citysearch[1].txt
    [2011/08/20 08:38:08 | 000,000,410 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ck.ads.affinity[1].txt
    [2011/08/20 08:42:40 | 000,000,647 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@claim.windailygadgets[1].txt
    [2011/08/20 08:55:33 | 000,000,119 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.thespecialsearch[1].txt
    [2011/08/20 08:57:57 | 000,001,295 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[2].txt
    [2011/08/20 08:32:59 | 000,000,222 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@comparestores[2].txt
    [2011/08/20 08:29:15 | 000,000,359 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@connectbar[2].txt
    [2011/08/20 08:32:27 | 000,000,085 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[2].txt
    [2011/08/20 08:32:27 | 000,000,220 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[3].txt
    [2011/08/20 08:55:54 | 000,001,242 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@contextweb[1].txt
    [2011/08/20 08:43:15 | 000,001,000 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cpvtgt[2].txt
    [2011/08/20 08:57:19 | 000,001,120 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@criteo[2].txt
    [2011/08/20 08:46:43 | 000,000,096 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@crux.mevio[1].txt
    [2011/08/20 08:57:57 | 000,000,942 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@crwdcntrl[2].txt
    [2011/08/20 08:32:03 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@d.adroll[1].txt
    [2011/08/20 08:57:54 | 000,000,104 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@d.gossipcenter[1].txt
    [2011/08/20 08:49:37 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@d.tradex.openx[1].txt
    [2011/08/20 08:49:41 | 000,001,444 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dailyrx[2].txt
    [2011/08/20 08:57:54 | 000,000,114 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[2].txt
    [2011/08/20 08:55:24 | 000,000,128 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc1e.3vg58t1[1].txt
    [2011/08/20 08:32:47 | 000,000,122 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc2w.3vg58t1[1].txt
    [2011/08/20 08:29:43 | 000,000,196 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@demdex[2].txt
    [2011/08/20 08:49:57 | 000,000,257 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@demr.opt.fimserve[1].txt
    [2011/08/20 08:57:23 | 000,000,393 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@digitaltrends[2].txt
    [2011/08/20 08:57:40 | 000,000,080 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@displaymarketplace[2].txt
    [2011/08/20 08:38:32 | 000,000,830 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dogster[1].txt
    [2011/08/20 08:30:51 | 000,000,177 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@domdex[2].txt
    [2011/08/20 08:45:45 | 000,000,242 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt
    [2011/08/20 08:29:43 | 000,000,110 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dpm.demdex[1].txt
    [2011/08/20 08:49:33 | 000,000,380 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@drivesober.nhtsa[2].txt
    [2011/08/20 08:31:12 | 000,000,407 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@e-referencedesk[2].txt
    [2011/08/20 08:51:12 | 000,000,810 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@emusician[2].txt
    [2011/08/20 08:45:06 | 000,000,214 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@everesttech[1].txt
    [2011/08/20 08:57:50 | 000,003,639 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@exelator[1].txt
    [2011/08/20 08:32:16 | 000,000,463 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eyewonder[1].txt
    [2011/08/20 08:54:46 | 000,000,390 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ezanga[2].txt
    [2011/08/20 08:32:58 | 000,000,097 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@facebook[1].txt
    [2011/08/20 08:51:09 | 000,000,088 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[1].txt
    [2011/08/20 08:48:35 | 000,001,133 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fetchback[2].txt
    [2011/08/20 08:32:50 | 000,000,131 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@filter.popxml[1].txt
    [2011/08/20 08:55:26 | 000,000,386 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@findology[1].txt
    [2011/08/20 08:35:35 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@flashtalking[1].txt
    [2011/08/20 08:55:59 | 000,000,096 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@forms.aweber[1].txt
    [2011/08/20 08:48:01 | 000,000,814 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@freegametopia[2].txt
    [2011/08/20 08:49:10 | 000,000,235 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@glam[2].txt
    [2011/08/20 08:49:55 | 000,000,136 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@google[1].txt
    [2011/08/20 08:54:53 | 000,000,356 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@google[3].txt
    [2011/08/20 08:32:47 | 000,000,510 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@grastengenerators[1].txt
    [2011/08/20 08:38:27 | 000,000,106 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@gravity[1].txt
    [2011/08/20 08:56:14 | 000,000,557 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@greeting-cards[1].txt
    [2011/08/20 08:48:00 | 000,000,169 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@gwallet[2].txt
    [2011/08/20 08:57:52 | 000,000,449 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hark[1].txt
    [2011/08/20 08:56:06 | 000,000,747 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hellominneapolis[1].txt
    [2011/08/20 08:49:30 | 000,000,095 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hostingprod[1].txt
    [2011/08/20 08:57:25 | 000,000,272 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hotoff.mevio[2].txt
    [2011/08/20 08:57:38 | 000,000,125 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ib.mookie1[1].txt
    [2011/08/20 08:28:51 | 000,000,210 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt
    [2011/08/20 08:51:48 | 000,000,081 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@indieclick[2].txt
    [2011/08/20 08:32:19 | 000,000,361 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@info.break[2].txt
    [2011/08/20 08:35:35 | 000,000,365 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[1].txt
    [2011/08/20 08:28:47 | 000,000,098 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@intellitxt[1].txt
    [2011/08/20 08:30:38 | 000,000,139 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interchangecorporation.122.2o7[1].txt
    [2011/08/20 08:30:53 | 000,000,271 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[1].txt
    [2011/08/20 08:29:19 | 000,000,102 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@inuvo[1].txt
    [2011/08/20 08:49:13 | 000,002,102 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[1].txt
    [2011/08/20 08:33:58 | 000,000,361 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@jampaper[1].txt
    [2011/08/20 08:52:27 | 000,000,347 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@joost[1].txt
    [2011/08/20 08:56:57 | 000,000,596 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@koonzie[2].txt
    [2011/08/20 08:33:19 | 000,000,197 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ktr.t134[1].txt
    [2011/08/20 08:51:08 | 000,000,086 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@legolas-media[1].txt
    [2011/08/20 08:48:03 | 000,000,975 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lijit[2].txt
    [2011/08/20 08:55:03 | 000,000,087 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@live.37millionminutes[1].txt
    [2011/08/20 08:33:36 | 000,000,077 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liverail[2].txt
    [2011/08/20 08:57:17 | 000,000,397 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@local-discount-shopping[2].txt
    [2011/08/20 08:30:42 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@local[1].txt
    [2011/08/20 08:32:12 | 000,000,332 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@looksmart.adveright[2].txt
    [2011/08/20 08:43:12 | 000,000,614 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@looksmart[2].txt
    [2011/08/20 08:46:48 | 000,000,082 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lucidmedia[1].txt
    [2011/08/20 08:46:48 | 000,000,201 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lycos[2].txt
    [2011/08/20 08:30:16 | 000,000,127 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@madethecut.112.2o7[1].txt
    [2011/08/20 08:57:54 | 000,000,397 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mathtag[2].txt
    [2011/08/20 08:57:49 | 000,001,119 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[1].txt
    [2011/08/20 08:48:06 | 000,000,096 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[1].txt
    [2011/08/20 08:38:27 | 000,000,282 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[1].txt
    [2011/08/20 08:57:25 | 000,000,279 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@meebo[1].txt
    [2011/08/20 08:49:45 | 000,000,306 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@meviomusicvideos.mevio[2].txt
    [2011/08/20 08:57:32 | 000,000,774 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mevio[1].txt
    [2011/08/20 08:55:05 | 000,000,473 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@miva.cinomedia[1].txt
    [2011/08/20 08:49:53 | 000,000,934 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[2].txt
    [2011/08/20 08:57:25 | 000,000,091 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mmismm[2].txt
    [2011/08/20 08:56:30 | 000,000,517 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mookie1[1].txt
    [2011/08/20 08:56:57 | 000,000,375 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mv.bidsystem[2].txt
    [2011/08/20 08:31:33 | 000,000,146 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mybuys[1].txt
    [2011/08/20 08:51:47 | 000,000,509 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mydamnchannel[1].txt
    [2011/08/20 08:56:24 | 000,001,118 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mygeek[1].txt
    [2011/08/20 08:37:14 | 000,000,098 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@nabbr[1].txt
    [2011/08/20 08:44:46 | 000,000,188 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@natpal[1].txt
    [2011/08/20 08:51:24 | 000,000,390 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@nearstop[1].txt
    [2011/08/20 08:47:06 | 000,000,144 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@netseer[1].txt
    [2011/08/20 08:55:26 | 000,000,095 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@network.dsidemarketing[2].txt
    [2011/08/20 08:56:57 | 000,000,736 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@newpharmameds[1].txt
    [2011/08/20 08:34:37 | 000,000,156 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@nexac[2].txt
    [2011/08/20 08:51:11 | 000,000,462 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@noisey[2].txt
    [2011/08/20 08:31:20 | 000,000,102 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@onlinesports[1].txt
    [2011/08/20 08:31:32 | 000,000,594 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@onlinesports[3].txt
    [2011/08/20 08:57:14 | 000,000,102 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@openx[1].txt
    [2011/08/20 08:50:07 | 000,000,520 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@opt.fimserve[1].txt
    [2011/08/20 08:51:48 | 000,000,315 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@optimize.indieclick[1].txt
    [2011/08/20 08:56:53 | 000,000,415 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@outbrain[2].txt
    [2011/08/20 08:51:03 | 000,000,249 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[2].txt
    [2011/08/20 08:50:04 | 000,000,126 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ox-d.patientconversation[1].txt
    [2011/08/20 08:49:17 | 000,000,087 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p-td[1].txt
    [2011/08/20 08:49:10 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pictela[1].txt
    [2011/08/20 08:56:07 | 000,000,458 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pixel.rubiconproject[1].txt
    [2011/08/20 08:30:04 | 000,000,160 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[2].txt
    [2011/08/20 08:57:21 | 000,000,157 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pool.bitp[1].txt
    [2011/08/20 08:57:19 | 000,001,208 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pro-market[1].txt
    [2011/08/20 08:49:17 | 000,002,198 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pubmatic[2].txt
    [2011/08/20 08:47:00 | 000,000,811 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pulsemgr[2].txt
    [2011/08/20 08:35:46 | 000,000,184 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@quantserve[2].txt
    [2011/08/20 08:56:23 | 000,000,294 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[1].txt
    [2011/08/20 08:32:54 | 000,000,071 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@quikdig[1].txt
    [2011/08/20 08:46:46 | 000,000,088 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@qydjuk[2].txt
    [2011/08/20 08:30:15 | 000,000,243 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@r.msn[1].txt
    [2011/08/20 08:32:59 | 000,000,142 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@r1-ads.ace.advertising[2].txt
    [2011/08/20 08:30:53 | 000,000,154 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@raasnet[1].txt
    [2011/08/20 08:29:10 | 000,000,548 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@rateit[2].txt
    [2011/08/20 08:57:36 | 000,000,291 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[1].txt
    [2011/08/20 08:30:58 | 000,000,416 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmilitarygames[2].txt
    [2011/08/20 08:30:27 | 000,000,090 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@relestar[1].txt
    [2011/08/20 08:38:07 | 000,000,109 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@results.thinkavenue[1].txt
    [2011/08/20 08:31:35 | 000,001,164 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@retrevo[1].txt
    [2011/08/20 08:57:51 | 000,002,381 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[1].txt
    [2011/08/20 08:45:00 | 000,000,605 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@rfihub[1].txt
    [2011/08/20 08:44:03 | 000,000,126 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@rs.gwallet[1].txt
    [2011/08/20 08:31:55 | 000,000,399 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[2].txt
    [2011/08/20 08:57:54 | 000,003,486 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@rubiconproject[2].txt
    [2011/08/20 08:43:31 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@safecart[1].txt
    [2011/08/20 08:57:32 | 000,002,111 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@scanscout[2].txt
    [2011/08/20 08:57:57 | 000,000,112 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@scorecardresearch[2].txt
    [2011/08/20 08:31:32 | 000,000,090 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.amazead[1].txt
    [2011/08/20 08:42:46 | 000,000,089 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.chillcow[1].txt
    [2011/08/20 08:56:11 | 000,000,091 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.clickbowl[1].txt
    [2011/08/20 08:30:08 | 000,000,092 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.clicksare[1].txt
    [2011/08/20 08:43:45 | 000,000,095 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.fastsearchers[1].txt
    [2011/08/20 08:45:07 | 000,000,090 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.lookcow[1].txt
    [2011/08/20 08:43:57 | 000,000,093 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.lovesthings[1].txt
    [2011/08/20 08:56:23 | 000,000,094 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.searchgaggle[1].txt
    [2011/08/20 08:30:24 | 000,000,093 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.seekslocal[1].txt
    [2011/08/20 08:47:46 | 000,000,451 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@searchmagnified[2].txt
    [2011/08/20 08:57:45 | 000,000,135 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@searchsitesonline[1].txt
    [2011/08/20 08:38:09 | 000,000,385 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search[2].txt
    [2011/08/20 08:33:48 | 000,000,385 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@seatcoversunlimited[1].txt
    [2011/08/20 08:35:05 | 000,000,449 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@seg.sharethis[1].txt
    [2011/08/20 08:56:17 | 000,000,234 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sensic[1].txt
    [2011/08/20 08:30:24 | 000,000,121 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serve.inadcoads[1].txt
    [2011/08/20 08:44:47 | 000,000,118 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@service.optify[1].txt
    [2011/08/20 08:47:41 | 000,000,187 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@servicemaster-durand-mondovi[1].txt
    [2011/08/20 08:57:55 | 000,000,856 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[1].txt
    [2011/08/20 08:35:05 | 000,000,179 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sharethis[2].txt
    [2011/08/20 08:35:52 | 000,000,452 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@shearcomfort[1].txt
    [2011/08/20 08:56:20 | 000,000,691 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@shockwave[1].txt
    [2011/08/20 08:31:19 | 000,000,857 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@shopzilla[2].txt
    [2011/08/20 08:31:02 | 000,000,137 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@showadsak.pubmatic[2].txt
    [2011/08/20 08:29:20 | 000,000,092 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@simpli[1].txt
    [2011/08/20 08:57:15 | 000,000,113 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@skimresources[1].txt
    [2011/08/20 08:32:16 | 000,000,193 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sklz[1].txt
    [2011/08/20 08:43:39 | 000,000,239 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@smartmomdeals[2].txt
    [2011/08/20 08:46:22 | 000,000,243 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@smartmompicks[2].txt
    [2011/08/20 08:57:15 | 000,000,089 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[1].txt
    [2011/08/20 08:57:32 | 000,001,710 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@spotxchange[2].txt
    [2011/08/20 08:48:45 | 000,000,143 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@store.yahoo[1].txt
    [2011/08/20 08:49:49 | 000,000,077 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@stumbleupon[2].txt
    [2011/08/20 08:57:57 | 000,000,369 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@suitesmart[2].txt
    [2011/08/20 08:48:06 | 000,000,412 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@synd.shopflick[2].txt
    [2011/08/20 08:32:55 | 000,000,192 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@t3.rec0rder[2].txt
    [2011/08/20 08:44:00 | 000,000,245 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tag.admeld[1].txt
    [2011/08/20 08:57:41 | 000,000,087 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tap.rubiconproject[2].txt
    [2011/08/20 08:33:37 | 000,000,362 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@telemetryverification[1].txt
    [2011/08/20 08:49:18 | 000,000,230 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@teracent[2].txt
    [2011/08/20 08:31:27 | 000,000,144 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@test.coremetrics[1].txt
    [2011/08/20 08:34:14 | 000,000,401 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@theclickcheck[2].txt
    [2011/08/20 08:28:40 | 000,000,140 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@thefutoncritic[1].txt
    [2011/08/20 08:48:10 | 000,000,377 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@thenewsagregator[2].txt
    [2011/08/20 08:55:33 | 000,000,202 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@thespecialsearch[2].txt
    [2011/08/20 08:42:19 | 000,000,102 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@thinkavenue[1].txt
    [2011/08/20 08:56:40 | 000,000,114 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tidaltv[1].txt
    [2011/08/20 08:37:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficking.nabbr[2].txt
    [2011/08/20 08:57:13 | 000,000,296 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[1].txt
    [2011/08/20 08:28:28 | 000,000,202 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffikcntr[2].txt
    [2011/08/20 08:45:54 | 000,000,151 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@translate.googleapis[1].txt
    [2011/08/20 08:36:20 | 000,000,193 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[1].txt
    [2011/08/20 08:46:28 | 000,000,108 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@triggit[1].txt
    [2011/08/20 08:43:39 | 000,000,103 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trusearch[1].txt
    [2011/08/20 08:52:11 | 000,000,494 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tumblr[2].txt
    [2011/08/20 08:57:33 | 000,000,346 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tunber[2].txt
    [2011/08/20 08:57:37 | 000,002,057 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@turn[1].txt
    [2011/08/20 08:57:14 | 000,000,142 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tweetmeme[1].txt
    [2011/08/20 08:50:39 | 000,000,536 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@twitter[2].txt
    [2011/08/20 08:32:15 | 000,000,091 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tynt[1].txt
    [2011/08/20 08:33:12 | 000,000,129 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@undertone[2].txt
    [2011/08/20 08:31:36 | 000,000,252 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@veruta[1].txt
    [2011/08/20 08:53:44 | 000,000,112 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@viacom.adbureau[2].txt
    [2011/08/20 08:33:05 | 000,000,332 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@vidasco.rotator.hadj7.adjuggler[1].txt
    [2011/08/20 08:56:53 | 000,000,188 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@vizu[2].txt
    [2011/08/20 08:56:27 | 000,000,827 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@voicefive[2].txt
    [2011/08/20 08:56:40 | 000,000,421 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@w55c[1].txt
    [2011/08/20 08:31:28 | 000,000,099 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@w99.onlinesports[1].txt
    [2011/08/20 08:32:20 | 000,000,672 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@weplay.sklz[1].txt
    [2011/08/20 08:30:17 | 000,000,730 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@weplay[1].txt
    [2011/08/20 08:34:08 | 000,000,073 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@west.05tz2e9[1].txt
    [2011/08/20 08:34:46 | 000,000,353 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@wetokole[2].txt
    [2011/08/20 08:56:41 | 000,001,457 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@wtp101[2].txt
    [2011/08/20 08:47:58 | 000,000,115 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.adfusion[2].txt
    [2011/08/20 08:33:09 | 000,000,077 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.amazon[2].txt
    [2011/08/20 08:49:29 | 000,000,328 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.autogeek[1].txt
    [2011/08/20 08:29:20 | 000,000,822 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.bargainmatch[2].txt
    [2011/08/20 08:47:12 | 000,000,260 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.blinkx[2].txt
    [2011/08/20 08:57:46 | 000,000,347 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.blogtalkradio[1].txt
    [2011/08/20 08:43:22 | 000,000,142 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.break[1].txt
    [2011/08/20 08:45:09 | 000,000,085 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.break[3].txt
    [2011/08/20 08:48:45 | 000,000,933 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.break[4].txt
    [2011/08/20 08:57:24 | 000,000,207 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstnet[2].txt
    [2011/08/20 08:42:35 | 000,000,202 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.digitalpicturesinfo[2].txt
    [2011/08/20 08:57:33 | 000,000,238 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.digitaltrends[1].txt
    [2011/08/20 08:38:31 | 000,000,598 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.dogster[1].txt
    [2011/08/20 08:31:50 | 000,000,152 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.expandsearchanswers[1].txt
    [2011/08/20 08:28:29 | 000,000,147 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.find-fast-answers[1].txt
    [2011/08/20 08:32:38 | 000,000,516 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.goalbuilder[2].txt
    [2011/08/20 08:57:23 | 000,000,088 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.hark[2].txt
    [2011/08/20 08:30:23 | 000,000,119 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.inadcoads[1].txt
    [2011/08/20 08:30:14 | 000,000,517 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.livingfrugal[2].txt
    [2011/08/20 08:51:11 | 000,000,272 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.noisey[2].txt
    [2011/08/20 08:36:04 | 000,000,103 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.paypal[1].txt
    [2011/08/20 08:31:50 | 000,000,511 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.pebble[2].txt
    [2011/08/20 08:38:09 | 000,000,727 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.search[1].txt
    [2011/08/20 08:33:44 | 000,000,094 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.seatcoversunlimited[1].txt
    [2011/08/20 08:31:31 | 000,000,516 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.servicecafe[2].txt
    [2011/08/20 08:55:56 | 000,000,520 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.servicemountain[2].txt
    [2011/08/20 08:55:51 | 000,000,122 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.shockwave[1].txt
    [2011/08/20 08:30:51 | 000,000,513 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.shopzilla[1].txt
    [2011/08/20 08:46:29 | 000,000,099 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.thenewsagregator[1].txt
    [2011/08/20 08:43:45 | 000,000,113 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.theretaillinks[1].txt
    [2011/08/20 08:42:36 | 000,000,125 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.tracklead[1].txt
    [2011/08/20 08:52:10 | 000,000,095 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.tumblr[1].txt
    [2011/08/20 08:55:38 | 000,000,086 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.wagbrag[1].txt
    [2011/08/20 08:29:51 | 000,000,514 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.webparent[1].txt
    [2011/08/20 08:34:36 | 000,000,110 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.wetokole[1].txt
    [2011/08/20 08:32:47 | 000,000,513 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.wiseshop[2].txt
    [2011/08/20 08:33:00 | 000,000,272 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.yellowpages[1].txt
    [2011/08/20 08:57:16 | 000,000,083 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www2.chameleonsearch[1].txt
    [2011/08/20 08:32:27 | 000,000,315 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xgraph[2].txt
    [2011/08/20 08:55:32 | 000,000,089 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.happytofind[1].txt
    [2011/08/20 08:43:06 | 000,000,176 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.provenpixel[2].txt
    [2011/08/20 08:55:24 | 000,000,751 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xmladfeed[2].txt
    [2011/08/20 08:29:20 | 000,000,087 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yahoo[1].txt
    [2011/08/20 08:48:45 | 000,000,089 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yahoo[2].txt
    [2011/08/20 08:55:59 | 000,001,852 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yellowpages.lycos[2].txt
    [2011/08/20 08:33:00 | 000,000,405 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yellowpages[1].txt
    [2011/08/20 08:45:52 | 000,000,102 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yieldmanager[1].txt
    [2011/08/20 08:32:13 | 000,000,091 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@youtube[1].txt
    [2011/08/20 08:37:54 | 000,000,324 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yttrk[2].txt
    [2011/08/20 08:33:30 | 000,000,202 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yumenetworks[2].txt
    [2011/08/20 08:32:12 | 000,000,470 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[1].txt
    [2011/08/20 08:30:33 | 000,000,289 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ziffdavis.demdex[1].txt
    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
    @Alternate Data Stream - 1074 bytes -> C:\Users\Video4\AppData\Local\fohcmFnnoY:ftdAc7wIjgwFRJ9xl7    
    FF - prefs.js..extensions.enabledAddons: wsjsziuerg@wsjsziuerg.org:1.0
    [1832/11/28 23:37:17 | 000,004,819 | ---- | M] () (No name found) -- C:\Users\Video4\AppData\Roaming\Mozilla\Firefox\Profiles\1pro6qcf.default\extensions\wsjsziuerg@wsjsziuerg.org.xpi
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 jimmyz12

jimmyz12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 20 September 2012 - 05:32 PM

The OTL report is below. The OTL program did not ask to reboot the machine! I loaded Firefox and did another Google search for "removing tiles from concrete floor" and this time it appears to NOT be redirecting at all. I poke around some more, and I won't reboot or do anything else until you've had a chance to review the report below. THANKS FOR YOUR HELP SO FAR!!



========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap11\ deleted successfully.
File Protocol\Handler\mso-offdap11 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1037385321@Top1[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1055796890@Left[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11126249978@x23[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11391412489@x90[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11575671707@x23[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1169139089@Position1[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11855263440@x23[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11862663890@x23[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1307751110@Top[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1386429405@x15[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1457225840@Position1[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\18213798@x90[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1821713586@Position1[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1849285846@x15[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1906215027@Position2[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1999136076@Left[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=19796&s=&y=24289&z=16&s=Galil[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=4054&y=5790&z=14&s=[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=4054&y=5791&z=14&s=G[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=4056&y=5791&z=14&s=Galileo[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=4057&y=5790&z=14&s=G[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=504567&y=755012&z=21&s=G[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=504568&y=755012&z=21&s=Gali[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=504569&y=755009&z=21&s=Gali[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=8007&s=&y=11718&z=15&s=Gal[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=8007&s=&y=11719&z=15&s=Gali[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\lyrs=m@159000000&hl=en&src=api&x=8007&s=&y=11720&z=15&s=Galil[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11167360966@x90[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11228542818@x23[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11284217935@x90[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11315847570@x90[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11472280959@x23[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1245772740@x90[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1281761749@Top1[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1319093222@Top1[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1460963586@x15[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1505241761@x23[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1640659713@x90[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1744842817@x15[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1957083986@x90[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1964477568@Position1[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=19796&s=&y=24291&z=16&s=Galileo[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=19797&s=&y=24289&z=16&s=[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=4054&y=5789&z=14&s=Galileo[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=4055&y=5790&z=14&s=Gal[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=504567&y=755011&z=21&s=[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=504569&y=755011&z=21&s=Galile[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=504569&y=755012&z=21&s=Galileo[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=60&y=91&z=8&s=Galileo[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=60&y=93&z=8&s=G[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=62&y=93&z=8&s=Galileo[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=8004&s=&y=11718&z=15&s=Ga[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=8004&s=&y=11720&z=15&s=Gali[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=8005&s=&y=11719&z=15&s=Galile[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=8005&s=&y=11720&z=15&s=Galileo[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\lyrs=m@159000000&hl=en&src=api&x=8006&s=&y=11718&z=15&s=[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\11275037388@x23[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\11561605063@x23[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1185363397@Top1[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1214185794@x90[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1228200435@x90[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1348773817@Top[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1463823846@Top1[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1469595724@Position1[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1477976723@Top[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1691460836@Top1[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\174087999@x23[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1794418838@Top[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1885710956@Left[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1925305162@Left[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1933232497@Top1[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=19799&s=&y=24291&z=16&s=[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=4055&y=5789&z=14&s=Ga[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=4056&y=5789&z=14&s=Galil[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=4056&y=5790&z=14&s=Galile[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=504568&y=755010&z=21&s=Ga[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=504568&y=755011&z=21&s=Gal[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=61&y=91&z=8&s=Ga[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=61&y=92&z=8&s=Gal[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=62&y=91&z=8&s=Galil[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\lyrs=m@159000000&hl=en&src=api&x=8005&s=&y=11718&z=15&s=Galil[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1080579483@Top1[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11149819669@x90[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1128453811@x23[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11355364539@x90[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\12041300456@x23[1].htm moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1258334641@Position2[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1302173216@Position1[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1357385884@Position2[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1550319140@Top1[1] moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=0&y=0&z=0&s=[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19796&s=&y=24290&z=16&s=Galile[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19797&s=&y=24290&z=16&s=G[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19797&s=&y=24291&z=16&s=Ga[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19798&s=&y=24289&z=16&s=Gal[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19798&s=&y=24290&z=16&s=Gali[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19798&s=&y=24291&z=16&s=Galil[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19799&s=&y=24289&z=16&s=Galile[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=19799&s=&y=24290&z=16&s=Galileo[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=4055&y=5791&z=14&s=Gali[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=4057&y=5789&z=14&s=[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=4057&y=5791&z=14&s=Ga[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=504567&y=755009&z=21&s=Galile[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=504567&y=755010&z=21&s=Galileo[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=504568&y=755009&z=21&s=G[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=504569&y=755010&z=21&s=Galil[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=60&y=92&z=8&s=[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=61&y=93&z=8&s=Gali[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=62&y=92&z=8&s=Galile[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=8004&s=&y=11719&z=15&s=Gal[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=8006&s=&y=11719&z=15&s=G[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\lyrs=m@159000000&hl=en&src=api&x=8006&s=&y=11720&z=15&s=Ga[1].png moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@1008827.r.msn[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@11072-8952.bidvalidation[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@1286953.r.msn[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@134715.r.msn[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@1734847885.pub.ezanga[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@1819045062.pub.ezanga[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@194.11.16[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@247realmedia[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@25757.r.msn[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2668896081.pub.ezanga[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@269614.r.msn[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2733762453.pub.ezanga[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2o7[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@3102329076.pub.ezanga[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@33across[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@37millionminutes[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@3902209715.pub.ezanga[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@4029427265.pub.ezanga[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@635004.r.msn[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@65.60.9[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@66.230.138[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@66.230.138[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.36[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[10].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[11].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[3].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[4].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[5].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[6].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[7].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[8].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@67.201.62[9].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@68.169.92[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@72.233.76[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@884202.r.msn[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@961881.r.msn[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@abmr[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.360yield[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.wsod[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adadvisor[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adap[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbuyer[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adcirrus[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@addresses[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@addthis[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adimpserv[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@admailtiser[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adnxs[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.blogtalkradio[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.gamersmedia[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.lycos[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pointroll[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.pubmatic[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.undertone[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adsrvr[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertising[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adxpose[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@afy11[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@agkn[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@amazon-cornerstone[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@amazon[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@amgdgt[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apex-ad[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@api.dimestore[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@apmebf[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@appssavvy[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@atdmt[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@au.vizisense[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@audienceiq[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@auto-geek[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@autocenterstore[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@autogeek[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@b3.mookie1[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@badgerbasementsystems[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bandtools.nabbr[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bandtools.nabbr[3].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bestflasher[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bidsystem[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizrate[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@blinkxremote51.ourtoolbar[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@blinkx[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@blogtalkradio[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bluekai[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bnmla[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@brand[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@break[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@brilig[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bs.serving-sys[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@btg.mtvnservices[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@btrll[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@burstnet[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@c.ypcdn[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@c3metrics[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@CAJIL4N1.txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cas.ny.us.criteo[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@casalemedia[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@CAYP1TG8.txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn.jemamedia[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@chango[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@choicestream[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@citi.bridgetrack[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@citygridmedia[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@citysearch[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ck.ads.affinity[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@claim.windailygadgets[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicks.thespecialsearch[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@comparestores[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@connectbar[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[3].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@contextweb[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cpvtgt[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@criteo[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@crux.mevio[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@crwdcntrl[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@d.adroll[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@d.gossipcenter[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@d.tradex.openx[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dailyrx[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc.tremormedia[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc1e.3vg58t1[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dc2w.3vg58t1[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@demdex[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@demr.opt.fimserve[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@digitaltrends[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@displaymarketplace[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dogster[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@domdex[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@dpm.demdex[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@drivesober.nhtsa[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@e-referencedesk[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@emusician[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@everesttech[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@exelator[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@eyewonder[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ezanga[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@facebook[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fastclick[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@fetchback[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@filter.popxml[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@findology[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@flashtalking[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@forms.aweber[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@freegametopia[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@glam[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@google[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@google[3].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@grastengenerators[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@gravity[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@greeting-cards[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@gwallet[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hark[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hellominneapolis[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hostingprod[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@hotoff.mevio[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ib.mookie1[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@indieclick[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@info.break[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@insightexpressai[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@intellitxt[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interchangecorporation.122.2o7[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@inuvo[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@jampaper[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@joost[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@koonzie[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ktr.t134[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@legolas-media[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lijit[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@live.37millionminutes[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@liverail[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@local-discount-shopping[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@local[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@looksmart.adveright[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@looksmart[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lucidmedia[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lycos[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@madethecut.112.2o7[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mathtag[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediaplex[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@meebo[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@meviomusicvideos.mevio[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mevio[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@miva.cinomedia[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mm.chitika[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mmismm[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mookie1[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mv.bidsystem[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mybuys[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mydamnchannel[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mygeek[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@nabbr[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@natpal[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@nearstop[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@netseer[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@network.dsidemarketing[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@newpharmameds[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@nexac[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@noisey[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@onlinesports[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@onlinesports[3].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@openx[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@opt.fimserve[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@optimize.indieclick[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@outbrain[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@overture[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ox-d.patientconversation[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p-td[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pictela[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pixel.rubiconproject[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pool.bitp[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pro-market[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pubmatic[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pulsemgr[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@quantserve[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@quikdig[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@qydjuk[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@r.msn[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@r1-ads.ace.advertising[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@raasnet[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@rateit[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmilitarygames[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@relestar[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@results.thinkavenue[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@retrevo[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@rfihub[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@rs.gwallet[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@rubiconproject[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@safecart[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@scanscout[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@scorecardresearch[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.amazead[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.chillcow[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.clickbowl[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.clicksare[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.fastsearchers[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.lookcow[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.lovesthings[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.searchgaggle[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search.seekslocal[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@searchmagnified[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@searchsitesonline[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@search[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@seatcoversunlimited[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@seg.sharethis[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sensic[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serve.inadcoads[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@service.optify[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@servicemaster-durand-mondovi[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@serving-sys[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sharethis[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@shearcomfort[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@shockwave[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@shopzilla[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@showadsak.pubmatic[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@simpli[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@skimresources[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@sklz[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@smartmomdeals[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@smartmompicks[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@spotxchange[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@store.yahoo[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@stumbleupon[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@suitesmart[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@synd.shopflick[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@t3.rec0rder[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tag.admeld[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tap.rubiconproject[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@telemetryverification[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@teracent[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@test.coremetrics[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@theclickcheck[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@thefutoncritic[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@thenewsagregator[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@thespecialsearch[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@thinkavenue[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tidaltv[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficking.nabbr[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trafficmp[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@traffikcntr[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@translate.googleapis[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@triggit[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@trusearch[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tumblr[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tunber[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@turn[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tweetmeme[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@twitter[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tynt[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@undertone[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@veruta[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@viacom.adbureau[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@vidasco.rotator.hadj7.adjuggler[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@vizu[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@voicefive[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@w55c[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@w99.onlinesports[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@weplay.sklz[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@weplay[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@west.05tz2e9[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@wetokole[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@wtp101[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.adfusion[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.amazon[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.autogeek[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.bargainmatch[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.blinkx[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.blogtalkradio[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.break[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.break[3].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.break[4].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstnet[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.digitalpicturesinfo[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.digitaltrends[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.dogster[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.expandsearchanswers[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.find-fast-answers[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.goalbuilder[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.hark[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.inadcoads[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.livingfrugal[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.noisey[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.paypal[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.pebble[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.search[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.seatcoversunlimited[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.servicecafe[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.servicemountain[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.shockwave[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.shopzilla[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.thenewsagregator[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.theretaillinks[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.tracklead[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.tumblr[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.wagbrag[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.webparent[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.wetokole[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.wiseshop[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.yellowpages[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www2.chameleonsearch[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xgraph[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.happytofind[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.provenpixel[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xmladfeed[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yahoo[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yahoo[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yellowpages.lycos[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yellowpages[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yieldmanager[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@youtube[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yttrk[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@yumenetworks[2].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@zedo[1].txt moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ziffdavis.demdex[1].txt moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
ADS C:\Users\Video4\AppData\Local\fohcmFnnoY:ftdAc7wIjgwFRJ9xl7 deleted successfully.
Prefs.js: wsjsziuerg@wsjsziuerg.org:1.0 removed from extensions.enabledAddons
C:\Users\Video4\AppData\Roaming\Mozilla\Firefox\Profiles\1pro6qcf.default\extensions\wsjsziuerg@wsjsziuerg.org.xpi moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\shares\downloads\Anti-Virus Programs\cmd.bat deleted successfully.
C:\shares\downloads\Anti-Virus Programs\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Video4
->Java cache emptied: 19339122 bytes

Total Java Files Cleaned = 18.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 2870 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Video4
->Flash cache emptied: 225828 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.64.0 log created on 09202012_172555

#13 jimmyz12

jimmyz12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 21 September 2012 - 11:59 PM

Gringo ..... haven't noticed any more redirects .... do you think my system is clean? If so, THANKS FOR YOUR HELP! Let me know if you want me to run any more programs or logs!

Jim

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 PM

Posted 23 September 2012 - 07:11 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jimmyz12

jimmyz12
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:24 PM

Posted 23 September 2012 - 11:17 PM

Gringo, I ran Combofix as instructed. The computer did not require a reboot. So far, everything still seems to be working fine. The log is pasted below:

ComboFix 12-09-23.03 - Video4 09/23/2012 22:33:02.3.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3935.2000 [GMT -5:00]
Running from: c:\shares\downloads\Anti-Virus Programs\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))
.
.
2012-09-24 03:45 . 2012-09-24 03:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-20 22:25 . 2012-09-20 22:25 -------- d-----w- C:\_OTL
2012-09-19 04:05 . 2012-09-19 04:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-19 03:12 . 2012-09-19 03:12 -------- d-----w- c:\users\Video4\AppData\Roaming\Malwarebytes
2012-09-19 03:12 . 2012-09-19 03:12 -------- d-----w- c:\programdata\Malwarebytes
2012-09-19 03:12 . 2012-09-19 03:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-19 03:12 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-01 21:34 . 2012-09-10 14:51 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 20:51 . 2012-04-22 15:26 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-20 20:51 . 2011-07-10 15:21 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 39408]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-08-27 79872]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-12-09 606208]
"QuickFinder Scheduler"="c:\program files (x86)\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2003-12-10 77887]
"Corel Corporation Registration"="c:\program files (x86)\Corel\WordPerfect Office 2002\Register\NAVBrowser.exe" [2001-03-29 212992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Auto Detect.lnk - c:\program files (x86)\iConcepts Music Express\MEAutoDetect.exe [2011-12-24 374104]
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2012-3-20 292240]
Network Utility.lnk - c:\program files (x86)\PIXELA\Network Utility\NetworkUtility.exe [2012-7-28 2112376]
VideoBrowser Camera Monitor.lnk - c:\program files (x86)\PIXELA\VideoBrowser\CameraMonitor.exe [2012-7-28 425336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 56564350
*NewlyCreated* - 59339064
*NewlyCreated* - 87290919
*NewlyCreated* - ASWMBR
*NewlyCreated* - FIXTDSS
*Deregistered* - 56564350
*Deregistered* - 59339064
*Deregistered* - 87290919
*Deregistered* - aswMBR
*Deregistered* - FixTDSS
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 20:51]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 06:09]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 06:09]
.
2012-09-19 c:\windows\Tasks\NetworkUtility??.job
- c:\program files (x86)\PIXELA\Network Utility\NWLaunch.bat [2012-07-28 21:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\Video4\AppData\Roaming\Mozilla\Firefox\Profiles\1pro6qcf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-23 23:03:28
ComboFix-quarantined-files.txt 2012-09-24 04:03
ComboFix2.txt 2012-09-20 07:49
ComboFix3.txt 2012-09-19 05:11
.
Pre-Run: 110,398,509,056 bytes free
Post-Run: 110,343,303,168 bytes free
.
- - End Of File - - 9A142A15BC0629CED724290908AC7AD5




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users