Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having problems getting rid of malware!


  • Please log in to reply
9 replies to this topic

#1 Groffeaston

Groffeaston

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:06:04 AM

Posted 03 August 2013 - 12:04 AM

Hello everyone,

 

The other day the one program that I "Had" on my computer needed to update. Of course there are those "bundled" free programs that come with it. I carefully read what to do, to make sure I do not install them. The one program said: "If you do not want to install this program do not check the box."  So I did not check the box. I clicked continue. Well the next screen said my downloads will install shortly. Then a new screen showed up saying to check the box of the program I do not want to instll if I changed my mind. The program that I did not select was there. So I checked the box to NOT install it. The download begain. After the download ended and then I installed the update. Then I opened one of the web browsers that I use. That is when I noticed that the program I did not want to install, installed!  That program changed all of my defaults for searches, wanted to change my home page; which I denied that permision, and added some other things.

 

My web browsers and computer have been freezing up on me, for some time. I do not know if it is too much "Junk" on my computer, Java scripts keep crashing in all of my browsers, and here is the kicker, nothing showed up in any of my security scans, until after that program that needed an update, mentioned above was updated!

 

The prgoram that downloaded and I did not want it to, SweetPacks Toolbar.  

 

I followed all of the uninstall instructions, but non of them worked. So I them did a Malwarebytes Anti-Malware Full scan. it picked up all of the SweetPacks files, I quarentined and delted them. Rebooted and I did another "Quick" scan nothing showed up. Figured it was sloved.

 

Then A different program needed to be updated. I made sure I did not check to download any programs that were bundled with it. Donloaded and installed the update. Darn it!! SweetPacks was back Again!! I ran another FullScan with MalwareBytes Anti-Malware. This time it picked up almost 30 to 50 items!! I quarentined and deleted them! Rebooted and did another quick scan. Picked up 2 items!

 

I looked under "Programs and Features" It was there again! I tried to "Uninstall" it but got an error message that the path was unavailable.

 

I uninstalled the program the downloaded SweetPacks the first time and also uninstalled the program that downloaded SweetPacks on this second occaision.

 

My questions are:

 

1) How can I get rid of this darned program?!

 

2) Could there be other unwanted programs that are causing my web browsers and computer to freeze up all the time?  or could it be due to junk files or Bad Registry Files?

 

3) How can I prevent this program from returning?



BC AdBot (Login to Remove)

 


#2 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 03 August 2013 - 02:05 AM

:welcome:

 

Let's have a look...

 

Note: Post also MBAM (MalwareBytes Anti-Malwarelog.

 

:step1:  Running TDSSKiller to obtain log

 

Note: Don't cure or delete a threat, but choose skip for all instead.

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • In the Additional options: Check Detect TDLFS file system
  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • Choose for all threats to Skip for all of them.
  • Click Continue
  • Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================

:step2: Download SUPERAntiSpyware Free (aka SAS)

  •  Double-click SAS -setup.exe and follow the prompts to install the program.
  • At the end, be sure to Check for Updates to be sure it is current
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log back here.
  • Be sure to reboot the computer after you post the log.

 

:step3:   ESET Online Scanner

==================

Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.

 

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and » UNCHECK "Remove found threats" <== Important
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.

===================================================


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#3 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:06:04 AM

Posted 08 August 2013 - 01:30 AM

Sorry to take so long responding, For some reason I am not receiving any updates or notifications of replies to any posts to topics!   I have done some "house Cleaning" of old files and stuff that has been on my computer for a while that I do not use.

 

So far I have not had any hints of the "SweetPacks", but did find a one SweetPacks file that was supposed to have been removed or deleted.  I will include the MBAM logs that First triggered this report. I will also do another scan with MBAM because the others are a week or 2.  I think I had selected to delete the quaratined items. Also I will then follow the instruction above.



#4 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:06:04 AM

Posted 11 August 2013 - 11:39 AM

Here is the First MBAM Log that found the problem:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.27.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Matthew :: MATTHEW-PC [administrator]

7/26/2013 9:37:47 PM
mbam-log-2013-07-26 (21-37-47).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 493172
Time elapsed: 3 hour(s), 27 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\SWEETIE.IEToolbar.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\SWEETIE.IEToolbar (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Toolbar3.SWEETIE.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Toolbar3.SWEETIE (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Updater By SweetPacks (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.

(end)

 

Here is the Second MBAM log from when I thought I had gotten rid of it:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.02.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Matthew :: MATTHEW-PC [administrator]

8/1/2013 10:58:30 PM
MBAM-log-2013-08-01 (23-20-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 282384
Time elapsed: 19 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> No action taken.
HKCR\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} (PUP.Optional.SweetPacks.A) -> No action taken.
HKCR\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} (PUP.Optional.SweetPacks.A) -> No action taken.
HKCR\Extension.ExtensionHelperObject.1 (PUP.Optional.SweetPacks.A) -> No action taken.
HKCR\Extension.ExtensionHelperObject (PUP.Optional.SweetPacks.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1 (PUP.Optional.SweetPacks.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 16
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.
C:\Program Files\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\libraries (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\resources (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale\en-US (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\skin (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\defaults (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\defaults\preferences (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\libraries (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\resources (PUP.Optional.SweetPacks.A) -> No action taken.

Files Detected: 23
C:\Program Files\Updater By SweetPacks\Extension32.dll (PUP.Optional.SweetPacks.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\Matthew\AppData\Local\temp\is1852162411\DeltaTB.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\Matthew\Downloads\423493_intl_i386_zip.exe (Trojan.Banker) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\InstallerHelper.dll (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\unins000.dat (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\unins000.exe (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome.manifest (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\install.rdf (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.js (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.js.bak (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\main.xul (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\libraries\DataExchangeScript.js (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\resources\localscript.js (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale\en-US\overlay.dtd (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\skin\overlay.css (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\Firefox\defaults\preferences\defaults.js (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\libraries\DataExchangeScript.js (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Program Files\Updater By SweetPacks\resources\localscript.js (PUP.Optional.SweetPacks.A) -> No action taken.

(end)

 

Here is the MBAM log from today:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.11.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Matthew :: MATTHEW-PC [administrator]

8/11/2013 11:21:08 AM
mbam-log-2013-08-11 (11-21-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 277918
Time elapsed: 19 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

Here is the SUPERAntiSpyware Log from Today:

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/11/2013 at 12:02 PM

Application Version : 5.6.1020

Core Rules Database Version : 10681
Trace Rules Database Version: 8493

Scan type       : Quick Scan
Total Scan Time : 00:07:33

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 654
Memory threats detected   : 0
Registry items scanned    : 32194
Registry threats detected : 0
File items scanned        : 7954
File threats detected     : 204

Adware.Tracking Cookie
    C:\USERS\MATTHEW\AppData\Roaming\Microsoft\Windows\Cookies\Low\PBX2XF95.txt [ Cookie:[email protected]/ ]
    C:\USERS\MATTHEW\AppData\Roaming\Microsoft\Windows\Cookies\Low\GXZ9BKKS.txt [ Cookie:[email protected]/ ]
    C:\USERS\MATTHEW\AppData\Roaming\Microsoft\Windows\Cookies\Low\BK0JV68W.txt [ Cookie:[email protected]/ ]
    C:\USERS\MATTHEW\AppData\Roaming\Microsoft\Windows\Cookies\Low\OUI94DNX.txt [ Cookie:[email protected]/ ]
    .atwola.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bs.serving-sys.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtechus.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atwola.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    helpdesk.adultsupportsystems.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.ibtracking.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ad.mlnadvertising.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    track.adform.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adinterax.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    us.mispot.goldspotmedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    web02.goldspotmedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ar.atwola.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    helpdesk.adultsupportsystems.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ptbmediabuys.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .network.realmedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .network.realmedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .network.realmedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .network.realmedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .network.realmedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clickbooth.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tribalfusion.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .yieldmanager.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .specificclick.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .nextag.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .nextag.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ox.icanfindthis.me [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    network.realmedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .sparknetworks.112.2o7.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atwola.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .insightexpressai.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .h.atdmt.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c.atdmt.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lucidmedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .educationcom.112.2o7.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .findthebest.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .salespidermedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .findthebest.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .salespidermedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .public-schools.findthebest.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .findthebest.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .findthebest.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .findthebest.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .intermundomedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .intermundomedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .questionmarket.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .a1.interclick.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adinterax.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ar.atwola.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ar.atwola.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    media.match.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    bs.serving-sys.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atwola.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atwola.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    cdn.at.atwola.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\MATTHEW\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 

TDSSKiller apparently did not create a log, because I could not find one. The scan I did, did not find anything. I will do another one and post that log. after I reboo from deleing the cookies that SUPERAntiSpyware Free found.



#5 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:06:04 AM

Posted 11 August 2013 - 12:10 PM

Here is the TDSSKiller Log:

 

13:04:15.0296 1644  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:04:15.0733 1644  ============================================================
13:04:15.0733 1644  Current date / time: 2013/08/11 13:04:15.0733
13:04:15.0733 1644  SystemInfo:
13:04:15.0733 1644  
13:04:15.0733 1644  OS Version: 6.0.6002 ServicePack: 2.0
13:04:15.0733 1644  Product type: Workstation
13:04:15.0733 1644  ComputerName: MATTHEW-PC
13:04:15.0733 1644  UserName: Matthew
13:04:15.0733 1644  Windows directory: C:\Windows
13:04:15.0733 1644  System windows directory: C:\Windows
13:04:15.0733 1644  Processor architecture: Intel x86
13:04:15.0733 1644  Number of processors: 2
13:04:15.0733 1644  Page size: 0x1000
13:04:15.0733 1644  Boot type: Normal boot
13:04:15.0733 1644  ============================================================
13:04:17.0699 1644  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:04:17.0714 1644  ============================================================
13:04:17.0714 1644  \Device\Harddisk0\DR0:
13:04:17.0714 1644  MBR partitions:
13:04:17.0714 1644  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
13:04:17.0714 1644  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x115E9800
13:04:17.0714 1644  ============================================================
13:04:17.0761 1644  C: <-> \Device\Harddisk0\DR0\Partition2
13:04:17.0792 1644  D: <-> \Device\Harddisk0\DR0\Partition1
13:04:17.0792 1644  ============================================================
13:04:17.0792 1644  Initialize success
13:04:17.0792 1644  ============================================================
13:04:33.0970 4184  ============================================================
13:04:33.0970 4184  Scan started
13:04:33.0970 4184  Mode: Manual; TDLFS;
13:04:33.0970 4184  ============================================================
13:04:34.0750 4184  ================ Scan system memory ========================
13:04:34.0750 4184  System memory - ok
13:04:34.0750 4184  ================ Scan services =============================
13:04:35.0030 4184  [ 9EBE730D4B5E3FF25EAAF5A59BA6CCFF ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
13:04:35.0030 4184  !SASCORE - ok
13:04:35.0764 4184  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
13:04:35.0826 4184  ACPI - ok
13:04:36.0060 4184  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:04:36.0060 4184  AdobeARMservice - ok
13:04:36.0263 4184  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:04:36.0356 4184  AdobeFlashPlayerUpdateSvc - ok
13:04:36.0403 4184  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:04:36.0419 4184  adp94xx - ok
13:04:36.0434 4184  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:04:36.0450 4184  adpahci - ok
13:04:36.0466 4184  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
13:04:36.0481 4184  adpu160m - ok
13:04:36.0528 4184  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:04:36.0590 4184  adpu320 - ok
13:04:36.0622 4184  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:04:36.0622 4184  AeLookupSvc - ok
13:04:36.0809 4184  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
13:04:36.0871 4184  AFD - ok
13:04:36.0902 4184  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:04:36.0918 4184  agp440 - ok
13:04:36.0934 4184  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:04:36.0980 4184  aic78xx - ok
13:04:37.0027 4184  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
13:04:37.0027 4184  ALG - ok
13:04:37.0105 4184  [ 3A99CB23A2D326FD532618705D6E3048 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:04:37.0105 4184  aliide - ok
13:04:37.0136 4184  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:04:37.0136 4184  amdagp - ok
13:04:37.0152 4184  [ 4333C133DBD71C7D7FE4FB1B83F9EE3E ] amdide          C:\Windows\system32\drivers\amdide.sys
13:04:37.0168 4184  amdide - ok
13:04:37.0183 4184  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
13:04:37.0199 4184  AmdK7 - ok
13:04:37.0230 4184  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:04:37.0230 4184  AmdK8 - ok
13:04:37.0324 4184  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
13:04:37.0339 4184  Appinfo - ok
13:04:37.0729 4184  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:04:37.0729 4184  Apple Mobile Device - ok
13:04:37.0807 4184  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
13:04:37.0807 4184  arc - ok
13:04:37.0854 4184  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:04:37.0885 4184  arcsas - ok
13:04:37.0979 4184  [ B979979AB8027F7F53FB16EC4229B7DB ] Aspi32          C:\Windows\system32\drivers\Aspi32.sys
13:04:37.0994 4184  Aspi32 - ok
13:04:38.0572 4184  [ 2FE0D5DB69014980A970D3BF9A85D2B1 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:04:38.0587 4184  aspnet_state - ok
13:04:38.0634 4184  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:04:38.0650 4184  AsyncMac - ok
13:04:38.0665 4184  [ A779CA2C76DA4FCB595E692C05E8E4EB ] atapi           C:\Windows\system32\drivers\atapi.sys
13:04:38.0681 4184  atapi - ok
13:04:38.0790 4184  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:04:38.0790 4184  AudioEndpointBuilder - ok
13:04:38.0821 4184  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:04:38.0821 4184  Audiosrv - ok
13:04:38.0930 4184  [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
13:04:38.0962 4184  bcm4sbxp - ok
13:04:39.0008 4184  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:04:39.0008 4184  Beep - ok
13:04:39.0180 4184  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
13:04:39.0180 4184  BFE - ok
13:04:39.0445 4184  [ 4AF6B0CCD9974A69DF2C91301370B381 ] BingDesktopUpdate C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
13:04:39.0445 4184  BingDesktopUpdate - ok
13:04:39.0523 4184  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
13:04:39.0523 4184  BITS - ok
13:04:39.0539 4184  blbdrive - ok
13:04:39.0664 4184  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:04:39.0664 4184  Bonjour Service - ok
13:04:39.0695 4184  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:04:39.0695 4184  bowser - ok
13:04:39.0726 4184  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
13:04:39.0742 4184  BrFiltLo - ok
13:04:39.0757 4184  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
13:04:39.0757 4184  BrFiltUp - ok
13:04:39.0788 4184  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
13:04:39.0788 4184  Browser - ok
13:04:39.0820 4184  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
13:04:39.0820 4184  Brserid - ok
13:04:39.0851 4184  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
13:04:39.0851 4184  BrSerWdm - ok
13:04:39.0882 4184  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
13:04:39.0882 4184  BrUsbMdm - ok
13:04:39.0913 4184  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
13:04:39.0929 4184  BrUsbSer - ok
13:04:39.0944 4184  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:04:39.0944 4184  BTHMODEM - ok
13:04:39.0976 4184  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:04:39.0991 4184  cdfs - ok
13:04:40.0007 4184  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:04:40.0007 4184  cdrom - ok
13:04:40.0069 4184  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:04:40.0069 4184  CertPropSvc - ok
13:04:40.0100 4184  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:04:40.0100 4184  circlass - ok
13:04:40.0147 4184  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
13:04:40.0163 4184  CLFS - ok
13:04:40.0225 4184  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:04:40.0225 4184  clr_optimization_v2.0.50727_32 - ok
13:04:40.0272 4184  [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:04:40.0272 4184  clr_optimization_v4.0.30319_32 - ok
13:04:40.0303 4184  [ DFB94A6FC3A26972B0461AB5F1D8272B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:04:40.0303 4184  cmdide - ok
13:04:40.0334 4184  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:04:40.0334 4184  Compbatt - ok
13:04:40.0334 4184  COMSysApp - ok
13:04:40.0366 4184  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:04:40.0444 4184  crcdisk - ok
13:04:40.0506 4184  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
13:04:40.0506 4184  Crusoe - ok
13:04:40.0553 4184  [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:04:40.0553 4184  CryptSvc - ok
13:04:40.0600 4184  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:04:40.0615 4184  DcomLaunch - ok
13:04:40.0678 4184  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:04:40.0678 4184  DfsC - ok
13:04:40.0709 4184  DFSR - ok
13:04:40.0787 4184  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
13:04:40.0802 4184  Dhcp - ok
13:04:40.0849 4184  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
13:04:40.0849 4184  disk - ok
13:04:40.0865 4184  dlcx_device - ok
13:04:40.0912 4184  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:04:40.0912 4184  Dnscache - ok
13:04:40.0958 4184  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:04:40.0975 4184  dot3svc - ok
13:04:41.0022 4184  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
13:04:41.0022 4184  DPS - ok
13:04:41.0084 4184  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:04:41.0084 4184  drmkaud - ok
13:04:41.0147 4184  [ 01D5B95D0A12A916BBDC258629113258 ] DSBrokerService C:\Program Files\DellSupport\brkrsvc.exe
13:04:41.0287 4184  DSBrokerService - ok
13:04:41.0349 4184  [ 413F2D5F9D802688242C23B38F767ECB ] DSproct         C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
13:04:41.0349 4184  DSproct - ok
13:04:41.0381 4184  [ 64FA28C15DD71A80BEF3527E1EF07DF6 ] dsunidrv        C:\Program Files\DellSupport\Drivers\dsunidrv.sys
13:04:41.0412 4184  dsunidrv - ok
13:04:41.0474 4184  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:04:41.0490 4184  DXGKrnl - ok
13:04:41.0568 4184  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
13:04:41.0583 4184  E1G60 - ok
13:04:41.0677 4184  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
13:04:41.0708 4184  EapHost - ok
13:04:41.0755 4184  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
13:04:41.0817 4184  Ecache - ok
13:04:41.0864 4184  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:04:42.0021 4184  ehRecvr - ok
13:04:42.0052 4184  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
13:04:42.0146 4184  ehSched - ok
13:04:42.0177 4184  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
13:04:42.0177 4184  ehstart - ok
13:04:42.0224 4184  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:04:42.0255 4184  elxstor - ok
13:04:42.0380 4184  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
13:04:42.0396 4184  EMDMgmt - ok
13:04:42.0442 4184  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
13:04:42.0458 4184  EventSystem - ok
13:04:42.0474 4184  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
13:04:42.0505 4184  exfat - ok
13:04:42.0583 4184  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:04:42.0630 4184  fastfat - ok
13:04:42.0661 4184  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:04:42.0708 4184  fdc - ok
13:04:42.0739 4184  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:04:42.0801 4184  fdPHost - ok
13:04:42.0817 4184  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:04:42.0848 4184  FDResPub - ok
13:04:42.0864 4184  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:04:42.0910 4184  FileInfo - ok
13:04:42.0926 4184  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:04:42.0942 4184  Filetrace - ok
13:04:42.0957 4184  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:04:43.0020 4184  flpydisk - ok
13:04:43.0051 4184  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:04:43.0113 4184  FltMgr - ok
13:04:43.0191 4184  [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache       C:\Windows\system32\FntCache.dll
13:04:43.0207 4184  FontCache - ok
13:04:43.0269 4184  [ B0082808A6856A252F7CDD939892CE50 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
13:04:43.0285 4184  fssfltr - ok
13:04:43.0519 4184  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
13:04:43.0612 4184  fsssvc - ok
13:04:43.0644 4184  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:04:43.0644 4184  Fs_Rec - ok
13:04:43.0675 4184  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:04:43.0675 4184  gagp30kx - ok
13:04:43.0722 4184  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:04:43.0722 4184  GEARAspiWDM - ok
13:04:43.0800 4184  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
13:04:43.0800 4184  GoogleDesktopManager-051210-111108 - ok
13:04:43.0971 4184  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:04:43.0971 4184  gpsvc - ok
13:04:44.0034 4184  [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca09b9dcb9a930 C:\Program Files\Google\Update\GoogleUpdate.exe
13:04:44.0034 4184  gupdate1ca09b9dcb9a930 - ok
13:04:44.0080 4184  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:04:44.0080 4184  gupdatem - ok
13:04:44.0158 4184  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:04:44.0268 4184  HdAudAddService - ok
13:04:44.0408 4184  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:04:44.0470 4184  HDAudBus - ok
13:04:44.0517 4184  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:04:44.0533 4184  HidBth - ok
13:04:44.0564 4184  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:04:44.0564 4184  HidIr - ok
13:04:44.0595 4184  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
13:04:44.0611 4184  hidserv - ok
13:04:44.0642 4184  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:04:44.0642 4184  HidUsb - ok
13:04:44.0704 4184  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:04:44.0704 4184  hkmsvc - ok
13:04:44.0736 4184  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
13:04:44.0736 4184  HpCISSs - ok
13:04:44.0985 4184  [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:04:45.0391 4184  HSF_DPV - ok
13:04:45.0422 4184  [ ED98350ECD4A5A9C9F1E641C09872BB2 ] HSXHWBS2        C:\Windows\system32\DRIVERS\HSXHWBS2.sys
13:04:45.0438 4184  HSXHWBS2 - ok
13:04:45.0718 4184  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:04:45.0890 4184  HTTP - ok
13:04:45.0937 4184  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
13:04:45.0952 4184  i2omp - ok
13:04:46.0046 4184  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:04:46.0077 4184  i8042prt - ok
13:04:46.0108 4184  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
13:04:46.0140 4184  iaStorV - ok
13:04:46.0218 4184  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:04:46.0218 4184  IDriverT - ok
13:04:46.0249 4184  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:04:46.0264 4184  iirsp - ok
13:04:46.0311 4184  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:04:46.0311 4184  IKEEXT - ok
13:04:46.0358 4184  [ 1C60617D54BC9F035671A44B75D9F7CC ] intelide        C:\Windows\system32\drivers\intelide.sys
13:04:46.0358 4184  intelide - ok
13:04:46.0389 4184  [ CE44CC04262F28216DD4341E9E36A16F ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:04:46.0389 4184  intelppm - ok
13:04:46.0452 4184  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:04:46.0467 4184  IPBusEnum - ok
13:04:46.0498 4184  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:04:46.0514 4184  IpFilterDriver - ok
13:04:46.0545 4184  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:04:46.0561 4184  iphlpsvc - ok
13:04:46.0561 4184  IpInIp - ok
13:04:46.0592 4184  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
13:04:46.0623 4184  IPMIDRV - ok
13:04:46.0639 4184  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
13:04:46.0639 4184  IPNAT - ok
13:04:46.0748 4184  [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:04:46.0764 4184  iPod Service - ok
13:04:46.0795 4184  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:04:46.0795 4184  IRENUM - ok
13:04:46.0826 4184  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:04:46.0842 4184  isapnp - ok
13:04:46.0920 4184  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
13:04:46.0920 4184  iScsiPrt - ok
13:04:46.0951 4184  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
13:04:46.0951 4184  iteatapi - ok
13:04:46.0982 4184  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
13:04:46.0982 4184  iteraid - ok
13:04:47.0044 4184  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:04:47.0060 4184  kbdclass - ok
13:04:47.0091 4184  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:04:47.0107 4184  kbdhid - ok
13:04:47.0185 4184  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
13:04:47.0185 4184  KeyIso - ok
13:04:47.0294 4184  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:04:47.0450 4184  KSecDD - ok
13:04:47.0528 4184  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:04:47.0544 4184  KtmRm - ok
13:04:47.0590 4184  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
13:04:47.0606 4184  LanmanServer - ok
13:04:47.0731 4184  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:04:47.0746 4184  LanmanWorkstation - ok
13:04:47.0809 4184  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:04:47.0824 4184  lltdio - ok
13:04:47.0996 4184  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:04:48.0012 4184  lltdsvc - ok
13:04:48.0043 4184  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:04:48.0043 4184  lmhosts - ok
13:04:48.0090 4184  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:04:48.0090 4184  LSI_FC - ok
13:04:48.0105 4184  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:04:48.0105 4184  LSI_SAS - ok
13:04:48.0136 4184  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:04:48.0136 4184  LSI_SCSI - ok
13:04:48.0168 4184  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
13:04:48.0168 4184  luafv - ok
13:04:48.0183 4184  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:04:48.0183 4184  Mcx2Svc - ok
13:04:48.0214 4184  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:04:48.0214 4184  mdmxsdk - ok
13:04:48.0246 4184  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
13:04:48.0261 4184  megasas - ok
13:04:48.0292 4184  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
13:04:48.0292 4184  MMCSS - ok
13:04:48.0308 4184  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
13:04:48.0308 4184  Modem - ok
13:04:48.0355 4184  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:04:48.0355 4184  monitor - ok
13:04:48.0370 4184  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:04:48.0386 4184  mouclass - ok
13:04:48.0402 4184  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:04:48.0402 4184  mouhid - ok
13:04:48.0433 4184  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
13:04:48.0433 4184  MountMgr - ok
13:04:48.0542 4184  [ E6DB6C61739E18906DC2C4191F6EDEA2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:04:48.0542 4184  MozillaMaintenance - ok
13:04:48.0573 4184  [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
13:04:48.0573 4184  MpFilter - ok
13:04:48.0620 4184  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:04:48.0636 4184  mpio - ok
13:04:48.0979 4184  [ A69630D039C38018689190234F866D77 ] MpKsl520f8e82   c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5AE5590B-F815-4F5E-9390-2665271B5961}\MpKsl520f8e82.sys
13:04:48.0979 4184  MpKsl520f8e82 - ok
13:04:49.0026 4184  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:04:49.0041 4184  mpsdrv - ok
13:04:49.0166 4184  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:04:49.0197 4184  MpsSvc - ok
13:04:49.0260 4184  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
13:04:49.0275 4184  Mraid35x - ok
13:04:49.0306 4184  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:04:49.0306 4184  MRxDAV - ok
13:04:49.0353 4184  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:04:49.0384 4184  mrxsmb - ok
13:04:49.0478 4184  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:04:49.0540 4184  mrxsmb10 - ok
13:04:49.0572 4184  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:04:49.0587 4184  mrxsmb20 - ok
13:04:49.0618 4184  [ F0EC3A4E0693A34B148723B4DA31668C ] msahci          C:\Windows\system32\drivers\msahci.sys
13:04:49.0618 4184  msahci - ok
13:04:49.0696 4184  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:04:49.0712 4184  msdsm - ok
13:04:49.0774 4184  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
13:04:49.0790 4184  MSDTC - ok
13:04:49.0837 4184  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:04:49.0837 4184  Msfs - ok
13:04:49.0884 4184  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:04:49.0899 4184  msisadrv - ok
13:04:49.0946 4184  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:04:49.0962 4184  MSiSCSI - ok
13:04:49.0962 4184  msiserver - ok
13:04:50.0008 4184  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:04:50.0040 4184  MSKSSRV - ok
13:04:50.0164 4184  [ 3EA6A1A744D79328AE7E2C6FAE4C4420 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:04:50.0164 4184  MsMpSvc - ok
13:04:50.0196 4184  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:04:50.0211 4184  MSPCLOCK - ok
13:04:50.0242 4184  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:04:50.0258 4184  MSPQM - ok
13:04:50.0289 4184  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:04:50.0320 4184  MsRPC - ok
13:04:50.0383 4184  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:04:50.0383 4184  mssmbios - ok
13:04:50.0445 4184  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:04:50.0461 4184  MSTEE - ok
13:04:50.0492 4184  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
13:04:50.0492 4184  Mup - ok
13:04:50.0742 4184  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
13:04:50.0757 4184  napagent - ok
13:04:50.0835 4184  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:04:50.0851 4184  NativeWifiP - ok
13:04:51.0007 4184  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:04:51.0194 4184  NDIS - ok
13:04:51.0241 4184  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:04:51.0272 4184  NdisTapi - ok
13:04:51.0319 4184  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:04:51.0350 4184  Ndisuio - ok
13:04:51.0366 4184  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:04:51.0381 4184  NdisWan - ok
13:04:51.0412 4184  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:04:51.0428 4184  NDProxy - ok
13:04:51.0459 4184  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:04:51.0459 4184  NetBIOS - ok
13:04:51.0537 4184  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
13:04:51.0584 4184  netbt - ok
13:04:51.0615 4184  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
13:04:51.0615 4184  Netlogon - ok
13:04:51.0693 4184  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
13:04:51.0771 4184  Netman - ok
13:04:51.0802 4184  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:04:51.0834 4184  NetMsmqActivator - ok
13:04:51.0834 4184  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:04:51.0849 4184  NetPipeActivator - ok
13:04:51.0912 4184  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
13:04:51.0927 4184  netprofm - ok
13:04:51.0927 4184  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:04:51.0927 4184  NetTcpActivator - ok
13:04:51.0943 4184  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:04:51.0943 4184  NetTcpPortSharing - ok
13:04:52.0036 4184  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:04:52.0052 4184  nfrd960 - ok
13:04:52.0083 4184  [ C58DB40E4C95BE8EE727BE872BE6383F ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:04:52.0083 4184  NisDrv - ok
13:04:52.0114 4184  [ C5BC0144F8FF164425B197CB78620B5F ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
13:04:52.0114 4184  NisSrv - ok
13:04:52.0192 4184  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:04:52.0286 4184  NlaSvc - ok
13:04:52.0333 4184  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:04:52.0348 4184  Npfs - ok
13:04:52.0380 4184  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
13:04:52.0395 4184  nsi - ok
13:04:52.0426 4184  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:04:52.0442 4184  nsiproxy - ok
13:04:52.0598 4184  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:04:52.0848 4184  Ntfs - ok
13:04:52.0926 4184  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
13:04:52.0941 4184  ntrigdigi - ok
13:04:52.0957 4184  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
13:04:52.0972 4184  Null - ok
13:04:55.0328 4184  [ 9A77B1C13BCCEDDF78DFD7AFC25B4F5E ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:04:58.0791 4184  nvlddmkm - ok
13:04:58.0869 4184  [ 6F785DB62A6D8F3FAFD3E5695277E849 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:04:58.0885 4184  nvraid - ok
13:04:58.0932 4184  [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:04:58.0947 4184  nvstor - ok
13:04:58.0994 4184  [ DC5F166422BEEBF195E3E4BB8AB4EE22 ] nvstor32        C:\Windows\system32\drivers\nvstor32.sys
13:04:58.0994 4184  nvstor32 - ok
13:04:59.0212 4184  [ 31B8835B003CAA6D31BEAD83DDBF98E5 ] nvsvc           C:\Windows\system32\nvvsvc.exe
13:04:59.0228 4184  nvsvc - ok
13:04:59.0883 4184  [ 056EF5C4AF4BD002AEAE417412C8EB71 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:04:59.0899 4184  nvUpdatusService - ok
13:04:59.0946 4184  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:04:59.0946 4184  nv_agp - ok
13:04:59.0946 4184  NwlnkFlt - ok
13:04:59.0961 4184  NwlnkFwd - ok
13:05:00.0304 4184  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:05:00.0304 4184  odserv - ok
13:05:00.0382 4184  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:05:00.0382 4184  ohci1394 - ok
13:05:00.0460 4184  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:05:00.0476 4184  ose - ok
13:05:00.0632 4184  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
13:05:00.0694 4184  p2pimsvc - ok
13:05:00.0726 4184  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:05:00.0741 4184  p2psvc - ok
13:05:00.0772 4184  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
13:05:00.0788 4184  Parport - ok
13:05:00.0819 4184  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:05:00.0819 4184  partmgr - ok
13:05:00.0850 4184  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
13:05:00.0866 4184  Parvdm - ok
13:05:00.0897 4184  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:05:00.0913 4184  PcaSvc - ok
13:05:01.0006 4184  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
13:05:01.0116 4184  pci - ok
13:05:01.0147 4184  [ 20B869152448F80AC49CF10264E91F5E ] pciide          C:\Windows\system32\drivers\pciide.sys
13:05:01.0162 4184  pciide - ok
13:05:01.0194 4184  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:05:01.0209 4184  pcmcia - ok
13:05:01.0396 4184  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:05:01.0755 4184  PEAUTH - ok
13:05:01.0864 4184  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
13:05:02.0176 4184  pla - ok
13:05:02.0223 4184  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:05:02.0239 4184  PlugPlay - ok
13:05:02.0270 4184  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
13:05:02.0286 4184  PNRPAutoReg - ok
13:05:02.0301 4184  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
13:05:02.0301 4184  PNRPsvc - ok
13:05:02.0395 4184  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:05:02.0426 4184  PolicyAgent - ok
13:05:02.0473 4184  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:05:02.0473 4184  PptpMiniport - ok
13:05:02.0504 4184  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
13:05:02.0520 4184  Processor - ok
13:05:02.0598 4184  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:05:02.0660 4184  ProfSvc - ok
13:05:02.0691 4184  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:05:02.0691 4184  ProtectedStorage - ok
13:05:02.0894 4184  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
13:05:02.0910 4184  PSched - ok
13:05:02.0972 4184  [ 68B57D7C11277EA89F78255480376B4D ] PSI             C:\Windows\system32\DRIVERS\psi_mf_x86.sys
13:05:02.0988 4184  PSI - ok
13:05:03.0019 4184  [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
13:05:03.0034 4184  PxHelp20 - ok
13:05:03.0175 4184  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:05:03.0534 4184  ql2300 - ok
13:05:03.0549 4184  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:05:03.0549 4184  ql40xx - ok
13:05:03.0627 4184  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
13:05:03.0643 4184  QWAVE - ok
13:05:03.0674 4184  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:05:03.0674 4184  QWAVEdrv - ok
13:05:03.0690 4184  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:05:03.0705 4184  RasAcd - ok
13:05:03.0721 4184  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
13:05:03.0721 4184  RasAuto - ok
13:05:03.0736 4184  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:05:03.0752 4184  Rasl2tp - ok
13:05:03.0846 4184  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
13:05:03.0877 4184  RasMan - ok
13:05:03.0892 4184  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:05:03.0908 4184  RasPppoe - ok
13:05:03.0939 4184  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:05:03.0970 4184  RasSstp - ok
13:05:04.0033 4184  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:05:04.0126 4184  rdbss - ok
13:05:04.0189 4184  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:05:04.0189 4184  RDPCDD - ok
13:05:04.0282 4184  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
13:05:04.0314 4184  rdpdr - ok
13:05:04.0360 4184  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:05:04.0376 4184  RDPENCDD - ok
13:05:04.0438 4184  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:05:04.0516 4184  RDPWD - ok
13:05:04.0579 4184  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:05:04.0594 4184  RemoteAccess - ok
13:05:04.0641 4184  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:05:04.0672 4184  RemoteRegistry - ok
13:05:04.0719 4184  [ EEC7EE5675294B03E88AA868540007C1 ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
13:05:04.0735 4184  RMCAST - ok
13:05:05.0125 4184  [ EBCDE8B48FADC6479D96A56D0A432160 ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
13:05:05.0125 4184  RoxMediaDB9 - ok
13:05:05.0187 4184  [ AB2B1DE1C8F31EFCE2384B14B3DC4260 ] RoxWatch9       C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
13:05:05.0187 4184  RoxWatch9 - ok
13:05:05.0234 4184  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
13:05:05.0250 4184  RpcLocator - ok
13:05:05.0343 4184  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
13:05:05.0343 4184  RpcSs - ok
13:05:05.0374 4184  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:05:05.0374 4184  rspndr - ok
13:05:05.0406 4184  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
13:05:05.0406 4184  SamSs - ok
13:05:05.0499 4184  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:05:05.0530 4184  SASDIFSV - ok
13:05:05.0562 4184  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:05:05.0562 4184  SASKUTIL - ok
13:05:05.0624 4184  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:05:05.0640 4184  sbp2port - ok
13:05:05.0671 4184  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:05:05.0686 4184  SCardSvr - ok
13:05:05.0733 4184  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
13:05:06.0014 4184  Schedule - ok
13:05:06.0061 4184  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:05:06.0061 4184  SCPolicySvc - ok
13:05:06.0123 4184  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:05:06.0139 4184  SDRSVC - ok
13:05:06.0186 4184  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:05:06.0201 4184  secdrv - ok
13:05:06.0232 4184  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
13:05:06.0232 4184  seclogon - ok
13:05:06.0669 4184  [ 05E383849FA1FBBBC160612B0080618C ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
13:05:06.0950 4184  Secunia PSI Agent - ok
13:05:06.0997 4184  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
13:05:07.0028 4184  SENS - ok
13:05:07.0044 4184  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:05:07.0059 4184  Serenum - ok
13:05:07.0090 4184  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
13:05:07.0090 4184  Serial - ok
13:05:07.0137 4184  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:05:07.0137 4184  sermouse - ok
13:05:07.0200 4184  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:05:07.0200 4184  SessionEnv - ok
13:05:07.0215 4184  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:05:07.0231 4184  sffdisk - ok
13:05:07.0246 4184  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:05:07.0246 4184  sffp_mmc - ok
13:05:07.0278 4184  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:05:07.0278 4184  sffp_sd - ok
13:05:07.0293 4184  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:05:07.0309 4184  sfloppy - ok
13:05:07.0340 4184  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:05:07.0356 4184  SharedAccess - ok
13:05:07.0387 4184  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:05:07.0387 4184  ShellHWDetection - ok
13:05:07.0434 4184  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:05:07.0434 4184  sisagp - ok
13:05:07.0465 4184  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
13:05:07.0465 4184  SiSRaid2 - ok
13:05:07.0496 4184  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:05:07.0496 4184  SiSRaid4 - ok
13:05:07.0714 4184  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
13:05:07.0761 4184  slsvc - ok
13:05:07.0808 4184  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
13:05:07.0824 4184  SLUINotify - ok
13:05:07.0824 4184  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:05:07.0870 4184  Smb - ok
13:05:07.0902 4184  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:05:07.0917 4184  SNMPTRAP - ok
13:05:07.0948 4184  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
13:05:07.0964 4184  spldr - ok
13:05:07.0995 4184  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
13:05:08.0011 4184  Spooler - ok
13:05:08.0042 4184  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:05:08.0058 4184  srv - ok
13:05:08.0089 4184  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:05:08.0120 4184  srv2 - ok
13:05:08.0136 4184  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:05:08.0151 4184  srvnet - ok
13:05:08.0182 4184  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:05:08.0198 4184  SSDPSRV - ok
13:05:08.0245 4184  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:05:08.0292 4184  SstpSvc - ok
13:05:08.0354 4184  [ 9CEA131B5EB0EA653F6B3EA80B54956D ] STHDA           C:\Windows\system32\drivers\stwrt.sys
13:05:08.0775 4184  STHDA - ok
13:05:08.0884 4184  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
13:05:08.0884 4184  stisvc - ok
13:05:08.0947 4184  [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:05:08.0947 4184  stllssvr - ok
13:05:08.0962 4184  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:05:08.0962 4184  swenum - ok
13:05:08.0994 4184  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
13:05:09.0009 4184  swprv - ok
13:05:09.0040 4184  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
13:05:09.0040 4184  Symc8xx - ok
13:05:09.0072 4184  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
13:05:09.0072 4184  Sym_hi - ok
13:05:09.0087 4184  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
13:05:09.0087 4184  Sym_u3 - ok
13:05:09.0118 4184  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
13:05:09.0150 4184  SysMain - ok
13:05:09.0181 4184  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:05:09.0181 4184  TabletInputService - ok
13:05:09.0228 4184  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:05:09.0243 4184  TapiSrv - ok
13:05:09.0274 4184  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
13:05:09.0274 4184  TBS - ok
13:05:09.0337 4184  [ 078218D74C4EFC2CE7E4C6DF22A94F2F ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:05:09.0352 4184  Tcpip - ok
13:05:09.0384 4184  [ 078218D74C4EFC2CE7E4C6DF22A94F2F ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
13:05:09.0399 4184  Tcpip6 - ok
13:05:09.0415 4184  [ 4C11A1820DDC37FA653913AD680ACCAE ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:05:09.0415 4184  tcpipreg - ok
13:05:09.0430 4184  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:05:09.0430 4184  TDPIPE - ok
13:05:09.0446 4184  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:05:09.0446 4184  TDTCP - ok
13:05:09.0477 4184  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:05:09.0493 4184  tdx - ok
13:05:09.0508 4184  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:05:09.0508 4184  TermDD - ok
13:05:09.0540 4184  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
13:05:09.0540 4184  TermService - ok
13:05:09.0571 4184  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
13:05:09.0571 4184  Themes - ok
13:05:09.0602 4184  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
13:05:09.0602 4184  THREADORDER - ok
13:05:09.0633 4184  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
13:05:09.0664 4184  TrkWks - ok
13:05:09.0711 4184  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:05:09.0711 4184  TrustedInstaller - ok
13:05:09.0758 4184  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:05:09.0758 4184  tssecsrv - ok
13:05:09.0805 4184  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
13:05:09.0805 4184  tunmp - ok
13:05:09.0836 4184  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:05:09.0836 4184  tunnel - ok
13:05:09.0867 4184  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:05:09.0867 4184  uagp35 - ok
13:05:09.0898 4184  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:05:09.0914 4184  udfs - ok
13:05:09.0930 4184  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:05:09.0945 4184  UI0Detect - ok
13:05:09.0976 4184  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:05:09.0976 4184  uliagpkx - ok
13:05:10.0039 4184  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
13:05:10.0039 4184  uliahci - ok
13:05:10.0070 4184  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
13:05:10.0070 4184  UlSata - ok
13:05:10.0101 4184  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
13:05:10.0101 4184  ulsata2 - ok
13:05:10.0132 4184  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:05:10.0132 4184  umbus - ok
13:05:10.0164 4184  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
13:05:10.0164 4184  upnphost - ok
13:05:10.0210 4184  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:05:10.0210 4184  usbccgp - ok
13:05:10.0226 4184  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:05:10.0226 4184  usbcir - ok
13:05:10.0288 4184  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:05:10.0304 4184  usbehci - ok
13:05:10.0351 4184  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:05:10.0382 4184  usbhub - ok
13:05:10.0398 4184  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
13:05:10.0413 4184  usbohci - ok
13:05:10.0429 4184  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:05:10.0429 4184  usbprint - ok
13:05:10.0507 4184  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
13:05:10.0507 4184  usbscan - ok
13:05:10.0538 4184  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:05:10.0554 4184  USBSTOR - ok
13:05:10.0600 4184  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:05:10.0616 4184  usbuhci - ok
13:05:10.0647 4184  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
13:05:10.0663 4184  UxSms - ok
13:05:10.0694 4184  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
13:05:10.0725 4184  vds - ok
13:05:10.0741 4184  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:05:10.0741 4184  vga - ok
13:05:10.0788 4184  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:05:10.0788 4184  VgaSave - ok
13:05:10.0803 4184  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:05:10.0819 4184  viaagp - ok
13:05:10.0834 4184  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
13:05:10.0850 4184  ViaC7 - ok
13:05:10.0881 4184  [ 58C8D5AC5C3EEF40E7E704A5CED7987D ] viaide          C:\Windows\system32\drivers\viaide.sys
13:05:10.0897 4184  viaide - ok
13:05:10.0944 4184  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:05:10.0944 4184  volmgr - ok
13:05:11.0053 4184  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:05:11.0193 4184  volmgrx - ok
13:05:11.0256 4184  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:05:11.0380 4184  volsnap - ok
13:05:11.0443 4184  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:05:11.0490 4184  vsmraid - ok
13:05:11.0833 4184  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
13:05:12.0114 4184  VSS - ok
13:05:12.0223 4184  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
13:05:12.0238 4184  W32Time - ok
13:05:12.0254 4184  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:05:12.0254 4184  WacomPen - ok
13:05:12.0301 4184  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:05:12.0316 4184  Wanarp - ok
13:05:12.0316 4184  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:05:12.0316 4184  Wanarpv6 - ok
13:05:12.0410 4184  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:05:12.0582 4184  wcncsvc - ok
13:05:12.0644 4184  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:05:12.0660 4184  WcsPlugInService - ok
13:05:12.0675 4184  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
13:05:12.0675 4184  Wd - ok
13:05:12.0847 4184  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:05:13.0252 4184  Wdf01000 - ok
13:05:13.0299 4184  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:05:13.0315 4184  WdiServiceHost - ok
13:05:13.0330 4184  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:05:13.0330 4184  WdiSystemHost - ok
13:05:13.0377 4184  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
13:05:13.0393 4184  WebClient - ok
13:05:13.0471 4184  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:05:13.0549 4184  Wecsvc - ok
13:05:13.0658 4184  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:05:13.0689 4184  wercplsupport - ok
13:05:13.0767 4184  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:05:13.0830 4184  WerSvc - ok
13:05:14.0001 4184  [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:05:14.0376 4184  winachsf - ok
13:05:14.0563 4184  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:05:14.0734 4184  WinDefend - ok
13:05:14.0750 4184  WinHttpAutoProxySvc - ok
13:05:15.0187 4184  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:05:15.0265 4184  Winmgmt - ok
13:05:15.0670 4184  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:05:16.0310 4184  WinRM - ok
13:05:16.0466 4184  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:05:16.0731 4184  Wlansvc - ok
13:05:16.0996 4184  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:05:17.0043 4184  wlcrasvc - ok
13:05:17.0667 4184  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:05:17.0683 4184  wlidsvc - ok
13:05:17.0761 4184  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:05:17.0776 4184  WmiAcpi - ok
13:05:17.0886 4184  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:05:17.0932 4184  wmiApSrv - ok
13:05:18.0354 4184  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:05:18.0868 4184  WMPNetworkSvc - ok
13:05:18.0962 4184  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:05:19.0024 4184  WPCSvc - ok
13:05:19.0071 4184  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:05:19.0087 4184  WPDBusEnum - ok
13:05:19.0414 4184  [ 13B06826EC291805FED0E2C67A8B6DE4 ] WPFFontCache_v0400 c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:05:19.0726 4184  WPFFontCache_v0400 - ok
13:05:19.0758 4184  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:05:19.0773 4184  ws2ifsl - ok
13:05:19.0836 4184  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
13:05:19.0851 4184  wscsvc - ok
13:05:19.0851 4184  WSearch - ok
13:05:20.0194 4184  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
13:05:20.0288 4184  wuauserv - ok
13:05:20.0319 4184  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:05:20.0335 4184  WudfPf - ok
13:05:20.0350 4184  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:05:20.0366 4184  WUDFRd - ok
13:05:20.0460 4184  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:05:20.0506 4184  wudfsvc - ok
13:05:20.0584 4184  [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
13:05:20.0616 4184  XAudio - ok
13:05:20.0709 4184  [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
13:05:20.0709 4184  XAudioService - ok
13:05:21.0255 4184  [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
13:05:21.0271 4184  YahooAUService - ok
13:05:21.0286 4184  ================ Scan global ===============================
13:05:21.0333 4184  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:05:21.0489 4184  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
13:05:21.0786 4184  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
13:05:21.0926 4184  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
13:05:21.0942 4184  [Global] - ok
13:05:21.0942 4184  ================ Scan MBR ==================================
13:05:21.0957 4184  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
13:05:24.0063 4184  \Device\Harddisk0\DR0 - ok
13:05:24.0063 4184  ================ Scan VBR ==================================
13:05:24.0094 4184  [ C16D0A22DDA7A954357F26CDEB59820F ] \Device\Harddisk0\DR0\Partition1
13:05:24.0141 4184  \Device\Harddisk0\DR0\Partition1 - ok
13:05:24.0172 4184  [ 3D391BAC4EDE2ECB1F67839D5D212A20 ] \Device\Harddisk0\DR0\Partition2
13:05:24.0188 4184  \Device\Harddisk0\DR0\Partition2 - ok
13:05:24.0188 4184  ============================================================
13:05:24.0188 4184  Scan finished
13:05:24.0188 4184  ============================================================
13:05:24.0204 4176  Detected object count: 0
13:05:24.0204 4176  Actual detected object count: 0
 



#6 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 11 August 2013 - 01:14 PM

That's looking good, proceed with ESET-scan.  :thumbup2:


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#7 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:06:04 AM

Posted 11 August 2013 - 05:26 PM

Here is the result of the ESET scan:

 

C:\Program Files\Mozilla Firefox\components\sprotector.js    Win32/Conduit.SearchProtect.A application
C:\ProgramData\APN\APN-Stub\PCD-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application
C:\ProgramData\APN\APN-Stub\PCD-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application
C:\ProgramData\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application
C:\Users\All Users\APN\APN-Stub\PCD-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application
C:\Users\All Users\APN\APN-Stub\PCD-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application
C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.7z    Win32/Bundled.Toolbar.Ask.B application
C:\Users\All Users\APN\APN-Stub\W3IV6-G\APNIC.dll    Win32/Bundled.Toolbar.Ask.B application
C:\Users\Matthew\AppData\Local\Downloaded Installations\{024ED834-0B8E-4B00-BBA0-794E16D1C2DA}\Carambis Driver Updater.msi    a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Matthew\AppData\Local\temp\Revo UninstallerUpdateSetup.exe    Win32/InstallCore.BL application
C:\Users\Matthew\AppData\Local\temp\11082747.Uninstall\Revo UninstallerUpdateSetup.exe    Win32/InstallCore.BL application
C:\Users\Matthew\AppData\Local\temp\246996.Uninstall\uninstaller.exe    a variant of Win32/InstallCore.AZ application
C:\Users\Matthew\AppData\Local\temp\315106.Uninstall\uninstaller.exe    a variant of Win32/InstallCore.AZ application
C:\Users\Matthew\Downloads\ARO2013_tbt.exe    a variant of Win32/Bundled.Toolbar.Ask.D application
C:\Users\Matthew\Downloads\cbsidlm-cbsi4_1_1-CNET_TechTracker-10912909.exe    a variant of Win32/CNETInstaller.A application
C:\Users\Matthew\Downloads\cbsidlm-tr1_13-Secunia_Personal_Software_Inspector-SEO-10717855.exe    Win32/DownloadAdmin.G application
C:\Users\Matthew\Downloads\OptimizerPro.exe    multiple threats
C:\Users\Matthew\Downloads\Upgrade.exe    a variant of Win32/AirAdInstaller.A application
 



#8 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 12 August 2013 - 03:19 AM

:step1: Use AdwCleaner 

 

       http://www.bleepingcomputer.com/download/adwcleaner/

       

    Note: Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable/DisableAskDetections before using AdwCleaner.

 

  • Using AdwCleaner is very simple. Simply download the program and run it.  You will then be presented with a screen that contains a Search and Delete button.  The Search button will cause AdwCleaner to search your computer for unwanted programs and then display a log showing the various files, folders, and registry entries used by these programs.
     
  • To delete these unwanted programs simply click on the Delete button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing.  On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed.

  Post the log.

 

 

:step2: Remove the found infections from ESET.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:


#9 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:06:04 AM

Posted 12 August 2013 - 11:27 AM

Here is the AdwCleaner log:

 

# AdwCleaner v2.306 - Logfile created 08/12/2013 at 11:55:43
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Matthew - MATTHEW-PC
# Boot Mode : Normal
# Running from : C:\Users\Matthew\Downloads\AdwCleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\8hxucwyd.default-1368425912243\searchplugins\SweetIm.xml
File Deleted : C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Public\Desktop\jZip.lnk
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Program Files\jZip
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\visualbee
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\visualbee
Folder Deleted : C:\Users\Matthew\AppData\Local\iMesh
Folder Deleted : C:\Users\Matthew\AppData\Local\jZip
Folder Deleted : C:\Users\Matthew\AppData\Local\visualbeeexe
Folder Deleted : C:\Users\Matthew\AppData\LocalLow\jZip
Folder Deleted : C:\Users\Matthew\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Matthew\AppData\Roaming\ParetoLogic

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Imesh
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\jZip
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033906.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033906.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033906.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033906.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={B9F5ABB3-F194-11E2-B11C-001AA040A456} --> hxxp://www.google.com

-\\ Mozilla Firefox v23.0 (en-US)

File : C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\8hxucwyd.default-1368425912243\prefs.js

C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\8hxucwyd.default-1368425912243\user.js ... Deleted !

Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.3390[...]
Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.3390[...]
Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.3390[...]
Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.3390[...]
Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.3390[...]
Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.3390[...]
Deleted : user_pref("extensions.a67314b3924e64f0599f33f88c7cddd176c5fa56013a34d428e9053d9930111f9com33906.3390[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.yahoo.com/|hxxp://www.bin[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_product_name", "Updater By SweetPacks")[...]

File : C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\prefs.js

C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\user.js ... Deleted !

Deleted : user_pref("browser.startup.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045[...]
Deleted : user_pref("keyword.URL", "hxxp://start.sweetpacks.com/?src=2&st=12&crg=3.5000006.10045&barid={B9F5AB[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://mysearch.avg.com/?cid={769142[...]
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "Bing");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14687 octets] - [13/05/2013 01:25:21]
AdwCleaner[R2].txt - [11540 octets] - [12/08/2013 11:51:28]
AdwCleaner[S1].txt - [14393 octets] - [13/05/2013 01:28:00]
AdwCleaner[S2].txt - [11788 octets] - [12/08/2013 11:55:43]

########## EOF - C:\AdwCleaner[S2].txt - [11849 octets] ##########

 

 

Another "Add on" installed again with out my permission, as I was trying to update my one program! I think it was because I had another program that helped with downloading files. Was supposed to organize them and then download them in any order you wanted, could even download up to a certain number at one time. But I think that what was causing some of my problems. I uninstalled it when the "New Ad Ons" installed with out my permission this morning! I hope the AdwCleaner removed the new add ons too!   

 

The "Third Party Add on" that are "Bundled" in with the downloads get away with it, because the instructions are so damn confusing and the EULA print is so damn tiny you need a magnifying glass or microscope to read it! Then they put it a window that you can't enlarge to read the "tiny print", one page says to leave the box unchecked to "install the add on"  while on the next page it says leave the box unchecked to "not install the add on", all in tiny print!  Then they have "NEXT" in Huge letters to make everyone to think you click on that to just continue right on with the installation of the program you initially wanted, BUT what you don't see or can barely read in real tiny fine print is: "by clicking next you agree with the terms and conditions in the eula" for the add on! That is how 89.99999% of Viruses, Malware, etc.. probably get spread! The rest of it is through bad websites and hacking!  Sorry for the little rant , I had to blow off some steam I guess. :crazy: :crazy: : lol



#10 GodfatherKing

GodfatherKing

  • Members
  • 587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 12 August 2013 - 11:32 AM

Repeat the MBAM scan and post log.


If you have received help from me and I don't have respond to you for almost >= 3 days, send me a Private Message.  :hello:





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users