Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse BackDoor.Generic15.BPGV


  • Please log in to reply
13 replies to this topic

#1 MuddyMaestro

MuddyMaestro

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alberta, Canada
  • Local time:03:36 AM

Posted 29 January 2013 - 02:56 AM

Hi there. I found a thread in this forum similar to an issue I'm experiencing, but I want to register and open a new topic just in case this may be a slightly different case. I believe this file is a result of a virus I was sent via an IM messenger (Skype) disguised as an image file. I have already scanned my PC with AVG and HitMan two times, and removed all suspicious files, but AVG continues to alert me that this file still exists. I run a Windows 7, 64 Bit as my operating system.

The threat name is described as Trojan Horse BackDoor.Generic15.BPGV, and upon restarting my computer I'll be alerted of the file in multiple locations. Afterwards I do not continue to be alerted until I reboot my computer once again. If you wish for me to reboot my PC to gather details, I can provide that. It's worth noting in contrast to the topic linked above, I (believe I) have not received an alert regarding a services.exe file, and did not appear in my HitMan scans to my knowledge.

Any help would be very much appreciated. System restore is not an option due to the fact the my restore points before receiving the suspicious file were inexplicably deleted. Unfortunately, I did not save my logs of the previous scans, and am unsure if it's possible for them to be retrieved.

Edited by MuddyMaestro, 29 January 2013 - 03:22 AM.


BC AdBot (Login to Remove)

 


#2 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:36 AM

Posted 29 January 2013 - 05:59 AM

Hi, MuddyMaestro! I'm going to try to help you out. :)

This could potentially be a pretty nasty infection, but I'm going to run some things to check and clean some things before jumping to any conclusions.

TDSSKiller

I need you to run a scan using TDSSKiller.

  • Download TDSSKiller from here, and save it to your desktop.
  • Double click the file to launch the program. Once the program starts, click Start Scan. Don't change any default scan settings.
  • Once the scan is finished, you'll find a log in your root drive (usually C: ) that will start with TDSS in the file name, please copy and paste it into your reply.

Malwarebytes

I need you to run a scan with Malwarebytes Anti-Malware.

  • Download MBAM from here, and save it to your desktop.
  • Double-click the installer to run it. During the installation, simply follow the prompts and let the program install. However, if you do not want to start a trial of the full version, please decline, and if offered any external toolbars/programs, feel free to uncheck to install them, unless you want them.
  • Once the program is done installing and updating, select the Perform full scan option on the main interface. The click the Scan button, hit Scan, and let the scan run.
  • Once the scan is finished, a log will pop up. If any malware was found, click the Show Results button, and make sure everything present is checked and click Remove Selected. If MBAM asks you to reboot, do so immediately. Either way, please copy and paste the log into your reply. If your PC is rebooted, you can find the log by opening up MBAM and going to the Logs tab.

AdwCleaner

I need you to run AdwCleaner to see if it removes anything.

  • Download AdwCleaner from here, and save it to your desktop.
  • Close all open programs.
  • Open the file on your desktop, and click the Delete button. Confirm operations at every prompt. Your PC will be rebooted after the final prompt.
  • Once rebooted, a text file will open up. Please copy and paste it into your reply.

RogueKiller

I need you to run RogueKiller to see if it removes anything.

  • Download RogueKiller from here, and save it to your desktop.
  • Close all open programs.
  • Double click the file on your desktop. Once the automatic check completes, hit the Scan button.
  • Once the full scan has finished, click on the Delete button. Once it's done removing things, open the newest log on your desktop (should be called RKreport[2].txt) and copy and paste it into your reply.

Please tell me how your PC is running in your next reply.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#3 MuddyMaestro

MuddyMaestro
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alberta, Canada
  • Local time:03:36 AM

Posted 29 January 2013 - 10:31 PM

Thanks for the response Gunto. Here are my results.

---

TDSSKiller

09:39:41.0896 6760 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:39:42.0897 6760 ============================================================
09:39:42.0897 6760 Current date / time: 2013/01/29 09:39:42.0897
09:39:42.0897 6760 SystemInfo:
09:39:42.0897 6760
09:39:42.0897 6760 OS Version: 6.1.7601 ServicePack: 1.0
09:39:42.0897 6760 Product type: Workstation
09:39:42.0897 6760 ComputerName: JIM-PC
09:39:42.0898 6760 UserName: Debbie
09:39:42.0898 6760 Windows directory: C:\Windows
09:39:42.0898 6760 System windows directory: C:\Windows
09:39:42.0898 6760 Running under WOW64
09:39:42.0898 6760 Processor architecture: Intel x64
09:39:42.0898 6760 Number of processors: 4
09:39:42.0898 6760 Page size: 0x1000
09:39:42.0898 6760 Boot type: Normal boot
09:39:42.0898 6760 ============================================================
09:39:43.0720 6760 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:39:43.0729 6760 ============================================================
09:39:43.0729 6760 \Device\Harddisk0\DR0:
09:39:43.0729 6760 MBR partitions:
09:39:43.0729 6760 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
09:39:43.0729 6760 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x55913000
09:39:43.0729 6760 ============================================================
09:39:43.0787 6760 C: <-> \Device\Harddisk0\DR0\Partition2
09:39:43.0787 6760 ============================================================
09:39:43.0787 6760 Initialize success
09:39:43.0787 6760 ============================================================
09:39:45.0771 7064 ============================================================
09:39:45.0771 7064 Scan started
09:39:45.0771 7064 Mode: Manual;
09:39:45.0771 7064 ============================================================
09:39:47.0323 7064 ================ Scan system memory ========================
09:39:47.0323 7064 System memory - ok
09:39:47.0323 7064 ================ Scan services =============================
09:39:48.0086 7064 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:39:48.0091 7064 1394ohci - ok
09:39:48.0143 7064 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:39:48.0149 7064 ACPI - ok
09:39:48.0217 7064 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:39:48.0219 7064 AcpiPmi - ok
09:39:48.0918 7064 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:39:52.0596 7064 AdobeFlashPlayerUpdateSvc - ok
09:39:52.0876 7064 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:39:52.0885 7064 adp94xx - ok
09:39:53.0161 7064 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:39:53.0167 7064 adpahci - ok
09:39:53.0251 7064 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:39:53.0256 7064 adpu320 - ok
09:39:53.0390 7064 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:39:53.0413 7064 AeLookupSvc - ok
09:39:53.0681 7064 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
09:39:53.0687 7064 AFD - ok
09:39:53.0813 7064 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:39:53.0820 7064 agp440 - ok
09:39:53.0913 7064 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
09:39:53.0916 7064 ALG - ok
09:39:54.0076 7064 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
09:39:54.0079 7064 aliide - ok
09:39:54.0168 7064 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
09:39:54.0171 7064 amdide - ok
09:39:54.0309 7064 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:39:54.0312 7064 AmdK8 - ok
09:39:54.0343 7064 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:39:54.0346 7064 AmdPPM - ok
09:39:54.0446 7064 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:39:54.0469 7064 amdsata - ok
09:39:54.0551 7064 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:39:54.0557 7064 amdsbs - ok
09:39:54.0586 7064 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:39:54.0587 7064 amdxata - ok
09:39:54.0732 7064 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
09:39:54.0734 7064 AppID - ok
09:39:54.0842 7064 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:39:54.0844 7064 AppIDSvc - ok
09:39:54.0928 7064 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
09:39:54.0930 7064 Appinfo - ok
09:39:55.0418 7064 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:39:55.0420 7064 Apple Mobile Device - ok
09:39:55.0829 7064 [ BF3ED7AB322988D48D95A70DAB23A2DC ] AraxisSnapshotService C:\Program Files\Araxis\Araxis Merge\snapshotsvc.exe
09:39:55.0838 7064 AraxisSnapshotService - ok
09:39:55.0886 7064 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
09:39:55.0889 7064 arc - ok
09:39:55.0897 7064 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:39:55.0900 7064 arcsas - ok
09:39:56.0212 7064 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:39:56.0247 7064 aspnet_state - ok
09:39:56.0300 7064 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:39:56.0302 7064 AsyncMac - ok
09:39:56.0386 7064 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
09:39:56.0387 7064 atapi - ok
09:39:56.0535 7064 [ E642491F64E58CD5BC8FB8B347DCF65F ] athr C:\Windows\system32\DRIVERS\athrx.sys
09:39:56.0559 7064 athr - ok
09:39:56.0637 7064 [ AEC505976EF01BBD8F57CBA912F39259 ] athrusb6 C:\Windows\system32\DRIVERS\athrxu6.sys
09:39:56.0683 7064 athrusb6 - ok
09:39:56.0769 7064 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:39:56.0780 7064 AudioEndpointBuilder - ok
09:39:56.0797 7064 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:39:56.0805 7064 AudioSrv - ok
09:39:56.0874 7064 [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys
09:39:56.0876 7064 Avgfwfd - ok
09:39:57.0234 7064 [ D0BE22C910E46550C6308D50DDA76B94 ] avgfws C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
09:39:57.0248 7064 avgfws - ok
09:39:58.0182 7064 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
09:39:58.0237 7064 AVGIDSAgent - ok
09:39:58.0378 7064 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
09:39:58.0381 7064 AVGIDSDriver - ok
09:39:58.0431 7064 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
09:39:58.0432 7064 AVGIDSHA - ok
09:39:58.0535 7064 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
09:39:58.0538 7064 Avgldx64 - ok
09:39:58.0677 7064 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
09:39:58.0681 7064 Avgloga - ok
09:39:58.0708 7064 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
09:39:58.0711 7064 Avgmfx64 - ok
09:39:58.0750 7064 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
09:39:58.0752 7064 Avgrkx64 - ok
09:39:58.0785 7064 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
09:39:58.0788 7064 Avgtdia - ok
09:39:58.0917 7064 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
09:39:58.0920 7064 avgwd - ok
09:39:59.0136 7064 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:39:59.0139 7064 AxInstSV - ok
09:39:59.0340 7064 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:39:59.0352 7064 b06bdrv - ok
09:39:59.0444 7064 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:39:59.0449 7064 b57nd60a - ok
09:39:59.0516 7064 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
09:39:59.0519 7064 BDESVC - ok
09:39:59.0552 7064 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
09:39:59.0554 7064 Beep - ok
09:39:59.0704 7064 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
09:39:59.0717 7064 BFE - ok
09:39:59.0754 7064 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
09:39:59.0772 7064 BITS - ok
09:39:59.0825 7064 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:39:59.0826 7064 blbdrive - ok
09:40:00.0054 7064 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:40:00.0059 7064 Bonjour Service - ok
09:40:00.0154 7064 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:40:00.0156 7064 bowser - ok
09:40:00.0222 7064 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:40:00.0225 7064 BrFiltLo - ok
09:40:00.0245 7064 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:40:00.0248 7064 BrFiltUp - ok
09:40:00.0307 7064 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
09:40:00.0310 7064 Browser - ok
09:40:00.0333 7064 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:40:00.0339 7064 Brserid - ok
09:40:00.0349 7064 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:40:00.0352 7064 BrSerWdm - ok
09:40:00.0359 7064 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:40:00.0362 7064 BrUsbMdm - ok
09:40:00.0380 7064 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:40:00.0383 7064 BrUsbSer - ok
09:40:00.0400 7064 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:40:00.0402 7064 BTHMODEM - ok
09:40:00.0458 7064 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
09:40:00.0461 7064 bthserv - ok
09:40:00.0507 7064 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:40:00.0510 7064 cdfs - ok
09:40:00.0583 7064 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:40:00.0585 7064 cdrom - ok
09:40:00.0637 7064 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
09:40:00.0640 7064 CertPropSvc - ok
09:40:00.0704 7064 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:40:00.0708 7064 circlass - ok
09:40:00.0737 7064 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
09:40:00.0743 7064 CLFS - ok
09:40:00.0867 7064 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:40:00.0870 7064 clr_optimization_v2.0.50727_32 - ok
09:40:00.0980 7064 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:40:00.0984 7064 clr_optimization_v2.0.50727_64 - ok
09:40:01.0090 7064 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:40:01.0198 7064 clr_optimization_v4.0.30319_32 - ok
09:40:01.0222 7064 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:40:01.0244 7064 clr_optimization_v4.0.30319_64 - ok
09:40:01.0331 7064 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:40:01.0333 7064 CmBatt - ok
09:40:01.0376 7064 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:40:01.0396 7064 cmdide - ok
09:40:01.0462 7064 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
09:40:01.0469 7064 CNG - ok
09:40:01.0504 7064 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:40:01.0506 7064 Compbatt - ok
09:40:01.0550 7064 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:40:01.0552 7064 CompositeBus - ok
09:40:01.0574 7064 COMSysApp - ok
09:40:01.0618 7064 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:40:01.0621 7064 crcdisk - ok
09:40:01.0677 7064 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:40:01.0681 7064 CryptSvc - ok
09:40:01.0940 7064 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
09:40:01.0957 7064 cvhsvc - ok
09:40:02.0009 7064 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:40:02.0020 7064 DcomLaunch - ok
09:40:02.0056 7064 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
09:40:02.0062 7064 defragsvc - ok
09:40:02.0149 7064 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:40:02.0151 7064 DfsC - ok
09:40:02.0384 7064 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
09:40:02.0390 7064 Dhcp - ok
09:40:02.0465 7064 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
09:40:02.0467 7064 discache - ok
09:40:02.0599 7064 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:40:02.0602 7064 Disk - ok
09:40:03.0127 7064 [ 6973E3B4C97A4991F59220FEBC2A51EB ] dldwCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\dldwserv.exe
09:40:03.0132 7064 dldwCATSCustConnectService - ok
09:40:03.0173 7064 dldw_device - ok
09:40:03.0338 7064 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:40:03.0342 7064 Dnscache - ok
09:40:03.0491 7064 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:40:03.0497 7064 dot3svc - ok
09:40:03.0718 7064 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
09:40:03.0722 7064 DPS - ok
09:40:03.0846 7064 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:40:03.0848 7064 drmkaud - ok
09:40:04.0180 7064 [ 1FCA854CEDFC2CCD0C22E46EA4EA18F1 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
09:40:04.0187 7064 DsiWMIService - ok
09:40:04.0550 7064 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:40:04.0560 7064 DXGKrnl - ok
09:40:04.0693 7064 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
09:40:04.0697 7064 EapHost - ok
09:40:05.0357 7064 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:40:05.0440 7064 ebdrv - ok
09:40:05.0527 7064 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
09:40:05.0530 7064 EFS - ok
09:40:05.0731 7064 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:40:05.0744 7064 ehRecvr - ok
09:40:05.0801 7064 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
09:40:05.0804 7064 ehSched - ok
09:40:05.0878 7064 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:40:05.0887 7064 elxstor - ok
09:40:06.0055 7064 [ 3EA2C4F68A782839D97B3C83595575B6 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
09:40:06.0097 7064 ePowerSvc - ok
09:40:06.0129 7064 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:40:06.0131 7064 ErrDev - ok
09:40:06.0195 7064 [ 0975BF32399A24117E317B5BF1D5D0AA ] ETD C:\Windows\system32\DRIVERS\ETD.sys
09:40:06.0197 7064 ETD - ok
09:40:06.0244 7064 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
09:40:06.0252 7064 EventSystem - ok
09:40:06.0319 7064 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
09:40:06.0324 7064 exfat - ok
09:40:06.0349 7064 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:40:06.0354 7064 fastfat - ok
09:40:06.0422 7064 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
09:40:06.0439 7064 Fax - ok
09:40:06.0471 7064 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:40:06.0473 7064 fdc - ok
09:40:06.0515 7064 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
09:40:06.0518 7064 fdPHost - ok
09:40:06.0531 7064 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
09:40:06.0534 7064 FDResPub - ok
09:40:06.0591 7064 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:40:06.0594 7064 FileInfo - ok
09:40:06.0615 7064 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:40:06.0617 7064 Filetrace - ok
09:40:06.0687 7064 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:40:06.0698 7064 FLEXnet Licensing Service - ok
09:40:06.0749 7064 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:40:06.0752 7064 flpydisk - ok
09:40:06.0785 7064 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:40:06.0790 7064 FltMgr - ok
09:40:06.0875 7064 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
09:40:06.0910 7064 FontCache - ok
09:40:07.0043 7064 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:40:07.0047 7064 FontCache3.0.0.0 - ok
09:40:07.0069 7064 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:40:07.0071 7064 FsDepends - ok
09:40:07.0131 7064 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
09:40:07.0133 7064 fssfltr - ok
09:40:07.0460 7064 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:40:07.0487 7064 fsssvc - ok
09:40:07.0576 7064 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:40:07.0578 7064 Fs_Rec - ok
09:40:07.0841 7064 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:40:07.0846 7064 fvevol - ok
09:40:07.0878 7064 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:40:07.0883 7064 gagp30kx - ok
09:40:08.0043 7064 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
09:40:08.0048 7064 GameConsoleService - ok
09:40:08.0147 7064 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:40:08.0149 7064 GEARAspiWDM - ok
09:40:08.0209 7064 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
09:40:08.0224 7064 gpsvc - ok
09:40:08.0397 7064 [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
09:40:08.0399 7064 GREGService - ok
09:40:08.0683 7064 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:40:08.0687 7064 gupdate - ok
09:40:08.0711 7064 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:40:08.0713 7064 gupdatem - ok
09:40:08.0787 7064 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:40:08.0791 7064 gusvc - ok
09:40:08.0890 7064 [ 2266520FE366D283CBB366B158D143E1 ] H5xUSB C:\Windows\system32\Drivers\uth5x64.sys
09:40:08.0893 7064 H5xUSB - ok
09:40:08.0946 7064 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:40:08.0949 7064 hcw85cir - ok
09:40:09.0024 7064 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:40:09.0032 7064 HdAudAddService - ok
09:40:09.0086 7064 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:40:09.0088 7064 HDAudBus - ok
09:40:09.0175 7064 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
09:40:09.0177 7064 HECIx64 - ok
09:40:09.0210 7064 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:40:09.0213 7064 HidBatt - ok
09:40:09.0234 7064 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:40:09.0237 7064 HidBth - ok
09:40:09.0283 7064 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:40:09.0285 7064 HidIr - ok
09:40:09.0308 7064 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
09:40:09.0311 7064 hidserv - ok
09:40:09.0368 7064 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:40:09.0370 7064 HidUsb - ok
09:40:09.0460 7064 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:40:09.0477 7064 hkmsvc - ok
09:40:09.0514 7064 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:40:09.0520 7064 HomeGroupListener - ok
09:40:09.0556 7064 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:40:09.0562 7064 HomeGroupProvider - ok
09:40:09.0649 7064 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:40:09.0652 7064 HpSAMD - ok
09:40:09.0732 7064 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:40:09.0741 7064 HTTP - ok
09:40:09.0784 7064 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:40:09.0785 7064 hwpolicy - ok
09:40:09.0836 7064 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:40:09.0838 7064 i8042prt - ok
09:40:09.0899 7064 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:40:09.0905 7064 iaStor - ok
09:40:10.0134 7064 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:40:10.0140 7064 IAStorDataMgrSvc - ok
09:40:10.0176 7064 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:40:10.0184 7064 iaStorV - ok
09:40:10.0352 7064 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:40:10.0396 7064 idsvc - ok
09:40:11.0676 7064 [ F4F91789C7C7A159CE8215C1F69F2A85 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
09:40:11.0795 7064 igfx - ok
09:40:11.0878 7064 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:40:11.0881 7064 iirsp - ok
09:40:11.0962 7064 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
09:40:11.0978 7064 IKEEXT - ok
09:40:12.0057 7064 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
09:40:12.0059 7064 Impcd - ok
09:40:12.0171 7064 [ 235362D403D9D677514649D88DB31914 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:40:12.0194 7064 IntcAzAudAddService - ok
09:40:12.0233 7064 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
09:40:12.0237 7064 IntcDAud - ok
09:40:12.0253 7064 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
09:40:12.0255 7064 intelide - ok
09:40:12.0323 7064 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:40:12.0324 7064 intelppm - ok
09:40:12.0413 7064 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:40:12.0417 7064 IPBusEnum - ok
09:40:12.0442 7064 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:40:12.0445 7064 IpFilterDriver - ok
09:40:12.0525 7064 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:40:12.0537 7064 iphlpsvc - ok
09:40:12.0571 7064 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:40:12.0574 7064 IPMIDRV - ok
09:40:12.0610 7064 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:40:12.0613 7064 IPNAT - ok
09:40:12.0729 7064 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:40:12.0740 7064 iPod Service - ok
09:40:12.0799 7064 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:40:12.0801 7064 IRENUM - ok
09:40:12.0850 7064 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:40:12.0852 7064 isapnp - ok
09:40:12.0883 7064 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:40:12.0890 7064 iScsiPrt - ok
09:40:12.0953 7064 [ 37E053A2CF8F0082B689ED74106E0CEC ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
09:40:12.0957 7064 k57nd60a - ok
09:40:13.0007 7064 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:40:13.0009 7064 kbdclass - ok
09:40:13.0054 7064 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:40:13.0057 7064 kbdhid - ok
09:40:13.0094 7064 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
09:40:13.0096 7064 KeyIso - ok
09:40:13.0183 7064 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:40:13.0206 7064 KSecDD - ok
09:40:13.0237 7064 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:40:13.0240 7064 KSecPkg - ok
09:40:13.0315 7064 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:40:13.0317 7064 ksthunk - ok
09:40:13.0365 7064 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
09:40:13.0374 7064 KtmRm - ok
09:40:13.0433 7064 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
09:40:13.0440 7064 LanmanServer - ok
09:40:13.0481 7064 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:40:13.0486 7064 LanmanWorkstation - ok
09:40:13.0541 7064 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:40:13.0543 7064 lltdio - ok
09:40:13.0701 7064 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:40:13.0708 7064 lltdsvc - ok
09:40:13.0752 7064 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:40:13.0755 7064 lmhosts - ok
09:40:13.0887 7064 [ DBC1136A62BD4DECC3632DF650284C2E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:40:13.0909 7064 LMS - ok
09:40:13.0982 7064 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:40:13.0985 7064 LSI_FC - ok
09:40:14.0006 7064 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:40:14.0009 7064 LSI_SAS - ok
09:40:14.0016 7064 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:40:14.0020 7064 LSI_SAS2 - ok
09:40:14.0032 7064 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:40:14.0036 7064 LSI_SCSI - ok
09:40:14.0059 7064 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
09:40:14.0061 7064 luafv - ok
09:40:14.0104 7064 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:40:14.0108 7064 Mcx2Svc - ok
09:40:14.0113 7064 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:40:14.0116 7064 megasas - ok
09:40:14.0129 7064 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:40:14.0135 7064 MegaSR - ok
09:40:14.0420 7064 [ C73B93FED17829F11273459DA05E1976 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
09:40:14.0424 7064 mfeapfk - ok
09:40:14.0517 7064 [ 85AFDEAD1366BED11A84A5C6FC0A65D2 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
09:40:14.0533 7064 mfehidk - ok
09:40:14.0626 7064 [ 984BBBB9BE02EF838DABDF3F3126A91B ] mfevtp C:\Windows\system32\mfevtps.exe
09:40:14.0631 7064 mfevtp - ok
09:40:14.0646 7064 [ 6251BE428073704FF1002231520C8F16 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
09:40:14.0652 7064 mfewfpk - ok
09:40:14.0705 7064 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
09:40:14.0709 7064 MMCSS - ok
09:40:14.0731 7064 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
09:40:14.0734 7064 Modem - ok
09:40:14.0799 7064 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:40:14.0800 7064 monitor - ok
09:40:14.0876 7064 [ FC44AD48746FFA5FD640EF1260AB5EC2 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
09:40:14.0879 7064 MotioninJoyXFilter - ok
09:40:14.0926 7064 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:40:14.0928 7064 mouclass - ok
09:40:14.0980 7064 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:40:14.0982 7064 mouhid - ok
09:40:15.0053 7064 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:40:15.0055 7064 mountmgr - ok
09:40:15.0082 7064 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
09:40:15.0086 7064 mpio - ok
09:40:15.0104 7064 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:40:15.0106 7064 mpsdrv - ok
09:40:15.0144 7064 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:40:15.0165 7064 MpsSvc - ok
09:40:15.0204 7064 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:40:15.0208 7064 MRxDAV - ok
09:40:15.0244 7064 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:40:15.0246 7064 mrxsmb - ok
09:40:15.0267 7064 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:40:15.0271 7064 mrxsmb10 - ok
09:40:15.0308 7064 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:40:15.0311 7064 mrxsmb20 - ok
09:40:15.0399 7064 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
09:40:15.0402 7064 msahci - ok
09:40:15.0423 7064 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:40:15.0427 7064 msdsm - ok
09:40:15.0458 7064 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
09:40:15.0463 7064 MSDTC - ok
09:40:15.0487 7064 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:40:15.0488 7064 Msfs - ok
09:40:15.0537 7064 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:40:15.0539 7064 mshidkmdf - ok
09:40:15.0573 7064 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:40:15.0575 7064 msisadrv - ok
09:40:15.0664 7064 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:40:15.0669 7064 MSiSCSI - ok
09:40:15.0674 7064 msiserver - ok
09:40:15.0717 7064 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:40:15.0719 7064 MSKSSRV - ok
09:40:15.0763 7064 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:40:15.0764 7064 MSPCLOCK - ok
09:40:15.0771 7064 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:40:15.0773 7064 MSPQM - ok
09:40:15.0823 7064 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:40:15.0829 7064 MsRPC - ok
09:40:15.0913 7064 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:40:15.0914 7064 mssmbios - ok
09:40:15.0979 7064 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:40:15.0981 7064 MSTEE - ok
09:40:15.0999 7064 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:40:16.0001 7064 MTConfig - ok
09:40:16.0027 7064 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
09:40:16.0029 7064 Mup - ok
09:40:16.0096 7064 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
09:40:16.0097 7064 mwlPSDFilter - ok
09:40:16.0142 7064 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
09:40:16.0143 7064 mwlPSDNServ - ok
09:40:16.0188 7064 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
09:40:16.0190 7064 mwlPSDVDisk - ok
09:40:16.0533 7064 [ 3E5E20817259F7328C8F3BE5421F35B9 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
09:40:16.0573 7064 MWLService - ok
09:40:16.0622 7064 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
09:40:16.0632 7064 napagent - ok
09:40:16.0718 7064 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:40:16.0722 7064 NativeWifiP - ok
09:40:16.0786 7064 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
09:40:16.0818 7064 NDIS - ok
09:40:16.0887 7064 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:40:16.0889 7064 NdisCap - ok
09:40:16.0955 7064 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:40:16.0957 7064 NdisTapi - ok
09:40:17.0012 7064 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:40:17.0014 7064 Ndisuio - ok
09:40:17.0041 7064 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:40:17.0044 7064 NdisWan - ok
09:40:17.0075 7064 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:40:17.0077 7064 NDProxy - ok
09:40:17.0130 7064 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:40:17.0132 7064 NetBIOS - ok
09:40:17.0228 7064 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:40:17.0232 7064 NetBT - ok
09:40:17.0305 7064 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
09:40:17.0307 7064 Netlogon - ok
09:40:17.0367 7064 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
09:40:17.0375 7064 Netman - ok
09:40:17.0441 7064 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:40:17.0507 7064 NetMsmqActivator - ok
09:40:17.0530 7064 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:40:17.0532 7064 NetPipeActivator - ok
09:40:17.0547 7064 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
09:40:17.0556 7064 netprofm - ok
09:40:17.0568 7064 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:40:17.0571 7064 NetTcpActivator - ok
09:40:17.0581 7064 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:40:17.0584 7064 NetTcpPortSharing - ok
09:40:17.0663 7064 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:40:17.0666 7064 nfrd960 - ok
09:40:17.0724 7064 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:40:17.0731 7064 NlaSvc - ok
09:40:17.0766 7064 nlsX86cc - ok
09:40:17.0797 7064 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:40:17.0798 7064 Npfs - ok
09:40:17.0869 7064 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
09:40:17.0872 7064 nsi - ok
09:40:17.0891 7064 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:40:17.0893 7064 nsiproxy - ok
09:40:18.0037 7064 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:40:18.0065 7064 Ntfs - ok
09:40:18.0284 7064 [ 9A308FCDCCA98A15B6F62D36A272160E ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
09:40:18.0316 7064 NTI IScheduleSvc - ok
09:40:18.0393 7064 [ EE3BA1024594D5D09E314F206B94069E ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
09:40:18.0395 7064 NTIDrvr - ok
09:40:18.0470 7064 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
09:40:18.0472 7064 Null - ok
09:40:18.0548 7064 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:40:18.0553 7064 nvraid - ok
09:40:18.0622 7064 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:40:18.0626 7064 nvstor - ok
09:40:18.0674 7064 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:40:18.0678 7064 nv_agp - ok
09:40:18.0720 7064 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:40:18.0723 7064 ohci1394 - ok
09:40:18.0758 7064 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:40:18.0762 7064 ose - ok
09:40:19.0500 7064 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:40:19.0602 7064 osppsvc - ok
09:40:19.0659 7064 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:40:19.0668 7064 p2pimsvc - ok
09:40:19.0700 7064 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
09:40:19.0710 7064 p2psvc - ok
09:40:19.0794 7064 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:40:19.0798 7064 Parport - ok
09:40:19.0824 7064 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:40:19.0827 7064 partmgr - ok
09:40:19.0851 7064 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:40:19.0857 7064 PcaSvc - ok
09:40:19.0868 7064 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
09:40:19.0872 7064 pci - ok
09:40:19.0961 7064 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
09:40:19.0963 7064 pciide - ok
09:40:19.0995 7064 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:40:20.0000 7064 pcmcia - ok
09:40:20.0007 7064 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
09:40:20.0009 7064 pcw - ok
09:40:20.0088 7064 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:40:20.0095 7064 PEAUTH - ok
09:40:20.0419 7064 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:40:20.0422 7064 PerfHost - ok
09:40:20.0491 7064 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
09:40:20.0529 7064 pla - ok
09:40:20.0625 7064 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:40:20.0634 7064 PlugPlay - ok
09:40:20.0673 7064 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:40:20.0676 7064 PNRPAutoReg - ok
09:40:20.0726 7064 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:40:20.0731 7064 PNRPsvc - ok
09:40:20.0778 7064 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:40:20.0787 7064 PolicyAgent - ok
09:40:20.0815 7064 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
09:40:20.0821 7064 Power - ok
09:40:20.0874 7064 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:40:20.0876 7064 PptpMiniport - ok
09:40:20.0896 7064 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:40:20.0899 7064 Processor - ok
09:40:20.0935 7064 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
09:40:20.0941 7064 ProfSvc - ok
09:40:20.0982 7064 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:40:20.0984 7064 ProtectedStorage - ok
09:40:21.0058 7064 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:40:21.0060 7064 Psched - ok
09:40:21.0153 7064 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
09:40:21.0156 7064 PSI_SVC_2 - ok
09:40:21.0239 7064 [ 07D57B890DD5693A6AB660CBAE8F91B4 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
09:40:21.0241 7064 PxHlpa64 - ok
09:40:21.0327 7064 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:40:21.0361 7064 ql2300 - ok
09:40:21.0418 7064 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:40:21.0422 7064 ql40xx - ok
09:40:21.0473 7064 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
09:40:21.0480 7064 QWAVE - ok
09:40:21.0514 7064 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:40:21.0516 7064 QWAVEdrv - ok
09:40:21.0524 7064 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:40:21.0528 7064 RasAcd - ok
09:40:21.0599 7064 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:40:21.0601 7064 RasAgileVpn - ok
09:40:21.0621 7064 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
09:40:21.0626 7064 RasAuto - ok
09:40:21.0665 7064 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:40:21.0667 7064 Rasl2tp - ok
09:40:21.0704 7064 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
09:40:21.0712 7064 RasMan - ok
09:40:21.0737 7064 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:40:21.0739 7064 RasPppoe - ok
09:40:21.0799 7064 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:40:21.0801 7064 RasSstp - ok
09:40:21.0926 7064 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:40:21.0930 7064 rdbss - ok
09:40:21.0967 7064 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:40:21.0971 7064 rdpbus - ok
09:40:22.0032 7064 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:40:22.0033 7064 RDPCDD - ok
09:40:22.0114 7064 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:40:22.0115 7064 RDPENCDD - ok
09:40:22.0197 7064 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:40:22.0198 7064 RDPREFMP - ok
09:40:22.0245 7064 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:40:22.0250 7064 RDPWD - ok
09:40:22.0287 7064 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:40:22.0291 7064 rdyboost - ok
09:40:22.0330 7064 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:40:22.0334 7064 RemoteAccess - ok
09:40:22.0369 7064 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:40:22.0402 7064 RemoteRegistry - ok
09:40:22.0737 7064 [ 7A7F47DD4F8246B8F2C4217BAECD150D ] RoxMediaDBGame1X C:\Program Files (x86)\Common Files\Roxio Shared\Game1X\SharedCOM\RoxMediaDBGame1X.exe
09:40:22.0756 7064 RoxMediaDBGame1X - ok
09:40:22.0778 7064 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:40:22.0782 7064 RpcEptMapper - ok
09:40:22.0836 7064 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
09:40:22.0839 7064 RpcLocator - ok
09:40:22.0868 7064 [ 6684437F3628EF237C354F77D33426D1 ] rpcnet C:\Windows\SysWOW64\rpcnet.exe
09:40:22.0964 7064 rpcnet - ok
09:40:23.0041 7064 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
09:40:23.0049 7064 RpcSs - ok
09:40:23.0112 7064 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:40:23.0114 7064 rspndr - ok
09:40:23.0164 7064 [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
09:40:23.0168 7064 RSUSBSTOR - ok
09:40:23.0204 7064 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
09:40:23.0206 7064 SamSs - ok
09:40:23.0254 7064 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:40:23.0258 7064 sbp2port - ok
09:40:23.0282 7064 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:40:23.0288 7064 SCardSvr - ok
09:40:23.0327 7064 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:40:23.0329 7064 scfilter - ok
09:40:23.0383 7064 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
09:40:23.0418 7064 Schedule - ok
09:40:23.0458 7064 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:40:23.0460 7064 SCPolicySvc - ok
09:40:23.0559 7064 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:40:23.0601 7064 SDRSVC - ok
09:40:23.0643 7064 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:40:23.0644 7064 secdrv - ok
09:40:23.0708 7064 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
09:40:23.0711 7064 seclogon - ok
09:40:23.0769 7064 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
09:40:23.0773 7064 SENS - ok
09:40:23.0829 7064 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:40:23.0833 7064 SensrSvc - ok
09:40:23.0883 7064 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:40:23.0885 7064 Serenum - ok
09:40:23.0908 7064 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:40:23.0911 7064 Serial - ok
09:40:23.0973 7064 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:40:23.0976 7064 sermouse - ok
09:40:24.0012 7064 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
09:40:24.0017 7064 SessionEnv - ok
09:40:24.0051 7064 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:40:24.0054 7064 sffdisk - ok
09:40:24.0073 7064 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:40:24.0076 7064 sffp_mmc - ok
09:40:24.0099 7064 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:40:24.0102 7064 sffp_sd - ok
09:40:24.0127 7064 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:40:24.0129 7064 sfloppy - ok
09:40:24.0194 7064 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
09:40:24.0202 7064 Sftfs - ok
09:40:24.0350 7064 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
09:40:24.0359 7064 sftlist - ok
09:40:24.0383 7064 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
09:40:24.0387 7064 Sftplay - ok
09:40:24.0409 7064 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
09:40:24.0410 7064 Sftredir - ok
09:40:24.0453 7064 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
09:40:24.0454 7064 Sftvol - ok
09:40:24.0493 7064 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
09:40:24.0497 7064 sftvsa - ok
09:40:24.0559 7064 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:40:24.0568 7064 SharedAccess - ok
09:40:24.0621 7064 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:40:24.0629 7064 ShellHWDetection - ok
09:40:24.0657 7064 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:40:24.0669 7064 SiSRaid2 - ok
09:40:24.0687 7064 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:40:24.0691 7064 SiSRaid4 - ok
09:40:24.0770 7064 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:40:24.0773 7064 SkypeUpdate - ok
09:40:24.0814 7064 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:40:24.0818 7064 Smb - ok
09:40:24.0905 7064 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:40:24.0909 7064 SNMPTRAP - ok
09:40:24.0953 7064 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
09:40:24.0955 7064 spldr - ok
09:40:24.0980 7064 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
09:40:24.0992 7064 Spooler - ok
09:40:25.0516 7064 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
09:40:25.0572 7064 sppsvc - ok
09:40:25.0662 7064 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:40:25.0666 7064 sppuinotify - ok
09:40:25.0727 7064 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
09:40:25.0733 7064 srv - ok
09:40:25.0756 7064 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:40:25.0763 7064 srv2 - ok
09:40:25.0774 7064 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:40:25.0778 7064 srvnet - ok
09:40:25.0829 7064 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:40:25.0835 7064 SSDPSRV - ok
09:40:25.0853 7064 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:40:25.0858 7064 SstpSvc - ok
09:40:25.0906 7064 Steam Client Service - ok
09:40:25.0933 7064 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:40:25.0935 7064 stexstor - ok
09:40:25.0982 7064 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
09:40:25.0994 7064 stisvc - ok
09:40:26.0040 7064 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
09:40:26.0042 7064 swenum - ok
09:40:26.0125 7064 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
09:40:26.0137 7064 swprv - ok
09:40:26.0198 7064 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
09:40:26.0243 7064 SysMain - ok
09:40:26.0286 7064 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:40:26.0291 7064 TabletInputService - ok
09:40:26.0308 7064 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:40:26.0316 7064 TapiSrv - ok
09:40:26.0373 7064 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
09:40:26.0377 7064 TBS - ok
09:40:26.0464 7064 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:40:26.0509 7064 Tcpip - ok
09:40:26.0605 7064 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:40:26.0624 7064 TCPIP6 - ok
09:40:26.0717 7064 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:40:26.0718 7064 tcpipreg - ok
09:40:26.0765 7064 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:40:26.0767 7064 TDPIPE - ok
09:40:26.0791 7064 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:40:26.0793 7064 TDTCP - ok
09:40:26.0857 7064 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:40:26.0859 7064 tdx - ok
09:40:27.0049 7064 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
09:40:27.0075 7064 TeamViewer7 - ok
09:40:27.0120 7064 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:40:27.0121 7064 TermDD - ok
09:40:27.0215 7064 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
09:40:27.0230 7064 TermService - ok
09:40:27.0280 7064 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
09:40:27.0284 7064 Themes - ok
09:40:27.0349 7064 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
09:40:27.0352 7064 THREADORDER - ok
09:40:27.0465 7064 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
09:40:27.0470 7064 TrkWks - ok
09:40:27.0592 7064 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:40:27.0597 7064 TrustedInstaller - ok
09:40:27.0631 7064 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:40:27.0633 7064 tssecsrv - ok
09:40:27.0699 7064 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:40:27.0702 7064 TsUsbFlt - ok
09:40:27.0768 7064 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:40:27.0771 7064 tunnel - ok
09:40:27.0852 7064 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
09:40:27.0854 7064 TurboB - ok
09:40:27.0950 7064 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
09:40:27.0954 7064 TurboBoost - ok
09:40:27.0994 7064 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:40:27.0997 7064 uagp35 - ok
09:40:28.0052 7064 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
09:40:28.0053 7064 UBHelper - ok
09:40:28.0103 7064 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:40:28.0111 7064 udfs - ok
09:40:28.0166 7064 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:40:28.0169 7064 UI0Detect - ok
09:40:28.0240 7064 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:40:28.0244 7064 uliagpkx - ok
09:40:28.0288 7064 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:40:28.0290 7064 umbus - ok
09:40:28.0341 7064 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:40:28.0343 7064 UmPass - ok
09:40:28.0735 7064 [ 7466809E6DA561D60C2F1CE8EDE3C73F ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:40:28.0775 7064 UNS - ok
09:40:28.0995 7064 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
09:40:28.0999 7064 Updater Service - ok
09:40:29.0065 7064 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
09:40:29.0073 7064 upnphost - ok
09:40:29.0117 7064 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
09:40:29.0120 7064 USBAAPL64 - ok
09:40:29.0139 7064 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:40:29.0141 7064 usbccgp - ok
09:40:29.0172 7064 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:40:29.0175 7064 usbcir - ok
09:40:29.0189 7064 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:40:29.0191 7064 usbehci - ok
09:40:29.0238 7064 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:40:29.0242 7064 usbhub - ok
09:40:29.0265 7064 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:40:29.0268 7064 usbohci - ok
09:40:29.0301 7064 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:40:29.0304 7064 usbprint - ok
09:40:29.0331 7064 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:40:29.0355 7064 usbscan - ok
09:40:29.0388 7064 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:40:29.0393 7064 USBSTOR - ok
09:40:29.0407 7064 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:40:29.0409 7064 usbuhci - ok
09:40:29.0457 7064 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:40:29.0459 7064 usbvideo - ok
09:40:29.0496 7064 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
09:40:29.0501 7064 UxSms - ok
09:40:29.0582 7064 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
09:40:29.0584 7064 VaultSvc - ok
09:40:29.0626 7064 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:40:29.0628 7064 vdrvroot - ok
09:40:29.0659 7064 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
09:40:29.0671 7064 vds - ok
09:40:29.0696 7064 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:40:29.0698 7064 vga - ok
09:40:29.0733 7064 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
09:40:29.0735 7064 VgaSave - ok
09:40:29.0801 7064 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:40:29.0806 7064 vhdmp - ok
09:40:29.0860 7064 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
09:40:29.0863 7064 viaide - ok
09:40:29.0872 7064 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:40:29.0874 7064 volmgr - ok
09:40:29.0899 7064 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:40:29.0907 7064 volmgrx - ok
09:40:29.0918 7064 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:40:29.0923 7064 volsnap - ok
09:40:29.0960 7064 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:40:29.0964 7064 vsmraid - ok
09:40:30.0031 7064 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
09:40:30.0077 7064 VSS - ok
09:40:30.0136 7064 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:40:30.0138 7064 vwifibus - ok
09:40:30.0174 7064 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:40:30.0176 7064 vwififlt - ok
09:40:30.0268 7064 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:40:30.0269 7064 vwifimp - ok
09:40:30.0348 7064 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
09:40:30.0357 7064 W32Time - ok
09:40:30.0385 7064 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:40:30.0388 7064 WacomPen - ok
09:40:30.0431 7064 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:40:30.0433 7064 WANARP - ok
09:40:30.0458 7064 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:40:30.0460 7064 Wanarpv6 - ok
09:40:30.0595 7064 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:40:30.0650 7064 WatAdminSvc - ok
09:40:30.0843 7064 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
09:40:30.0867 7064 wbengine - ok
09:40:30.0959 7064 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:40:30.0966 7064 WbioSrvc - ok
09:40:30.0993 7064 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:40:31.0002 7064 wcncsvc - ok
09:40:31.0050 7064 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:40:31.0054 7064 WcsPlugInService - ok
09:40:31.0064 7064 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:40:31.0066 7064 Wd - ok
09:40:31.0089 7064 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:40:31.0099 7064 Wdf01000 - ok
09:40:31.0169 7064 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:40:31.0188 7064 WdiServiceHost - ok
09:40:31.0197 7064 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:40:31.0201 7064 WdiSystemHost - ok
09:40:31.0312 7064 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
09:40:31.0319 7064 WebClient - ok
09:40:31.0345 7064 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:40:31.0352 7064 Wecsvc - ok
09:40:31.0369 7064 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:40:31.0374 7064 wercplsupport - ok
09:40:31.0418 7064 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
09:40:31.0424 7064 WerSvc - ok
09:40:31.0469 7064 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:40:31.0472 7064 WfpLwf - ok
09:40:31.0508 7064 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:40:31.0510 7064 WIMMount - ok
09:40:31.0549 7064 WinDefend - ok
09:40:31.0568 7064 WinHttpAutoProxySvc - ok
09:40:31.0671 7064 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:40:31.0676 7064 Winmgmt - ok
09:40:31.0737 7064 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
09:40:31.0802 7064 WinRM - ok
09:40:31.0884 7064 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:40:31.0887 7064 WinUsb - ok
09:40:31.0932 7064 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
09:40:31.0950 7064 Wlansvc - ok
09:40:32.0050 7064 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:40:32.0053 7064 wlcrasvc - ok
09:40:32.0275 7064 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:40:32.0309 7064 wlidsvc - ok
09:40:32.0382 7064 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:40:32.0384 7064 WmiAcpi - ok
09:40:32.0466 7064 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:40:32.0471 7064 wmiApSrv - ok
09:40:32.0557 7064 WMPNetworkSvc - ok
09:40:32.0653 7064 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:40:32.0657 7064 WPCSvc - ok
09:40:32.0715 7064 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:40:32.0721 7064 WPDBusEnum - ok
09:40:32.0769 7064 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:40:32.0772 7064 ws2ifsl - ok
09:40:32.0813 7064 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
09:40:32.0817 7064 wscsvc - ok
09:40:32.0842 7064 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
09:40:32.0844 7064 WSDPrintDevice - ok
09:40:32.0853 7064 WSearch - ok
09:40:32.0942 7064 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
09:40:33.0012 7064 wuauserv - ok
09:40:33.0035 7064 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:40:33.0038 7064 WudfPf - ok
09:40:33.0090 7064 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:40:33.0095 7064 WUDFRd - ok
09:40:33.0130 7064 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:40:33.0135 7064 wudfsvc - ok
09:40:33.0158 7064 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
09:40:33.0165 7064 WwanSvc - ok
09:40:33.0227 7064 [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
09:40:33.0230 7064 xusb21 - ok
09:40:33.0285 7064 ================ Scan global ===============================
09:40:33.0329 7064 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:40:33.0360 7064 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
09:40:33.0374 7064 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
09:40:33.0431 7064 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:40:33.0521 7064 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:40:33.0529 7064 [Global] - ok
09:40:33.0531 7064 ================ Scan MBR ==================================
09:40:33.0552 7064 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:40:34.0255 7064 \Device\Harddisk0\DR0 - ok
09:40:34.0258 7064 ================ Scan VBR ==================================
09:40:34.0331 7064 [ 47DD90F9BB8AC0D76AE0882F0C9BDC91 ] \Device\Harddisk0\DR0\Partition1
09:40:34.0335 7064 \Device\Harddisk0\DR0\Partition1 - ok
09:40:34.0452 7064 [ 66F644CE6924B2CE1AF454CD8D06E49B ] \Device\Harddisk0\DR0\Partition2
09:40:34.0455 7064 \Device\Harddisk0\DR0\Partition2 - ok
09:40:34.0456 7064 ============================================================
09:40:34.0456 7064 Scan finished
09:40:34.0456 7064 ============================================================
09:40:34.0473 5296 Detected object count: 0
09:40:34.0473 5296 Actual detected object count: 0

---

Malwarebytes

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.29.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jim :: JIM-PC [limited]

Protection: Enabled

29/01/2013 5:54:05 PM
c.txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 419684
Time elapsed: 2 hour(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver (Adware.GamePlayLabs) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Program Files (x86)\Vid-Saver\Uninstall.exe (Adware.GamePlayLabs) -> No action taken.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NS7YDLSE\smo[1] (Trojan.Dropper.DTE) -> No action taken.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5IIA4NX\min[1] (Trojan.Dropper.DTE) -> No action taken.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZX708E9\f[1].exe (Trojan.Dropper.DTE) -> No action taken.
C:\Users\Jim\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe (Trojan.Dropper.DTE) -> No action taken.
C:\Users\Jim\AppData\Roaming\nMNtffsdf5ev.exe (Trojan.Dropper.DTE) -> No action taken.

(end)

---

AdwCleaner

I ran the scan and allowed it to reboot my computer, but it did not give a text file after rebooting as described. I tried a second time, with the same result of it not appearing.

---

RogueKiller

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Debbie [Admin rights]
Mode : Scan -- Date : 01/29/2013 20:14:55
| ARK || MBR |

Bad processes : 0

Registry Entries : 5
[RUN][SUSP PATH] HKUS\S-1-5-21-1198215938-73470329-1056896093-1000[...]\Run : Policies (C:\Users\Jim\AppData\Roaming\97E33D\97E33D.exe) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1198215938-73470329-1056896093-1000\$b6dc29cc43e0b86005725d752fa7cf0e\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1198215938-73470329-1056896093-1000\$b6dc29cc43e0b86005725d752fa7cf0e\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1198215938-73470329-1056896093-1000\$b6dc29cc43e0b86005725d752fa7cf0e\L --> FOUND

Driver : [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: WDC WD7500BPVT-22HXZT1 +++++
--- User ---
[MBR] 2ea1593725822f0d53b76f2a1105ec43
[BSP] 1d7008b94f1e4a0a71e1d87678b60242 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 700966 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01292013_02d2014.txt >>
RKreport[1]_S_01292013_02d2014.txt

---

I haven't noticed anything worth noting in terms of my PC's performance. It has been running regularly, but now AVG frequently alerts me of trojans. Since my previous post, it has alerted me of, and (supposedly) removed the following.

Trojan horse BackDoor.Generic15.BPGV
IDP.Trojan.CC683C73
IDP.Trojan.250B9946
IDP.Trojan.84446EAD
Trojan horse Agent4.WMF
Trojan horse Generic_s.AJH (twelve times)
Trjoan horse Generic31.AGUY (two times)
Trojan horse Generic31.AGYU (two times)

#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:36 AM

Posted 29 January 2013 - 10:51 PM

Hi,

With the MBAM and RogueKiller logs, do you have the ones from when after you removed the threats you found? These are from before you did so. If you do, post them, please. :)

As for AdwCleaner, can you find a file called AdwCleaner[R1].txt and/or AdwCleaner[R2].txt in your C: drive? If you can, that is the log we're looking for. :)

Gunto

Edited by Gunto, 29 January 2013 - 10:51 PM.

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#5 MuddyMaestro

MuddyMaestro
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alberta, Canada
  • Local time:03:36 AM

Posted 29 January 2013 - 11:08 PM

Oops, sorry about that! It's pretty obvious I'm not very accustomed to this. :P Here's (what I believe are) the correct logs.

---

Malwarebytes

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.29.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jim :: JIM-PC [limited]

Protection: Enabled

29/01/2013 5:54:05 PM
mbam-log-2013-01-29 (17-54-05).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 419684
Time elapsed: 2 hour(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver (Adware.GamePlayLabs) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Program Files (x86)\Vid-Saver\Uninstall.exe (Adware.GamePlayLabs) -> Delete on reboot.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NS7YDLSE\smo[1] (Trojan.Dropper.DTE) -> Quarantined and deleted successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5IIA4NX\min[1] (Trojan.Dropper.DTE) -> Quarantined and deleted successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZX708E9\f[1].exe (Trojan.Dropper.DTE) -> Quarantined and deleted successfully.
C:\Users\Jim\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe (Trojan.Dropper.DTE) -> Quarantined and deleted successfully.
C:\Users\Jim\AppData\Roaming\nMNtffsdf5ev.exe (Trojan.Dropper.DTE) -> Quarantined and deleted successfully.

(end)

---

AdwCleaner

# AdwCleaner v2.109 - Logfile created 01/29/2013 at 09:46:03
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Debbie - JIM-PC
# Boot Mode : Normal
# Running from : C:\Users\Jim\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\BitTorrentBar
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Debbie\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Debbie\AppData\LocalLow\BitTorrentBar
Folder Found : C:\Users\Debbie\AppData\LocalLow\Conduit
Folder Found : C:\Users\Debbie\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Debbie\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Jim\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Jim\AppData\LocalLow\BitTorrentBar
Folder Found : C:\Users\Jim\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Jim\AppData\LocalLow\Conduit
Folder Found : C:\Users\Jim\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Jim\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Jim_2\AppData\LocalLow\BitTorrentBar
Folder Found : C:\Users\Jim_2\AppData\LocalLow\Conduit
Folder Found : C:\Users\Jim_2\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Jim_2\AppData\LocalLow\PriceGong
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E696486-07A7-46BC-B37E-84B99B4F1AA3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\BitTorrentBar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E696486-07A7-46BC-B37E-84B99B4F1AA3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011341191}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E696486-07A7-46BC-B37E-84B99B4F1AA3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055345591}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66A1B84F-5956-45D9-B174-855FB2843F9E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DEAF4496-656E-4C7C-87E4-0BCF767AEC98}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055345591}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKU\S-1-5-21-1198215938-73470329-1056896093-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1198215938-73470329-1056896093-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Found : HKU\S-1-5-21-1198215938-73470329-1056896093-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-1198215938-73470329-1056896093-1003\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11986 octets] - [29/01/2013 09:46:03]

########## EOF - \AdwCleaner[R1].txt - [12047 octets] ##########

---

RogueKiller

RogueKiller V8.4.3 [Jan 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Debbie [Admin rights]
Mode : Remove -- Date : 01/29/2013 21:04:56
| ARK || MBR |

Bad processes : 0

Registry Entries : 5
[RUN][SUSP PATH] HKUS\S-1-5-21-1198215938-73470329-1056896093-1000[...]\Run : Policies (C:\Users\Jim\AppData\Roaming\97E33D\97E33D.exe) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1198215938-73470329-1056896093-1000\$b6dc29cc43e0b86005725d752fa7cf0e\@ --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-21-1198215938-73470329-1056896093-1000\$b6dc29cc43e0b86005725d752fa7cf0e\U\00000004.@ --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\$recycle.bin\S-1-5-21-1198215938-73470329-1056896093-1000\$b6dc29cc43e0b86005725d752fa7cf0e\U\00000008.@ --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\$recycle.bin\S-1-5-21-1198215938-73470329-1056896093-1000\$b6dc29cc43e0b86005725d752fa7cf0e\U\000000cb.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\$recycle.bin\S-1-5-21-1198215938-73470329-1056896093-1000\$b6dc29cc43e0b86005725d752fa7cf0e\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000064.@ : C:\$recycle.bin\S-1-5-21-1198215938-73470329-1056896093-1000\$b6dc29cc43e0b86005725d752fa7cf0e\U\80000064.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1198215938-73470329-1056896093-1000\$b6dc29cc43e0b86005725d752fa7cf0e\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-21-1198215938-73470329-1056896093-1000\$b6dc29cc43e0b86005725d752fa7cf0e\L\00000004.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1198215938-73470329-1056896093-1000\$b6dc29cc43e0b86005725d752fa7cf0e\L --> REMOVED

Driver : [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: WDC WD7500BPVT-22HXZT1 +++++
--- User ---
[MBR] 2ea1593725822f0d53b76f2a1105ec43
[BSP] 1d7008b94f1e4a0a71e1d87678b60242 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 700966 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_01292013_02d2104.txt >>
RKreport[1]_S_01292013_02d2014.txt ; RKreport[2]_D_01292013_02d2104.txt

#6 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:36 AM

Posted 30 January 2013 - 02:06 AM

Hi,

That's better! :) But you seemed to have clicked on Search in AdwCleaner instead of Delete. Try that again for me, please.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#7 MuddyMaestro

MuddyMaestro
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alberta, Canada
  • Local time:03:36 AM

Posted 30 January 2013 - 03:37 AM

Well, at least we're getting warmer, haha. I ran delete on AdwCleaner again, and it once again rebooted my system without a text document appearing. It appears that the R1, R2, etc. files show the results of a Search, while S1, S2, etc. files show the results of a Delete. This is what I believe is the most recent Delete log, filename AdwCleaner[S3].txt.

# AdwCleaner v2.109 - Logfile created 01/30/2013 at 01:10:30
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Debbie - JIM-PC
# Boot Mode : Normal
# Running from : C:\Users\Jim\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKU\S-1-5-21-1198215938-73470329-1056896093-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16450

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12103 octets] - [29/01/2013 09:46:03]
AdwCleaner[S1].txt - [11366 octets] - [29/01/2013 09:46:40]
AdwCleaner[S2].txt - [1166 octets] - [29/01/2013 20:06:19]
AdwCleaner[S3].txt - [1099 octets] - [30/01/2013 01:10:30]

########## EOF - \AdwCleaner[S3].txt - [1159 octets] ##########

#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:36 AM

Posted 30 January 2013 - 03:44 AM

Hi,

It looks like you actually did run AdwCleaner on Delete once judging by the significantly smaller log, but this is good enough for now. Now let's run a few more scans.

SUPERAntiSpyware

I need you to run a scan with SUPERAntiSpyware.

  • Download SAS from here, and save it to your desktop.
  • Double click the installer to start the installation. If you do not want to start the trial of the full version, please decline, and feel free to uncheck options to install external toolbars/software, unless you want them. Otherwise, follow the prompts and let the program install.
  • Once the program is done installing and updating, tick the Complete Scan option on the interface, and press the big Scan your Computer... button. Ensure that the options Activate Scan Boost™ > Low boost and Scan inside .ZIP archives are selected and Start Complete Scan.
  • After scanning, be sure to remove all detected threats if any were detected. If asked to reboot to remove threats, do so immediately.
  • Once finished, return to the main interface, go to View Scan Logs and view the newest log. Copy and paste it into your reply.

ESET Online Scanner

I need you to run a scan with ESET Online Scanner.

  • Download the scanner from here, and save it to your desktop.
  • Double click the file to install the program. Once it's done, accept the terms of use and click Start. Be sure the following settings are checked before beginning:
    Scan archives
    Remove found threats
    Scan potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth technology
  • Once the scan is done, if anything was found, click List of found threats, and then Export to text file..., and save the log to your desktop.
  • Click << Back, and then Finish. If you have to reboot, do so immediately.
  • After ESET finishes scanning and removing threats, copy and paste the log into your reply.

Junkware Removal Tool

I need you to run a scan with Junkware Removal Tool.

  • Download JRT from here, and save it to your desktop.
  • Double click the file to open it, and hit any key as per the instructions of the popped up window.
  • Once the scan is done, copy and paste the contents of the resulting log into your reply.

Please tell me how the PC is running in your next reply.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#9 MuddyMaestro

MuddyMaestro
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alberta, Canada
  • Local time:03:36 AM

Posted 31 January 2013 - 03:31 AM

SUPERAntiSpyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/30/2013 at 02:47 PM

Application Version : 5.6.1014

Core Rules Database Version : 9947
Trace Rules Database Version: 7759

Scan type : Complete Scan
Total Scan Time : 01:36:46

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Limited User

Memory items scanned : 635
Memory threats detected : 0
Registry items scanned : 78105
Registry threats detected : 0
File items scanned : 85019
File threats detected : 215

Adware.Tracking Cookie
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\jim@stats.paypal[1].txt [ /stats.paypal ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\AV7BV5K1.txt [ /latininsight.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\FUABNSFT.txt [ /adbrite.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\9EFPHIU5.txt [ /traffic.34556y5n.info ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\SAOGOFSJ.txt [ /specificclick.net ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\H55N3VXH.txt [ /entrepreneur.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\K5W40VVN.txt [ /filter.precisionmediappc.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\YIYOCYE3.txt [ /mediafire.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\67137O1Q.txt [ /sk.finditincanada.ca ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\3E6W3LKE.txt [ /myspeedfind.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\S7IBCX3D.txt [ /doubleclick.net ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\G1DFY63X.txt [ /imrworldwide.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\VXS893AF.txt [ /click.globotechservices.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\7U0ZN5EN.txt [ /findology.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\UK95M5IB.txt [ /serving-sys.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\0OCL5B49.txt [ /click1.globotechservices.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\G7S28X94.txt [ /media6degrees.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\83JKK1GQ.txt [ /ru4.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\Z76L5AXX.txt [ /atdmt.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\RPS0YNIT.txt [ /invitemedia.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\G7X8QMRA.txt [ /realmedia.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\WK1DGU0J.txt [ /cdn.jemamedia.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\NKMZ0UQA.txt [ /ads.undertone.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\C0BFLQRD.txt [ /banners.gossipcenter.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\6JQ612IX.txt [ /enhance.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\ETLBC232.txt [ /recipesfinder.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\T3WJXX9V.txt [ /network.realmedia.com ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\OMYK2531.txt [ /ads.networldmedia.net ]
C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Cookies\Z8UCEL9N.txt [ /bs.serving-sys.com ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\CKVDL9XJ.txt [ Cookie:debbie@toolbarstats.s3.amazonaws.com/ ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie@discountvacationhotels[1].txt [ Cookie:debbie@discountvacationhotels.com/ ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\NLC95CUI.txt [ Cookie:debbie@canglobaltvnews.112.2o7.net/ ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\R9LGH9D7.txt [ Cookie:debbie@google.com/accounts/ ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\521FW7R6.txt [ Cookie:debbie@atdmt.com/ ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\D05E64NV.txt [ Cookie:debbie@www.google.com/accounts ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie@stat.dealtime[1].txt [ Cookie:debbie@stat.dealtime.com/ ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie@dealtime[1].txt [ Cookie:debbie@dealtime.com/ ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\8UDC7WUE.txt [ Cookie:debbie@toolbarstats.s3.amazonaws.com/ ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie@www.staplespromo3[3].txt [ Cookie:debbie@www.staplespromo3.ca/staples/survey/question/ ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie@adserver.adtechus[1].txt [ Cookie:debbie@adserver.adtechus.com/ ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\5YYZ3I75.txt [ Cookie:debbie@ad.yieldmanager.com/ ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\VCRTUJIW.txt [ Cookie:debbie@accounts.youtube.com/accounts ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\debbie@linksynergy[2].txt [ Cookie:debbie@linksynergy.com/ ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\9Z674BD7.txt [ Cookie:debbie@www.google.ca/accounts ]
C:\USERS\DEBBIE\AppData\Roaming\Microsoft\Windows\Cookies\Low\WRK3WCEP.txt [ Cookie:debbie@doubleclick.net/ ]
C:\USERS\DEBBIE\Cookies\CKVDL9XJ.txt [ Cookie:debbie@toolbarstats.s3.amazonaws.com/ ]
C:\USERS\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@www.googleadservices[3].txt [ Cookie:jim@www.googleadservices.com/pagead/conversion/1015228022/ ]
C:\USERS\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@nextag[1].txt [ Cookie:jim@nextag.ca/ ]
C:\USERS\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\DHA39I1O.txt [ Cookie:jim@doubleclick.net/ ]
C:\USERS\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@adserver.adtechus[1].txt [ Cookie:jim@adserver.adtechus.com/ ]
C:\USERS\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@pro.itracker[2].txt [ Cookie:jim@pro.itracker.me/ ]
C:\USERS\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\2KZJF6GP.txt [ Cookie:jim@toolbarstats.s3.amazonaws.com/ ]
C:\USERS\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@dc.tremormedia[2].txt [ Cookie:jim@dc.tremormedia.com/ ]
C:\USERS\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@dealfind[1].txt [ Cookie:jim@dealfind.com/ ]
C:\USERS\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@www.googleadservices[7].txt [ Cookie:jim@www.googleadservices.com/pagead/conversion/1035907245/ ]
C:\USERS\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@www.dealfind[1].txt [ Cookie:jim@www.dealfind.com/ ]
C:\USERS\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@feed.validclick[1].txt [ Cookie:jim@feed.validclick.com/ ]
C:\USERS\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim@google[7].txt [ Cookie:jim@google.com/accounts/ ]
C:\USERS\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\676FTK82.txt [ Cookie:jim@accounts.google.com/ ]
C:\USERS\JIM\AppData\Roaming\Microsoft\Windows\Cookies\Low\2NIY18PY.txt [ Cookie:jim@c.atdmt.com/ ]
C:\USERS\JIM\Cookies\AV7BV5K1.txt [ Cookie:jim@latininsight.com/ ]
C:\USERS\JIM\Cookies\FUABNSFT.txt [ Cookie:jim@adbrite.com/ ]
C:\USERS\JIM\Cookies\H55N3VXH.txt [ Cookie:jim@entrepreneur.com/ ]
C:\USERS\JIM\Cookies\K5W40VVN.txt [ Cookie:jim@filter.precisionmediappc.com/ ]
C:\USERS\JIM\Cookies\YIYOCYE3.txt [ Cookie:jim@mediafire.com/ ]
C:\USERS\JIM\Cookies\67137O1Q.txt [ Cookie:jim@sk.finditincanada.ca/ ]
C:\USERS\JIM\Cookies\3E6W3LKE.txt [ Cookie:jim@myspeedfind.com/ ]
C:\USERS\JIM\Cookies\S7IBCX3D.txt [ Cookie:jim@doubleclick.net/ ]
C:\USERS\JIM\Cookies\G1DFY63X.txt [ Cookie:jim@imrworldwide.com/cgi-bin ]
C:\USERS\JIM\Cookies\VXS893AF.txt [ Cookie:jim@click.globotechservices.com/ ]
C:\USERS\JIM\Cookies\UK95M5IB.txt [ Cookie:jim@serving-sys.com/ ]
C:\USERS\JIM\Cookies\0OCL5B49.txt [ Cookie:jim@click1.globotechservices.com/ ]
C:\USERS\JIM\Cookies\G7S28X94.txt [ Cookie:jim@media6degrees.com/ ]
C:\USERS\JIM\Cookies\83JKK1GQ.txt [ Cookie:jim@ru4.com/ ]
C:\USERS\JIM\Cookies\RPS0YNIT.txt [ Cookie:jim@invitemedia.com/ ]
C:\USERS\JIM\Cookies\G7X8QMRA.txt [ Cookie:jim@realmedia.com/ ]
C:\USERS\JIM\Cookies\WK1DGU0J.txt [ Cookie:jim@cdn.jemamedia.com/ ]
C:\USERS\JIM\Cookies\jim@msnportal.112.2o7[1].txt [ Cookie:jim@msnportal.112.2o7.net/ ]
C:\USERS\JIM\Cookies\6JQ612IX.txt [ Cookie:jim@enhance.com/ ]
C:\USERS\JIM\Cookies\ETLBC232.txt [ Cookie:jim@recipesfinder.com/ ]
C:\USERS\JIM\Cookies\OMYK2531.txt [ Cookie:jim@ads.networldmedia.net/ ]
C:\USERS\JIM\Cookies\jim@stats.paypal[1].txt [ Cookie:jim@stats.paypal.com/ ]
C:\USERS\JIM\Cookies\Z8UCEL9N.txt [ Cookie:jim@bs.serving-sys.com/ ]
C:\USERS\JIM_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_2@stats.paypal[1].txt [ Cookie:jim_2@stats.paypal.com/ ]
C:\USERS\JIM_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\4QX30ICO.txt [ Cookie:jim_2@clickbank.net/ ]
C:\USERS\JIM_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\AGCBW52P.txt [ Cookie:jim_2@www.googleadservices.com/pagead/conversion/1048921873/ ]
C:\USERS\JIM_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\1J77NFZR.txt [ Cookie:jim_2@accounts.google.com/ ]
C:\USERS\JIM_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_2@imrworldwide[2].txt [ Cookie:jim_2@imrworldwide.com/cgi-bin ]
C:\USERS\JIM_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_2@adserver.adtechus[1].txt [ Cookie:jim_2@adserver.adtechus.com/ ]
C:\USERS\JIM_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\KTY36W5N.txt [ Cookie:jim_2@www.googleadservices.com/pagead/conversion/1062129351/ ]
C:\USERS\JIM_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_2@dealtime[1].txt [ Cookie:jim_2@dealtime.com/ ]
C:\USERS\JIM_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\G9G49UQU.txt [ Cookie:jim_2@www.googleadservices.com/pagead/conversion/998583763/ ]
C:\USERS\JIM_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\jim_2@stat.dealtime[1].txt [ Cookie:jim_2@stat.dealtime.com/ ]
C:\USERS\JIM_2\AppData\Roaming\Microsoft\Windows\Cookies\Low\CUCXAAXL.txt [ Cookie:jim_2@www.google.ca/accounts ]
core.saymedia.com [ C:\USERS\DEBBIE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\U44W7SE2 ]
.imrworldwide.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.analytics.rogersmedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
adx.kat.ph [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.clickability.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
7.rotator.wigetmedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
7.rotator.wigetmedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
insight.torbit.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediashare.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediashare.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wfmicncpcfp.stats.esomniture.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tns-counter.ru [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.flagcounter.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.3dstats.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
atoplist.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mediafire.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mediafire.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
yourquestions.mcdonalds.ca [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
yourquestions.mcdonalds.ca [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yourquestions.mcdonalds.ca [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
corel-videostudio-countdown.fyxm.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
corel-videostudio-countdown.fyxm.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wmkiqgdjghp.stats.esomniture.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wjk4wmdpifp.stats.esomniture.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6aelikocjgbo.stats.esomniture.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6wfkyaoczcgo.stats.esomniture.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.e-2dj6ael4kicpcgp.stats.esomniture.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.flagcounter.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.s.clickability.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.estat.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nfssoundtrack.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.nfssoundtrack.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.solvemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.rogersmedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.flagcounter.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.furrytofurry.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.furrytofurry.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediacet.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.blogger.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.qsstats.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.qsstats.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sofurry.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sofurry.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
counter.sc [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaconverter.org [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaconverter.org [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mediaconverter.org [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.gametracker.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.avermedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.avermedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.avermedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.accounts.google.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.histats.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kaspersky.122.2o7.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\JIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ads2.msads.net [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
akamai.smartadserver.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
cdn.complexmedianetwork.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
cdn.insights.gravity.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
cloudfront.mediamatters.org [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
content.oddcast.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
ds.serving-sys.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
ia.media-imdb.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
media.heavy.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
media.ign.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
media.krem.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
media.mtvnservices.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
media.scanscout.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
media.wpsdlocal6.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
objects.tremormedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
s0.2mdn.net [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
secure-us.imrworldwide.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
spe.atdmt.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
static.discoverymedia.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
vitamine.networldmedia.net [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
www.99counters.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
www.entrepreneur.com [ C:\USERS\JIM\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\M8R869J9 ]
C:\USERS\JIM\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\JIM@SLEEPCOUNTRY[2].TXT [ /SLEEPCOUNTRY ]

Trace.Known Threat Sources
C:\USERS\JIM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F12KCTWM\259c2f3865062_2176470[1].mp4 [ cache:wista ]
C:\USERS\JIM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VZX708E9\7922f78e7b923_2176462[1].mp4 [ cache:wista ]
C:\USERS\JIM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5IIA4NX\8727aaf2ee90e_2176330[1].flv [ cache:wista ]
C:\USERS\JIM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NS7YDLSE\crossdomainCA9108IV.xml [ cache:wista ]
C:\USERS\JIM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NS7YDLSE\51b6bc5fbbdc2_2176478[1].mp4 [ cache:wista ]
C:\USERS\JIM\Local Settings\Temporary Internet Files\Content.IE5\F12KCTWM\259c2f3865062_2176470[1].mp4 [ cache:wista ]
C:\USERS\JIM\Local Settings\Temporary Internet Files\Content.IE5\VZX708E9\7922f78e7b923_2176462[1].mp4 [ cache:wista ]
C:\USERS\JIM\Local Settings\Temporary Internet Files\Content.IE5\R5IIA4NX\8727aaf2ee90e_2176330[1].flv [ cache:wista ]
C:\USERS\JIM\Local Settings\Temporary Internet Files\Content.IE5\NS7YDLSE\crossdomainCA9108IV.xml [ cache:wista ]
C:\USERS\JIM\Local Settings\Temporary Internet Files\Content.IE5\NS7YDLSE\51b6bc5fbbdc2_2176478[1].mp4 [ cache:wista ]

PUP.CNETInstaller
C:\USERS\JIM\DOWNLOADS\CNET2_VSX4_PRO_TBYB_EXE.EXE

---

ESET Online Scanner

C:\Users\Debbie\AppData\Local\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Debbie\AppData\Local\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Debbie\AppData\Local\Temp\VidSaver11_20120508.exe Win32/Toolbar.CrossRider application cleaned by deleting - quarantined
C:\Users\Jim\Downloads\cbsidlm-tr1_5-VH_Screen_Capture_Driver-10436367 (1).exe multiple threats cleaned by deleting - quarantined
C:\Users\Jim\Downloads\cbsidlm-tr1_5-VH_Screen_Capture_Driver-10436367.exe multiple threats cleaned by deleting - quarantined
C:\Users\Jim\Downloads\Corel VideoStudio Pro X4 keygen by bestkiller adam.rar a variant of Win32/Keygen.AU application deleted - quarantined
C:\Users\Jim\Downloads\SoftonicDownloader_for_deskpins.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe a variant of Win32/CompuTrace.B application cleaned by deleting - quarantined

---

Junkware Removal Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.7 (01.30.2013:4)
OS: Windows 7 Home Premium x64
Ran by Debbie on 31/01/2013 at 0:55:46.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1198215938-73470329-1056896093-1003\software\microsoft\internet explorer\searchscopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\fixcleaner
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\vid-saver"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Debbie\appdata\local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pgmfkblbflahhponhjmkcnpjinenhlnc

---

My PC has continued to be running smoothly, and I haven't been notified of any threats from my anti-virus software since my previous post.

#10 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:36 AM

Posted 31 January 2013 - 05:17 AM

Hi,

Very good to hear that! :thumbup2: Now let's run one other scan to check on your programs.

Security Check

I need you to run a checkup with Security Check.

  • Download Security Check here, and save it to your desktop.
  • Double click the file to run it. In the first screen, hit any key and let the scan run.
  • Once the scan is finished, copy and paste the resulting log into your reply.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#11 MuddyMaestro

MuddyMaestro
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alberta, Canada
  • Local time:03:36 AM

Posted 01 February 2013 - 10:17 PM

Security Check

Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spyro The Adventure Game Prologue
Malwarebytes Anti-Malware version 1.70.0.1100
AVG PC TuneUp Language Pack (en-US)
Java™ 6 Update 29
Java 7 Update 10
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#12 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:36 AM

Posted 02 February 2013 - 02:50 AM

Hi,

Before we go on with the next steps, I need to know if you use Java? It's being heavily exploited by malware right now, and if you don't use it we'll need to remove it altogether, and if you do, you'll need to keep it updated.

Gunto

Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#13 MuddyMaestro

MuddyMaestro
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Alberta, Canada
  • Local time:03:36 AM

Posted 15 February 2013 - 12:52 AM

I apologize for my late reply. I do use Java on a regular basis, and would prefer to keep it installed if possible. Since my last post I haven't experienced any abnormalities worth reporting on my PC, and for the most part things have been running relatively smoothly besides it operating a little slowly at times.


Edited by MuddyMaestro, 15 February 2013 - 12:53 AM.


#14 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:03:36 AM

Posted 15 February 2013 - 07:25 AM

Hi,

 

Ok, we'll update it then. First, we'll need to remove your older versions along with an old version of Adobe Reader so we can update them. smile.png

 

Uninstall Programs

I need you to uninstall some programs using either Programs and Features or Revo Uninstaller.

If you want to use Programs and Features:
 

  • Go to Start > Control Panel > Programs and Features.
  • Once it loads all the programs, uninstall the following, if present, one at a time:
    Adobe Reader 9

     

    Java™ 6 Update 29
    Java 7 Update 10

    by clicking Change/Remove.

Note: If you have any problems uninstalling a program using Programs/Features, proceed to the below method.

If you want to use Revo Uninstaller (which cleans up a bit better):



  • Download Revo from here, and save it to your desktop.
  • Double-click the installer on your desktop, and let the program install.
  • Once it's done, double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall the following, if present, one at a time:
    Adobe Reader 9
    Java™ 6 Update 29
    Java 7 Update 10
  • Double-click the program, and say Yes on the prompt. Ensure the Moderate option is ticked, click Next.
  • Follow the prompts in the built-in uninstaller, and then click Next in Revo.
  • If any registry remnants are found, check only the bolded items. If there is a closed folder visible, click the + to expand it until you find the bolded item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too. Repeat this with the other programs to uninstall.

 

 

Java

I need you to install the latest version of Java.
 

  • Download Java from here, and save it to your desktop.
  • Close any open browsers.
  • Double-click the installer to start the installation. Feel free to uncheck to install third-party toolbars or software, unless you want them. Otherwise, follow the prompts and let the program install.

 

 

Adobe Reader

I need you to install the latest version of Adobe Reader.
 

  • Download Reader from here, and save it to your desktop.
  • Double-click the installer to start the installation. Feel free to uncheck to install third-party toolbars or software, as they aren't required for the Adobe Reader installation. Otherwise, follow the prompts and let the program install.

 

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users