Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

9 spyware/keylogger can't correct this. Can you?

This is a discussion on 9 spyware/keylogger can't correct this. Can you? within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. I had been suspicious of the increasingly acceptable (illegal) use of a keylogger or other monitoring method on my PC.


Reply
 
Thread Tools Search this Thread
Old 10-20-2011, 03:35 PM   #1
Registered Member
 
Join Date: Oct 2011
Posts: 16
OS: Windows 7 on Asus 64 bit



I had been suspicious of the increasingly acceptable (illegal) use of a keylogger or other monitoring method on my PC. KL Detector seems to be a straightforward approach of identifying prepared logs created by a keylogger since a keylogger can be quite stealthy. Sharing seems to be the new desire of keyboard tapping youth using social media these days, or at least that is what we are being spoon-fed to believe we want to do. Many programs have pre checked the "sharing" box for us as a default as if we cannot click a mouse of our own consideration and preference. I have reviewed many of the logs and related files indicated by KL Detector as suspect and find them to contain more personal information about me rather than about system info. I have run Malwarebytes, SuperAntispy, Microsoft Essentials and others to be disappointed that KL Detector still locates all of these files. As a stab at some form of scientific relativity, I ran that same program on two other machines that have been isolated from those who believe I have an apparent need to "share" my personal information so much that they are willing to help me get that out to everyone by betraying my trust. KL Detector found no incidences or traces of any kind. I am desperate to abandon my paranoia (and possibly a friend or two) This mornings log attached. KL detector 10-20 log
Below are some file operations that were done during the monitoring process.
Review them carefully and check for suspicious files.


C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid
was created.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.ci
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.dir
was created.

C:\Users\bruce\ntuser.dat.LOG1
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.ci
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.dir
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.dir
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.dir
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.dir
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.ci
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
was modified.

C:\Windows\Prefetch\CHROME.EXE-1DEBE539.pf
was modified.

C:\Windows\Prefetch\CHROME.EXE-1DEBE539.pf
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Temp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Temp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Web Data
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\F741.tmp
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\F751.tmp
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\F752.tmp
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\F776.tmp
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\F777.tmp
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\F7D6.tmp
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\F7D7.tmp
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\699.tmp
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\699.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\699.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\69A.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\69A.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\69B.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\69B.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6AC.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6AC.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6AD.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6AD.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6AE.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6AE.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6BE.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6BE.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6BF.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6BF.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6C0.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6C0.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6D1.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6D1.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6D2.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6D2.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6E3.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\6E3.tmp
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TIRY2IX7SB64AVEREA7S.temp
was created.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\TIRY2IX7SB64AVEREA7S.temp
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms~RFf70754.TMP
was created.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms~RFf70754.TMP
was removed.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Last Session
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Users\bruce\AppData\Local\Temp\Cab16DB.tmp
was created.

C:\Users\bruce\AppData\Local\Temp
was modified.

C:\Users\bruce\AppData\Local\Temp\Cab16DB.tmp
was modified.

C:\Users\bruce\AppData\Local\Temp\Cab16DB.tmp
was modified.

C:\Users\bruce\AppData\Local\Temp\Tar16DC.tmp
was modified.

C:\Users\bruce\AppData\Local\Temp\Tar16DC.tmp
was modified.

C:\Users\bruce\AppData\Local\Temp\Tar16DC.tmp
was modified.

C:\Users\bruce\AppData\Local\Temp\Cab16DB.tmp
was removed.

C:\Users\bruce\AppData\Local\Temp\Tar16DC.tmp
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History-journal
was created.

C:\Users\bruce\AppData\Local\Temp
was modified.

C:\Users\bruce\AppData\Local\Temp
was modified.

C:\Windows\Prefetch\CHROME.EXE-1DEBE539.pf
was modified.

C:\Windows\Prefetch\CHROME.EXE-1DEBE539.pf
was modified.

C:\Users\bruce\ntuser.dat.LOG1
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\29D1.tmp
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\29D1.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\29D1.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf729c3.TMP
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf729c3.TMP
was removed.

C:\Windows\Prefetch\CHROME.EXE-1DEBE539.pf
was modified.

C:\Windows\Prefetch\CHROME.EXE-1DEBE539.pf
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
was modified.

C:\Users\bruce\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
was modified.

C:\Users\bruce\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZCY4D4WH\s-static.ak.fbcdn.net\www.slacker.com.sxx
was created.

C:\Users\bruce\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZCY4D4WH\s-static.ak.fbcdn.net
was modified.

C:\Users\bruce\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZCY4D4WH\s-static.ak.fbcdn.net
was modified.

C:\Users\bruce\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\ZCY4D4WH\s-static.ak.fbcdn.net
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ac
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ac
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ac
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Windows\Prefetch\RUNDLL32.EXE-ECD9F37E.pf
was modified.

C:\Windows\Prefetch\RUNDLL32.EXE-ECD9F37E.pf
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
was modified.

C:\ProgramData\AVG10\log\avgwd.log
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
was renamed to
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01E9B.log

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ad
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ad
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ad
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was created.

C:\Users\bruce\AppData\Local\Temp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies
was modified.

C:\Users\bruce\AppData\Local\Temp\etilqs_lHFgbFrZ3bPLwVh
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was removed.

C:\Users\bruce\AppData\Local\Temp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Temp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Users\bruce\ntuser.dat.LOG1
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid
was created.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.ci
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.dir
was created.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.dir
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.ci
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.ci
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.ci
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.dir
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.dir
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.dir
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.ci
was modified.

C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-10-journal
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Favicons
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-10-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-10-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-10
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-10-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
was modified.

C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ae
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ae
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ae
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000af
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000af
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000af
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b0
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b0
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b0
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b1
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b1
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b1
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b2
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b2
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b2
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was created.

C:\Users\bruce\AppData\Local\Temp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies
was modified.

C:\Users\bruce\AppData\Local\Temp\etilqs_ACsoCaS3jb0hjdB
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was removed.

C:\Users\bruce\AppData\Local\Temp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-10-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-10-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-10
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-10-journal
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
was renamed to
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01E9C.log

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log_
was renamed to
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
was created.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\Windows\System32\config\SYSTEM.LOG1
was modified.

C:\Windows\System32\config\system
was modified.

C:\Windows\System32\config\system
was modified.

C:\Windows\System32\config\system
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom_new
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Safe Browsing Download_new
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Safe Browsing Download_new
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom_new
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom_new
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b3
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b3
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b4
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b4
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b4
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b5
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b5
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
was renamed to
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01E9D.log

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log-
was renamed to
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01E9A.log0
was renamed to
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\System Volume Information\Syscache.hve.LOG1
was modified.

C:\System Volume Information\Syscache.hve
was modified.

C:\System Volume Information\Syscache.hve
was modified.

C:\System Volume Information\Syscache.hve
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b6
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b6
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\66E1.tmp
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\66E1.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\66E1.tmp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Preferences~RFf866e1.TMP
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Favicons
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Favicons
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-10-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-10-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-10
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-10-journal
was modified.

C:\Users\bruce\ntuser.dat.LOG1
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
was modified.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
was modified.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
was modified.

C:\Windows\Prefetch\GOOGLEUPDATE.EXE-B95715F5.pf
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was created.

C:\Users\bruce\AppData\Local\Temp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies
was modified.

C:\Users\bruce\AppData\Local\Temp\etilqs_ezBfYstPWlHFBQj
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was removed.

C:\Users\bruce\AppData\Local\Temp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Windows\System32\config\SOFTWARE.LOG1
was modified.

C:\Windows\System32\config\software
was modified.

C:\Windows\System32\config\software
was modified.

C:\Windows\System32\config\software
was modified.

C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf
was modified.

C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf
was modified.

C:\Users\bruce\ntuser.dat.LOG1
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
was renamed to
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01E9E.log

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
was renamed to
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01E9B.log
was renamed to
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01E9C.log
was removed.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\Users\bruce\AppData\Local\Temp\CVRD2EC.tmp
was created.

C:\Users\bruce\AppData\Local\Temp
was modified.

C:\Users\bruce\AppData\Local\Temp
was modified.

C:\Users\bruce\AppData\Local\Temp\16306924.od
was modified.

C:\Users\bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word
was modified.

C:\Users\bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{42D64488-AFD7-49AD-9012-8CB9FC8B96EE}.tmp
was created.

C:\Users\bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
was modified.

C:\Windows\System32\config\SYSTEM.LOG1
was modified.

C:\Windows\System32\config\system
was modified.

C:\Windows\System32\config\system
was modified.

C:\Windows\System32\config\system
was modified.

C:\Windows\System32\config\SOFTWARE.LOG1
was modified.

C:\Windows\System32\config\software
was modified.

C:\Windows\System32\config\software
was modified.

C:\Windows\System32\config\software
was modified.

C:\Windows\Prefetch\WINWORD.EXE-CEA9B574.pf
was modified.

C:\Windows\Prefetch\WINWORD.EXE-CEA9B574.pf
was modified.

C:\Users\bruce\ntuser.dat.LOG1
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Windows\Prefetch\SPLWOW64.EXE-297C4568.pf
was created.

C:\Windows\Prefetch\SPLWOW64.EXE-297C4568.pf
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
was renamed to
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01E9F.log

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01E9D.log
was renamed to
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents\wwwww.docx
was created.

C:\Users\bruce\report iscsi\Music\Music\Documents\wwwww.docx
was removed.

C:\Users\bruce\report iscsi\Music\Music\Documents
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\adecfb853d77462a.automaticDestinations-ms
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\adecfb853d77462a.automaticDestinations-ms
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\adecfb853d77462a.automaticDestinations-ms
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\adecfb853d77462a.automaticDestinations-ms
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\wwwww.lnk
was created.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\wwwww.lnk
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent
was modified.

C:\Users\bruce\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012011102020111021\index.dat
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK
was removed.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK
was created.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\index.dat
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\index.dat
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents\wwwww.docx
was created.

C:\Users\bruce\report iscsi\Music\Music\Documents
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents\~WRD0000.tmp
was created.

C:\Users\bruce\report iscsi\Music\Music\Documents
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents\~WRD0000.tmp
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents\~WRD0000.tmp
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents\wwwww.docxw
was renamed to
C:\Users\bruce\report iscsi\Music\Music\Documents\~WRL0001.tmp

C:\Users\bruce\report iscsi\Music\Music\Documents
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents\~$wwwww.docx
was created.

C:\Users\bruce\report iscsi\Music\Music\Documents
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents\~$wwwww.docx
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents\~WRL0001.tmp
was removed.

C:\Users\bruce\report iscsi\Music\Music\Documents
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\wwwww.LNK
was created.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\wwwww.LNK
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\index.dat
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\Located by.LNK
was removed.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\index.dat
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\adecfb853d77462a.automaticDestinations-ms
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\adecfb853d77462a.automaticDestinations-ms
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\adecfb853d77462a.automaticDestinations-ms
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK
was removed.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\adecfb853d77462a.automaticDestinations-ms
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\index.dat
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\index.dat
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK
was removed.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK
was created.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\index.dat
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\wwwww.LNK
was removed.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\wwwww.LNK
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\index.dat
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\index.dat
was modified.

C:\Users\bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
was modified.

C:\Users\bruce\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
was modified.

C:\Users\bruce\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
was modified.

C:\Users\bruce\AppData\Local\Microsoft\Windows\UsrClass.dat
was modified.

C:\Users\bruce\AppData\Local\Microsoft\Windows\UsrClass.dat
was modified.

C:\Users\bruce\AppData\Local\Microsoft\Windows\UsrClass.dat
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
was modified.

C:\Users\bruce\ntuser.dat.LOG1
was modified.

C:\Users\bruce\ntuser.dat.LOG1
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Users\bruce\ntuser.dat.LOG1
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
was renamed to
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01EA0.log

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01E9E.logK
was renamed to
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents\~WRD0002.tmp
was created.

C:\Users\bruce\report iscsi\Music\Music\Documents
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents\~WRD0002.tmp
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents\~WRD0002.tmp
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\wwwww.LNK
was removed.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\wwwww.LNK
was created.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\wwwww.LNK
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\index.dat
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK
was removed.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\index.dat
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\wwwww.LNK
was removed.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\wwwww.LNK
was created.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\wwwww.LNK
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\index.dat
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK
was removed.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK
was created.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\My Documents.LNK
was modified.

C:\Users\bruce\AppData\Roaming\Microsoft\Office\Recent\index.dat
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents\~WRL0003.tmp
was removed.

C:\Users\bruce\report iscsi\Music\Music\Documents
was modified.

C:\Users\bruce\report iscsi\Music\Music\Documents\~$wwwww.docx
was removed.

C:\Users\bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{42D64488-AFD7-49AD-9012-8CB9FC8B96EE}.tmp
was modified.

C:\Users\bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word
was modified.

C:\Users\bruce\AppData\Local\Temp\CVRD2EC.tmp.cvr
was removed.

C:\Users\bruce\AppData\Local\Temp
was modified.

C:\Users\bruce\AppData\Local\Temp\16306924.od
was removed.

C:\Users\bruce\report iscsi\Music\Music\Documents
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was created.

C:\Users\bruce\AppData\Local\Temp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies
was modified.

C:\Users\bruce\AppData\Local\Temp\etilqs_yiWfKEN6SGfxEWI
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was removed.

C:\Users\bruce\ntuser.dat.LOG1
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Users\bruce\AppData\Local\Temp
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\Users\bruce\ntuser.dat
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
was renamed to
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01EA1.log

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
was renamed to
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
was created.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b7
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b7
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b7
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b8
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b8
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b8
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b9
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000b9
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ba
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ba
was modified.

C:\Users\bruce\AppData\Local\Temp\etilqs_tZqmD9PKTAgZ7jM
was created.

C:\Users\bruce\AppData\Local\Temp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bb
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bb
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bb
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
was modified.

C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bc
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bc
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bd
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bd
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bd
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000be
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000be
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000bf
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c0
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c0
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c1
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c1
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c2
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c2
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c3
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c3
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c4
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c4
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c5
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c5
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c6
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c6
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c7
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c7
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c7
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c8
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c8
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c9
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000c9
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ca
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ca
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cb
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cb
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cb
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cc
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cc
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cd
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cd
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\History-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Favicons
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal
was modified.

C:\Users\bruce\AppData\Local\Temp\etilqs_oDhklcKLWRaNMjO
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Top Sites
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ce
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ce
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000ce
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cf
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cf
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000cf
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d0
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d0
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d1
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d1
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d1
was modified.

C:\Windows\Prefetch\CHROME.EXE-1DEBE539.pf
was modified.

C:\Windows\Prefetch\CHROME.EXE-1DEBE539.pf
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d2
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d2
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d3
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d3
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d3
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d4
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d4
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d4
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d5
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d6
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies
was modified.

C:\Users\bruce\AppData\Local\Temp\etilqs_nhbv5fFMOUIX8DE
was removed.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
was removed.

C:\Users\bruce\AppData\Local\Temp
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d5
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d5
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d6
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000d6
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
was created.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Top Sites
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Top Sites-journal
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log_
was renamed to
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid
was created.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.ci
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.dir
was created.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.dir
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.ci
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.ci
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.ci
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.dir
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.dir
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.dir
was modified.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.ci
was modified.

C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Current Session
was modified.

AMEN

__________________
bogtrotter is offline   Reply With Quote
Old 10-21-2011, 03:12 PM   #2
Registered Member
 
Join Date: Oct 2011
Posts: 16
OS: Windows 7 on Asus 64 bit



2 days. 81 views, 0 replies. Pardon my impatience but is this not a place to come for help or is it a place one can come only to hope for help but leave disappointed.

__________________
bogtrotter is offline   Reply With Quote
Old 10-22-2011, 09:17 AM   #3
Registered Member
 
Join Date: Oct 2011
Posts: 16
OS: Windows 7 on Asus 64 bit



Help!
__________________
bogtrotter is offline   Reply With Quote
Old 10-22-2011, 09:22 AM   #4
Registered Member
 
Join Date: Oct 2011
Posts: 16
OS: Windows 7 on Asus 64 bit



"BUMP"
__________________
bogtrotter is offline   Reply With Quote
Old 10-28-2011, 06:17 AM   #5
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



Hello bogtrotter,

81 views doesn't necessarily mean all those views were by our Staff. Anyone can view any of these threads, and many arrive at threads via Google searches.

We can't do anything with that log you posted. We require a comprehensive set of logs to identify the presence of, and begin the removal of malware. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 10-31-2011, 01:25 AM   #6
Registered Member
 
Join Date: Oct 2011
Posts: 16
OS: Windows 7 on Asus 64 bit



I have very good reason a keylogger has been installed on my computer (most likely early 7/9/2011) Software companies indicate total stealth and anti-spy/virus indicate 100% removal. Those two scenarios seem to conflict and do not offer sufficient resolve for me. Being a new user I hope I am sending the logs which I was advised to send properly. Thanking you in advance for your help.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by bruce at 2:21:26 on 2011-10-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6069.3807 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\PortraitProfessional.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe
C:\Users\bruce\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bruce\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bruce\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bruce\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\bruce\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bruce\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bruce\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\bruce\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.bing.com/?pc=AVBR
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80291&lng=en
uDefault_Page_URL = hxxp://www.msn.com
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: H - No File
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\YTNavAssist.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
BHO: {04eb382a-4b48-4de7-a570-b0307b9b13c7} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {00F2C0C6-2194-484E-9064-44E57787867B} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {38542454-DFB6-44F5-B052-D4E071A3D073} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\bruce\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [I-Hate-Keyloggers] C:\Users\bruce\report iscsi\Music\Music\Documents\i-hate-keyloggers.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [IdentityPatrol] C:\Program Files (x86)\IdentityPatrol\IdentityPatrol.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{98F1675B-50D9-482F-A482-D661E8144093} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: {04eb382a-4b48-4de7-a570-b0307b9b13c7} - No File
BHO-X64: BHO Project - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
BHO-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - Searchqu Toolbar
BHO-X64: Searchqu Toolbar - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: {cbc5b60a-aa4d-45f6-84c2-d086f320299a} - No File
BHO-X64: BHO Project - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBitT.dll
TB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB-X64: {00F2C0C6-2194-484E-9064-44E57787867B} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {38542454-DFB6-44F5-B052-D4E071A3D073} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [IdentityPatrol] C:\Program Files (x86)\IdentityPatrol\IdentityPatrol.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-10 366152]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2010-12-23 66560]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-2-1 2314240]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-10-23 246600]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-24 136176]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-2-1 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-1 79360]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-24 136176]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;QuickCam Pro for Notebooks(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-30 16:16:01 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1123559-EC0B-4859-8278-43204C8CF0AE}\offreg.dll
2011-10-30 16:15:58 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1123559-EC0B-4859-8278-43204C8CF0AE}\mpengine.dll
2011-10-23 21:20:00 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2011-10-23 21:19:58 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2011-10-21 00:20:38 209008 ----a-w- C:\Windows\SysWow64\kbhookdll.dll
2011-10-20 10:32:36 -------- d-----w- C:\ProgramData\Keylogger Detector
2011-10-20 10:31:55 -------- d-----w- C:\Program Files\Keylogger Detector
2011-10-20 00:13:21 -------- d-----w- C:\Program Files (x86)\BitTorrent
2011-10-20 00:12:19 -------- d-----w- C:\Users\bruce\AppData\Roaming\BitTorrent
2011-10-20 00:12:19 -------- d-----w- C:\Users\bruce\AppData\Local\BitTorrent
2011-10-17 21:31:53 -------- d-----w- C:\Users\bruce\AppData\Roaming\SUPERAntiSpyware.com
2011-10-17 21:29:27 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-10-17 21:29:27 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-10-17 19:50:32 -------- d-----w- C:\Program Files (x86)\IdentityPatrol
2011-10-17 02:10:26 -------- d-sh--w- C:\found.004
2011-10-16 04:08:03 -------- d-----w- C:\ProgramData\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-15 23:05:19 102912 ----a-w- C:\Windows\SysWow64\VB6STKIT.DLL
2011-10-14 22:41:55 388096 ----a-r- C:\Users\bruce\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-14 22:41:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-10-14 18:13:25 -------- d-----w- C:\Program Files (x86)\WI3C8A~1
2011-10-14 06:29:19 -------- d-----w- C:\Users\bruce\twisted stitch
2011-10-13 18:30:48 -------- d-----w- C:\Users\bruce\AppData\Local\Logitech® Webcam Software
2011-10-13 18:27:07 53248 ----a-r- C:\Users\bruce\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-10-13 18:25:53 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2011-10-13 14:21:31 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2011-10-13 02:36:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
2011-10-13 02:36:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
2011-10-13 02:36:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
2011-10-13 02:36:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
2011-10-13 02:36:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
2011-10-13 02:36:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
2011-10-13 02:36:37 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
2011-10-12 23:38:09 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
2011-10-12 23:38:08 -------- d-----w- C:\Program Files (x86)\ParetoLogic
2011-10-12 01:29:59 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5C3D1DC9-527B-4320-B4E5-8F3A04627A8B}\gapaengine.dll
2011-10-11 21:27:04 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-08 12:39:01 -------- d-----w- C:\Users\bruce\New folder (2)
2011-10-06 01:53:41 -------- d-----w- C:\Users\bruce\AppData\Local\Microsoft Games
.
==================== Find3M ====================
.
2011-10-29 1548 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-30 20:37:28 18816 ----a-w- C:\Windows\System32\roboot64.exe
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-31 04:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-19 09:27:30 769312 ----a-w- C:\Windows\System32\LVUI64.dll
2011-08-19 09:27:30 561440 ----a-w- C:\Windows\System32\LVUIRC64.dll
2011-08-19 09:27:30 4869024 ----a-w- C:\Windows\System32\drivers\lvuvc64.sys
2011-08-19 09:27:30 351136 ----a-w- C:\Windows\System32\drivers\lvrs64.sys
2011-08-19 09:27:22 263456 ----a-w- C:\Windows\System32\lvco13301394.dll
2011-08-19 09:27:22 176416 ----a-w- C:\Windows\System32\lvcod64.dll
2011-08-19 09:26:50 545056 ----a-w- C:\Windows\SysWow64\LVUI2.dll
2011-08-19 09:26:50 540960 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll
2011-08-19 09:26:46 307488 ----a-w- C:\Windows\SysWow64\lvcodec2.dll
2011-08-19 09:26:20 336408 ----a-w- C:\Windows\SysWow64\DevManagerCore.dll
2011-08-19 09:26:20 336408 ----a-w- C:\Windows\System32\DevManagerCore.dll
2011-08-19 09:26:20 10898456 ----a-w- C:\Windows\SysWow64\LogiDPP.dll
2011-08-19 09:26:20 10898456 ----a-w- C:\Windows\System32\LogiDPP.dll
2011-08-19 09:26:20 104472 ----a-w- C:\Windows\SysWow64\LogiDPPApp.exe
2011-08-19 09:26:20 104472 ----a-w- C:\Windows\System32\LogiDPPApp.exe
2011-08-18 20:54:37 1110476 ----a-w- C:\Program Files (x86)\7-Zip.exe
2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-08-12 17:19:40 16920 ----a-w- C:\Windows\System32\drivers\iKeyLFT264.dll
2011-08-09 03:30:44 24448 ----a-w- C:\Windows\SysWow64\drivers\fnetthjm_18A5.sys
2011-08-03 18:05:11 15672 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2010-11-12 21:03:54 5305760 ----a-w- C:\Program Files\nu.exe
2009-09-04 19:54:12 503808 ----a-w- C:\Program Files (x86)\vcomHtmls.dll
2009-08-31 17:25:20 5371136 ----a-w- C:\Program Files (x86)\WebEasy.exe
2009-08-31 15:52:30 53248 ----a-w- C:\Program Files (x86)\InstallShield_sn.dll
2009-07-31 22:56:08 98408 ----a-w- C:\Program Files (x86)\SNUpdate.exe
2009-07-31 22:56:08 61440 ----a-w- C:\Program Files (x86)\WinInetErrors.dll
2009-07-31 22:56:08 307200 ----a-w- C:\Program Files (x86)\LiveUpdateClientTools.dll
2009-07-31 22:56:08 110592 ----a-w- C:\Program Files (x86)\WUNPACLN.dll
2009-07-31 22:56:06 57344 ----a-w- C:\Program Files (x86)\CheckSumTool.dll
2009-07-31 22:56:06 417792 ----a-w- C:\Program Files (x86)\IAMC.dll
2009-07-31 22:56:06 3533 ----a-w- C:\Program Files (x86)\iam_dn2.sys
2009-07-31 22:56:06 32206 ----a-w- C:\Program Files (x86)\iam_dn1.sys
2009-07-31 22:56:06 163840 ----a-w- C:\Program Files (x86)\APMessage.exe
2009-07-31 22:56:06 14204 ----a-w- C:\Program Files (x86)\iam_bgd.sys
2009-07-24 17:46:56 405656 ----a-w- C:\Program Files (x86)\vcomBuya.sys
2009-05-06 21:15:52 331776 ----a-w- C:\Program Files (x86)\OLRegist.dll
2009-04-29 00:56:46 593920 ----a-w- C:\Program Files (x86)\bvrpctln.dll
2008-11-21 17:07:54 695578 ----a-w- C:\Program Files\unins000.exe
2008-11-05 21:48:34 3752232 ----a-w- C:\Program Files\PortraitProfessional.exe
2008-10-24 19:40:42 508136 ----a-w- C:\Program Files\PPthumbs.dll
2008-10-08 16:11:50 2023424 ----a-w- C:\Program Files\QtCore4.dll
2008-10-08 07:50:00 626688 ----a-w- C:\Program Files\msvcr80.dll
2008-10-08 07:49:48 548864 ----a-w- C:\Program Files\msvcp80.dll
2008-10-08 07:49:28 479232 ----a-w- C:\Program Files\msvcm80.dll
2008-09-27 15:43:46 7352320 ----a-w- C:\Program Files\QtGui4.dll
.
============= FINISH: 2:22:59.09 ===============

Attach.zip
__________________
bogtrotter is offline   Reply With Quote
Old 11-03-2011, 01:24 PM   #7
Registered Member
 
Join Date: Oct 2011
Posts: 16
OS: Windows 7 on Asus 64 bit



"BUMP"
__________________
bogtrotter is offline   Reply With Quote
Old 11-03-2011, 01:28 PM   #8
Registered Member
 
Join Date: Oct 2011
Posts: 16
OS: Windows 7 on Asus 64 bit



"Please" (and thank you for your time. It is much appreciated!)
__________________
bogtrotter is offline   Reply With Quote
Old 11-06-2011, 08:59 AM   #9
Registered Member
 
Join Date: Oct 2011
Posts: 16
OS: Windows 7 on Asus 64 bit



Have I posted correctly or followed procedure properly? Please advise.
__________________
bogtrotter is offline   Reply With Quote
Old 11-08-2011, 07:33 PM   #10
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



I don't see any malware here. The list you first posted of supposed key logging activity nothing of the sort. Those are all typical, legit modifications that are a normal part of using a browser, installing programs, updating programs, essentially everything you do will affect the OS in some way, shape or form.

The program you used is terribly outdated. It was first developed and written in 2006, designed for Windows 2k and Windows XP. Windows 7 is very different from those OS's, hence, the tool you're using cannot provide any reliable results.

If you're concerned about 'sharing' personal info or becoming infected, you should uninstall BitTorrent. That is your weak link in this machine.

You also have 2 AV's installed and running. It is never a good idea to have more than 1 installed at any given time. While you may think it provides you with 'more' protection, the opposite is true. The programs will conflict with one another and ultimately offer less protection. Choose and run only 1 AV, and uninstall the other via Control Panel>Programs and features.

If anything, I recommend getting a look from the outside in. Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Old 11-10-2011, 02:03 AM   #11
Registered Member
 
Join Date: Oct 2011
Posts: 16
OS: Windows 7 on Asus 64 bit



Hello Ried, First I want to thank you for taking the time to review my situation and files. I apologize for beginning a new thread rather than to continue with the first but I mistakenly believed that thread had ended and my failure to furnish the correct file information. Following your directions above, below is a log of the "list of threats" encountered:

C:\ProgramData\Keylogger Detector\Quarantined\kbhookdll.dll Win32/IHateKeyloggers application
C:\Users\All Users\Keylogger Detector\Quarantined\kbhookdll.dll Win32/IHateKeyloggers application
C:\Users\bruce\Downloads\cnet_SecurityTaskManager_Setup_exe.exe a variant of Win32/InstallCore.D application
C:\Users\bruce\Downloads\cnet_ShieldDeluxeFT_exe.exe a variant of Win32/InstallCore.D application
C:\Users\bruce\Downloads\registrybooster.exe Win32/RegistryBooster application
C:\Users\bruce\Downloads\WhiteSmokeInstaller_9128.exe a variant of Win32/InstallCore.A application
C:\Users\bruce\Downloads\winzip155.exe Win32/OpenCandy application
C:\Windows\System32\kbhookdll.dll Win32/IHateKeyloggers application
C:\Windows\SysWOW64\kbhookdll.dll Win32/IHateKeyloggers application

Not sure if the following indicate malicious activity but here are a few events that have caused me to think the privacy of my PC had been breached: Several questionable events related to Josiah
___________________________________________________________________
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 7/8/2011 7:07:20 AM
Event ID: 4624
Task Category: Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: bruce-PC
Description:
An account was successfully logged on.

Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: ANONYMOUS LOGON
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x3671be
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: JOSIAH-PC
Source Network Address: 192.168.1.109
Source Port: 49885

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4624</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2011-07-08T12:07:20.371333300Z" />
<EventRecordID>66520</EventRecordID>
<Correlation />
<Execution ProcessID="596" ThreadID="6136" />
<Channel>Security</Channel>
<Computer>bruce-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-0-0</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="TargetUserSid">S-1-5-7</Data>
<Data Name="TargetUserName">ANONYMOUS LOGON</Data>
<Data Name="TargetDomainName">NT AUTHORITY</Data>
<Data Name="TargetLogonId">0x3671be</Data>
<Data Name="LogonType">3</Data>
<Data Name="LogonProcessName">NtLmSsp </Data>
<Data Name="AuthenticationPackageName">NTLM</Data>
<Data Name="WorkstationName">JOSIAH-PC</Data>
<Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">NTLM V1</Data>
<Data Name="KeyLength">128</Data>
<Data Name="ProcessId">0x0</Data>
<Data Name="ProcessName">-</Data>
<Data Name="IpAddress">192.168.1.109</Data>
<Data Name="IpPort">49885</Data>
</EventData>
</Event>
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 7/8/2011 7:07:20 AM
Event ID: 4624
Task Category: Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: bruce-PC
Description:
An account was successfully logged on.

Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: ANONYMOUS LOGON
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x3671be
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: JOSIAH-PC
Source Network Address: 192.168.1.109
Source Port: 49885

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4624</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2011-07-08T12:07:20.371333300Z" />
<EventRecordID>66520</EventRecordID>
<Correlation />
<Execution ProcessID="596" ThreadID="6136" />
<Channel>Security</Channel>
<Computer>bruce-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-0-0</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="TargetUserSid">S-1-5-7</Data>
<Data Name="TargetUserName">ANONYMOUS LOGON</Data>
<Data Name="TargetDomainName">NT AUTHORITY</Data>
<Data Name="TargetLogonId">0x3671be</Data>
<Data Name="LogonType">3</Data>
<Data Name="LogonProcessName">NtLmSsp </Data>
<Data Name="AuthenticationPackageName">NTLM</Data>
<Data Name="WorkstationName">JOSIAH-PC</Data>
<Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">NTLM V1</Data>
<Data Name="KeyLength">128</Data>
<Data Name="ProcessId">0x0</Data>
<Data Name="ProcessName">-</Data>
<Data Name="IpAddress">192.168.1.109</Data>
<Data Name="IpPort">49885</Data>
</EventData>
</Event>
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 7/8/2011 2:56:58 AM
Event ID: 4904
Task Category: Audit Policy Change
Level: Information
Keywords: Audit Success
User: N/A
Computer: bruce-PC
Description:
An attempt was made to register a security event source.

Subject :
Security ID: SYSTEM
Account Name: BRUCE-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID: 0x470
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x17d911
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4904</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>13568</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2011-07-08T07:56:58.090546900Z" />
<EventRecordID>66287</EventRecordID>
<Correlation />
<Execution ProcessID="624" ThreadID="672" />
<Channel>Security</Channel>
<Computer>bruce-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">BRUCE-PC$</Data>
<Data Name="SubjectDomainName">WORKGROUP</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="AuditSourceName">VSSAudit</Data>
<Data Name="EventSourceId">0x17d911</Data>
<Data Name="ProcessId">0x470</Data>
<Data Name="ProcessName">C:\Windows\System32\VSSVC.exe</Data>
</EventData>
</Event>
¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬-_____________________________________________________________________________________Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 7/8/2011 2:56:58 AM
Event ID: 4905
Task Category: Audit Policy Change
Level: Information
Keywords: Audit Success
User: N/A
Computer: bruce-PC
Description:
An attempt was made to unregister a security event source.

Subject
Security ID: SYSTEM
Account Name: BRUCE-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID: 0x470
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x17d911
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4905</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>13568</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2011-07-08T07:56:58.091546900Z" />
<EventRecordID>66288</EventRecordID>
<Correlation />
<Execution ProcessID="624" ThreadID="672" />
<Channel>Security</Channel>
<Computer>bruce-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">BRUCE-PC$</Data>
<Data Name="SubjectDomainName">WORKGROUP</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="AuditSourceName">VSSAudit</Data>
<Data Name="EventSourceId">0x17d911</Data>
<Data Name="ProcessId">0x470</Data>
<Data Name="ProcessName">C:\Windows\System32\VSSVC.exe</Data>
</EventData>
</Event>
_____________________________________________________________________________________Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 7/8/2011 3:44:25 AM
Event ID: 4672
Task Category: Special Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: bruce-PC
Description:
Special privileges assigned to new logon.

Subject:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4672</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12548</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2011-07-08T08:44:25.973594300Z" />
<EventRecordID>66304</EventRecordID>
<Correlation />
<Execution ProcessID="624" ThreadID="5908" />
<Channel>Security</Channel>
<Computer>bruce-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">SYSTEM</Data>
<Data Name="SubjectDomainName">NT AUTHORITY</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="PrivilegeList">SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege</Data>
</EventData>
</Event>
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 7/8/2011 3:44:35 AM
Event ID: 5061
Task Category: System Integrity
Level: Information
Keywords: Audit Success
User: N/A
Computer: bruce-PC
Description:
Cryptographic operation.

Subject:
Security ID: LOCAL SERVICE
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: 4c91994d-b655-4bf5-9db9-9579ede86cb5
Key Type: Machine key.

Cryptographic Operation:
Operation: Open Key.
Return Code: 0x0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>5061</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2011-07-08T08:44:35.218810600Z" />
<EventRecordID>66308</EventRecordID>
<Correlation />
<Execution ProcessID="624" ThreadID="3584" />
<Channel>Security</Channel>
<Computer>bruce-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-19</Data>
<Data Name="SubjectUserName">LOCAL SERVICE</Data>
<Data Name="SubjectDomainName">NT AUTHORITY</Data>
<Data Name="SubjectLogonId">0x3e5</Data>
<Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
<Data Name="AlgorithmName">RSA</Data>
<Data Name="KeyName">4c91994d-b655-4bf5-9db9-9579ede86cb5</Data>
<Data Name="KeyType">%%2499</Data>
<Data Name="Operation">%%2480</Data>
<Data Name="ReturnCode">0x0</Data>
</EventData>
</Event>
Log Name: Security
Source: Microsoft-Windows-Eventlog
Date: 7/8/2011 3:57:20 AM
Event ID: 1100
Task Category: Service shutdown
Level: Information
Keywords: Audit Success
User: N/A
Computer: bruce-PC
Description:
The event logging service has shut down.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Eventlog" Guid="{fc65ddd8-d6ef-4962-83d5-6e5cfe9ce148}" />
<EventID>1100</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>103</Task>
<Opcode>0</Opcode>
<Keywords>0x4020000000000000</Keywords>
<TimeCreated SystemTime="2011-07-08T08:57:20.466959100Z" />
<EventRecordID>66316</EventRecordID>
<Correlation />
<Execution ProcessID="992" ThreadID="8500" />
<Channel>Security</Channel>
<Computer>bruce-PC</Computer>
<Security />
</System>
<UserData>
<ServiceShutdown xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2004/08/windows/eventlog">
</ServiceShutdown>
</UserData>
</Event>
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 7/8/2011 3:58:03 AM
Event ID: 4648
Task Category: Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: bruce-PC
Description:
A logon was attempted using explicit credentials.

Subject:
Security ID: SYSTEM
Account Name: BRUCE-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: Guest
Account Domain: bruce-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x3e4
Process Name: C:\Windows\System32\LogonUI.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4648</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2011-07-08T08:58:03.691235900Z" />
<EventRecordID>66331</EventRecordID>
<Correlation />
<Execution ProcessID="624" ThreadID="660" />
<Channel>Security</Channel>
<Computer>bruce-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">BRUCE-PC$</Data>
<Data Name="SubjectDomainName">WORKGROUP</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="LogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
<Data Name="TargetUserName">Guest</Data>
<Data Name="TargetDomainName">bruce-PC</Data>
<Data Name="TargetLogonGuid">{00000000-0000-0000-0000-000000000000}</Data>
<Data Name="TargetServerName">localhost</Data>
<Data Name="TargetInfo">localhost</Data>
<Data Name="ProcessId">0x3e4</Data>
<Data Name="ProcessName">C:\Windows\System32\LogonUI.exe</Data>
<Data Name="IpAddress">-</Data>
<Data Name="IpPort">-</Data>
</EventData>
</Event>
¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬-________________________________________________________________________
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 7/8/2011 4:00:00 AM
Event ID: 5058
Task Category: Other System Events
Level: Information
Keywords: Audit Success
User: N/A
Computer: bruce-PC
Description:
Key file operation.

Subject:
Security ID: LOCAL SERVICE
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: Not Available.
Key Name: 4c91994d-b655-4bf5-9db9-9579ede86cb5
Key Type: Machine key.

Key File Operation Information:
File Path: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\05e42f62f2fc8cce97848e72d434741d_ec2c9ad6-fc11-45d2-a204-e08d5272ca8d
Operation: Read persisted key from file.
Return Code: 0x0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>5058</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12292</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2011-07-08T09:00:00.649427900Z" />
<EventRecordID>66350</EventRecordID>
<Correlation />
<Execution ProcessID="624" ThreadID="672" />
<Channel>Security</Channel>
<Computer>bruce-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-19</Data>
<Data Name="SubjectUserName">LOCAL SERVICE</Data>
<Data Name="SubjectDomainName">NT AUTHORITY</Data>
<Data Name="SubjectLogonId">0x3e5</Data>
<Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
<Data Name="AlgorithmName">%%2432</Data>
<Data Name="KeyName">4c91994d-b655-4bf5-9db9-9579ede86cb5</Data>
<Data Name="KeyType">%%2499</Data>
<Data Name="KeyFilePath">C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\05e42f62f2fc8cce97848e72d434741d_ec2c9ad6-fc11-45d2-a204-e08d5272ca8d</Data>
<Data Name="Operation">%%2458</Data>
<Data Name="ReturnCode">0x0</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-Kernel-General
Date: 10/8/2011 8:27:47 PM
Event ID: 1
Task Category: None
Level: Information
Keywords: Time
User: N/A
Computer: bruce-PC
Description:
The system time has changed to ‎2011‎-‎10‎-‎09T01:27:47.500000000Z from ‎2011‎-‎10‎-‎08T23:52:19.061200800Z.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-General" Guid="{A68CA8B7-004F-D7B6-A698-07E2DE0F1F5D}" />
<EventID>1</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000010</Keywords>
<TimeCreated SystemTime="2011-10-09T01:27:47.501000100Z" />
<EventRecordID>690638</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="56" />
<Channel>System</Channel>
<Computer>bruce-PC</Computer>
<Security />
</System>
<EventData>
<Data Name="NewTime">2011-10-09T01:27:47.500000000Z</Data>
<Data Name="OldTime">2011-10-08T23:52:19.061200800Z</Data>
</EventData>
</Event>
___________________________________________
Again Reid, Thank you for your time in reviewing my files. I feel strongly that some sensitive business files were jepordized my my allowing someone access to my computer. Whether through installation of a keylogger, uploading information to a server, using a RAT, or creating some method of remote access; some underhanded deed was had. Any advice you can give so that I might investigate those events would be greatly appreciated.
__________________
bogtrotter is offline   Reply With Quote
Old 11-11-2011, 08:39 PM   #12
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



Investigating these type of events is out of my realm of expertise. Those all look to be legit for Windows 7. I think you'd be better served discussing these with the experts in our Vista / Windows 7 Support section. The workings of the OS are their area of expertise.

If you are still concerned that there may be some RAT or keylogger, the only way you'll have peace of mind it to format and reinstall the OS. All I can tell you is that none of the scanners are finding anything, and we can't remove what we cannot see.

__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
BFME II - 'please insert correct cd-dvd'
Re: http://www.techsupportforum.com/forums/f59/solved-bfme-ii-problem-504101.html I have read this entire thread, and i am having the same problem that it says please insert correct cd-dvd. The only antivirus i have is microsoft security essentials though, so it cannot be the same fix. Anyone...
ah376 PC Gaming Support 1 06-24-2011 10:52 PM
Hardware conflict or damage...???
:wave:Hii...Nice to meet u guys I need u guys help to describe about this matter.I not understand at all but what i notice,its said one of hardware(mayb more) is *wrong symbol*.... Using Windbg: Microsoft (R) Windows Debugger Version 6.8.0004.0 X86 Copyright (c) Microsoft Corporation....
WasherMachine Laptop Support 0 06-21-2011 09:14 AM
Cant Get Correct Screen Resolution
Hi Guys Looking for a little help with a display problem. I am using a dell laptop with an ATI graphics adaptor, have just hooked it up to a BenQ monitor that has a native resolution of 1920 x 1080. The best I can select in windows 7 is 1600 x 1200. I have downloaded and installed the...
clkamg55 Video Card Support 6 05-03-2011 03:04 PM
Complex Network Problem Help Please
Hi all.. i rely need some help about something here... I have 1 pc that has its own internet connection directly connected to it (possibly i can connect it to my pc via router if needs be)... now the problem is here... i need this pc to connect to my network.. over a router.. which also has an...
ryanborg Networking Support 19 04-28-2011 04:17 AM
[SOLVED] Not correct size! Please help!
hi there, I have a 1TB 2.5" WD Scorpio Blue hard drive. I put it into a Multimedia player and formatted it, but it didnt format it to the correct size and when I put it in a computer and try to format it, it shows that it is only 31 MB. :4-dontkno How can I format this harddrive to its...
vvuuren Hard Drive Support 3 02-16-2011 08:26 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 01:08 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts