Hunter2222

Members

View Profile See their activity

Posts
8
Joined
June 10, 2014
Last visited
June 27, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Hunter2222

Resilient malware.

Hunter2222 replied to Hunter2222's topic in Resolved Malware Removal Logs

I had Malwarebytes previously installed. However, it was somehow corrupted and the program would no longer run. Upon trying to completely uninstall it an error message the appears that read :Messages file "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.msg" is missing. Please correct the problem or obtain a new copy of the program. I also tried reinstalling the application, but another message appears that reads : Malwarebytes' Anti-Malware 1.x is currently installed and could not be uninstalled properly. Please uninstall Malwarebytes 'Anti-Malware 1.x manually, reboot, and then try to installation again."
- June 17, 2014
- 13 replies
Resilient malware.

Hunter2222 replied to Hunter2222's topic in Resolved Malware Removal Logs

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-06-2014 Ran by Twins at 2014-06-17 12:38:30 Run:1 Running from C:\Users\Twins\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\RunOnce: [upfst_us_83.exe] - C:\Users\Twins\AppData\Local\fst_us_83\upfst_us_83.exe -runonce [3268048 2014-05-29] () AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2790392 SearchScopes: HKCU - DefaultScope {92A9831E-49D0-48FE-8092-0507586674D7} URL = http://start.funmood...q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {92A9831E-49D0-48FE-8092-0507586674D7} URL = http://start.funmood...q={searchTerms} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2790392 BHO: CostMin - {006846C3-6F78-DB49-910E-F4DAF29997DF} - C:\Program Files (x86)\CostMin\mJtw9vw0_g.x64.dll No File Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File FF HKCU\...\Firefox\Extensions: [sp2@sp.com] - C:\Program Files (x86)\Social Privacy\FF\ Task: {0CBC4A36-353C-425E-B730-4FA308499E31} - System32\Tasks\GPUpdateCheck => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-06-09] () Task: {19C4767B-414A-4AD4-B365-4E594F31924D} - System32\Tasks\Microsoft\Windows\Maintenance\IdleCrawler Update => %LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe <==== ATTENTION Task: {4D1EBDA2-D0E5-4D4A-830C-DF23C166703E} - System32\Tasks\DTReg => C:\Users\Twins\AppData\Roaming\defaulttab\defaulttab\DTReg.exe <==== ATTENTION Task: {7ACC5419-445E-4429-A491-CE1D5FCA3340} - System32\Tasks\IdleCrawler Runner => %LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe <==== ATTENTION Task: {A4DEEB13-31A0-4086-A495-16A90C46A76A} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe <==== ATTENTION Task: {D82CFB5D-BDD1-455A-A596-6F55EFC5BDA8} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION Task: {AA1777E9-EF04-450C-841A-F32E05CEDA16} - System32\Tasks\GPUpdate => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-06-09] () Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\pcmax\service.exe <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:373E1720 CHR HKLM-x32\...\Chrome\Extension: [gjpcgbjoinhnojhpapcjckeooahpcleb] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3838\ch\MediaViewV1alpha3838.crx [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [kbcknkbofkmhgcemmndopfhfpcmcjpkg] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha7191\ch\MediaViewerV1alpha7191.crx [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [kfedpadljnihlijmjdebmegbbhilhihk] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home3385\ch\MediaWatchV1home3385.crx [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Twins\AppData\Local\Temp\crx8863.tmp [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [pknkgbegokklcebhknklnjhhelcjobjc] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3401\ch\MediaViewV1alpha3401.crx [2014-02-27] R2 SystemUpdatekb70007; C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\WindowsUpdater.exe [29184 2014-05-29] () [File not signed] S2 vosr; C:\Users\Twins\AppData\Roaming\VOPackage\VOsrv.exe [X] C:\Users\Twins\AppData\Local\Temp(475) C:\Program Files (x86)\GetPrivate C:\Users\Twins\AppData\Roaming\VOPackage C:\Users\Twins\AppData\Local\Temp C:\Program Files (x86)\MediaWatchV1 C:\Program Files (x86)\MediaViewerV1 C:\Program Files (x86)\MediaViewV1 C:\Program Files (x86)\Social Privacy C:\Program Files (x86)\CostMin C:\Users\Twins\AppData\Local\fst_us_83 2014-06-07 02:38 - 2014-06-09 22:43 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-06-07 02:38 - 2014-06-09 22:43 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-06-07 02:37 - 2014-06-09 23:13 - 00000000 ____D () C:\Users\Twins\AppData\Local\MRS 2014-06-07 02:37 - 2014-06-09 22:44 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\v9 2014-06-07 02:37 - 2014-06-09 22:44 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-06-07 02:37 - 2014-06-09 22:43 - 00000000 ____D () C:\Program Files (x86)\Supporter 2014-06-07 02:37 - 2014-06-07 02:37 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\MRS 2014-06-07 02:36 - 2014-06-09 23:13 - 00000000 ____D () C:\Users\Twins\AppData\Local\IdleCrawler 2014-06-07 02:36 - 2014-06-09 22:44 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch 2014-06-07 02:36 - 2014-06-09 22:44 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser 2014-06-07 02:36 - 2014-06-09 22:44 - 00000000 ____D () C:\Users\Twins\AppData\Local\Torch 2014-06-07 02:36 - 2014-06-09 22:43 - 00000000 ____D () C:\Users\Twins\AppData\Local\Chromatic Browser 2014-06-07 02:36 - 2014-06-09 22:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch 2014-06-07 02:36 - 2014-06-09 22:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser 2014-06-07 02:36 - 2014-06-09 22:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-06-07 02:36 - 2014-06-09 22:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-06-07 02:36 - 2014-06-07 02:37 - 00000000 ____D () C:\Program Files (x86)\MRS 2014-06-07 02:36 - 2014-06-07 02:36 - 00004574 _____ () C:\Windows\System32\Tasks\IdleCrawler Runner 2014-06-06 01:55 - 2014-06-10 14:02 - 00000000 ____D () C:\Users\Twins\AppData\Local\fst_us_83 2014-06-06 01:55 - 2014-06-09 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fst 2014-06-06 01:53 - 2014-06-10 06:51 - 00003476 _____ () C:\Windows\System32\Tasks\GPUpdateCheck 2014-06-06 01:53 - 2014-06-09 23:13 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\wi_upd 2014-06-06 01:53 - 2014-06-09 22:51 - 00003218 _____ () C:\Windows\System32\Tasks\GPUpdate 2014-06-06 01:53 - 2014-06-09 22:44 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\GetPrivate 2014-06-01 00:11 - 2014-06-10 06:51 - 00000270 _____ () C:\Windows\Tasks\pcreg.job 2014-06-01 00:11 - 2014-06-03 10:54 - 00000000 ____D () C:\Program Files\pcmax 2014-06-01 00:11 - 2014-06-01 00:11 - 00002898 _____ () C:\Windows\System32\Tasks\pcreg ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\upfst_us_83.exe => value deleted successfully. "C:\PROGRA~2\SupTab\SEARCH~2.DLL" => Value Data removed successfully. "C:\PROGRA~2\SupTab\SEARCH~1.DLL" => Value Data removed successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully. HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} => value deleted successfully. 'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}' => Key deleted successfully. 'HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}'=> Key not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. 'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully. 'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found. 'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92A9831E-49D0-48FE-8092-0507586674D7}' => Key deleted successfully. 'HKCR\CLSID\{92A9831E-49D0-48FE-8092-0507586674D7}'=> Key not found. 'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}' => Key deleted successfully. 'HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}'=> Key not found. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{006846C3-6F78-DB49-910E-F4DAF29997DF}' => Key deleted successfully. 'HKCR\CLSID\{006846C3-6F78-DB49-910E-F4DAF29997DF}' => Key deleted successfully. HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => value deleted successfully. 'HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}'=> Key not found. HKCU\Software\Mozilla\Firefox\Extensions\\sp2@sp.com => value deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CBC4A36-353C-425E-B730-4FA308499E31}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CBC4A36-353C-425E-B730-4FA308499E31}' => Key deleted successfully. C:\Windows\System32\Tasks\GPUpdateCheck => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUpdateCheck' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19C4767B-414A-4AD4-B365-4E594F31924D}'=> Key not found. C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\IdleCrawler Update not found. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\IdleCrawler Update'=> Key not found. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D1EBDA2-D0E5-4D4A-830C-DF23C166703E}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D1EBDA2-D0E5-4D4A-830C-DF23C166703E}' => Key deleted successfully. C:\Windows\System32\Tasks\DTReg => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ACC5419-445E-4429-A491-CE1D5FCA3340}'=> Key not found. C:\Windows\System32\Tasks\IdleCrawler Runner not found. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IdleCrawler Runner'=> Key not found. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A4DEEB13-31A0-4086-A495-16A90C46A76A}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4DEEB13-31A0-4086-A495-16A90C46A76A}' => Key deleted successfully. C:\Windows\System32\Tasks\pcreg => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pcreg' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D82CFB5D-BDD1-455A-A596-6F55EFC5BDA8}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D82CFB5D-BDD1-455A-A596-6F55EFC5BDA8}' => Key deleted successfully. C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AA1777E9-EF04-450C-841A-F32E05CEDA16}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA1777E9-EF04-450C-841A-F32E05CEDA16}' => Key deleted successfully. C:\Windows\System32\Tasks\GPUpdate => Moved successfully. 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUpdate' => Key deleted successfully. C:\Windows\Tasks\PC Optimizer Pro64 startups.job => Moved successfully. C:\Windows\Tasks\pcreg.job => Moved successfully. C:\ProgramData\TEMP => ":373E1720" ADS removed successfully. 'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gjpcgbjoinhnojhpapcjckeooahpcleb' => Key deleted successfully. "C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3838\ch\MediaViewV1alpha3838.crx" => File/Directory not found. 'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kbcknkbofkmhgcemmndopfhfpcmcjpkg' => Key deleted successfully. "C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha7191\ch\MediaViewerV1alpha7191.crx" => File/Directory not found. 'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kfedpadljnihlijmjdebmegbbhilhihk' => Key deleted successfully. "C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home3385\ch\MediaWatchV1home3385.crx" => File/Directory not found. 'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid' => Key deleted successfully. "C:\Users\Twins\AppData\Local\Temp\crx8863.tmp" => File/Directory not found. 'HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pknkgbegokklcebhknklnjhhelcjobjc' => Key deleted successfully. "C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3401\ch\MediaViewV1alpha3401.crx" => File/Directory not found. SystemUpdatekb70007 => Unable to stop service SystemUpdatekb70007 => Service deleted successfully. vosr => Service deleted successfully. C:\Users\Twins\AppData\Local\Temp(475) => Moved successfully. C:\Program Files (x86)\GetPrivate => Moved successfully. "C:\Users\Twins\AppData\Roaming\VOPackage" => File/Directory not found. "C:\Users\Twins\AppData\Local\Temp" directory move: C:\Users\Twins\AppData\Local\Temp\CVHLauncher(201406101444091168).log => Moved successfully. Could not move "C:\Users\Twins\AppData\Local\Temp\etilqs_73YD4iKAeYHMIZd" => Scheduled to move on reboot. Could not move "C:\Users\Twins\AppData\Local\Temp\etilqs_NpLbhC1y6PpZ0Qb" => Scheduled to move on reboot. C:\Users\Twins\AppData\Local\Temp\GPUpd53978C4D0.exe => Moved successfully. C:\Users\Twins\AppData\Local\Temp\GPUpd5398C69C0.exe => Moved successfully. C:\Users\Twins\AppData\Local\Temp\JavaDeployReg.log => Moved successfully. C:\Users\Twins\AppData\Local\Temp\jusched.log => Moved successfully. C:\Users\Twins\AppData\Local\Temp\Twins.bmp => Moved successfully. C:\Users\Twins\AppData\Local\Temp\ws => Moved successfully. C:\Users\Twins\AppData\Local\Temp\~nsu.tmp\Au_.exe => Moved successfully. C:\Users\Twins\AppData\Local\Temp\{9BB410CE-CEF9-4F96-A450-5664FD03A1DF}\{60BB6A24-C313-4752-BF21-8C31F932C751}\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\4.2014.411.0_0\native-src\bit\ext\core\components\campaign-attribution\ubp-feature-campaign-attribution.js not found. C:\Users\Twins\AppData\Local\Temp\{9BB410CE-CEF9-4F96-A450-5664FD03A1DF}\{0A89BA2D-8896-4A75-A3D6-AF3637FE3AC4}\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\4.2014.411.0_0\native-src\bit\ext\core\components\campaign-attribution\ubp-feature-campaign-attribution.js not found. C:\Users\Twins\AppData\Local\Temp\Skype\gilasterr.log => Moved successfully. Could not move "C:\Users\Twins\AppData\Local\Temp\Skype\DbTemp\temp-1ItQpMIjaXMU8b9X0WIr1hZb" => Scheduled to move on reboot. Could not move "C:\Users\Twins\AppData\Local\Temp\Skype\DbTemp\temp-xe0eH0owaXLLhfViqxnCcPsn" => Scheduled to move on reboot. Could not move "C:\Users\Twins\AppData\Local\Temp\Skype\DbTemp\temp-Ze8X6KCLrcc6Yt08Y3e8misO" => Scheduled to move on reboot. Could not move "C:\Users\Twins\AppData\Local\Temp\Skype\DbTemp\temp-zKanTE50lDqpJIljl3InjNhI" => Scheduled to move on reboot. Could not move "C:\Users\Twins\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-31850" => Scheduled to move on reboot. Could not move "C:\Users\Twins\AppData\Local\Temp" directory. => Scheduled to move on reboot. "C:\Program Files (x86)\MediaWatchV1" => File/Directory not found. "C:\Program Files (x86)\MediaViewerV1" => File/Directory not found. "C:\Program Files (x86)\MediaViewV1" => File/Directory not found. "C:\Program Files (x86)\Social Privacy" => File/Directory not found. "C:\Program Files (x86)\CostMin" => File/Directory not found. C:\Users\Twins\AppData\Local\fst_us_83 => Moved successfully. C:\ProgramData\IePluginServices => Moved successfully. C:\Program Files (x86)\SupTab => Moved successfully. "C:\Users\Twins\AppData\Local\MRS" directory move: C:\Users\Twins\AppData\Local\MRS\BaseLibrary.dll => Moved successfully. C:\Users\Twins\AppData\Local\MRS\ConfigurationData.dll => Moved successfully. C:\Users\Twins\AppData\Local\MRS\Interop.SHDocVw.dll => Moved successfully. C:\Users\Twins\AppData\Local\MRS\NDde.DLL => Moved successfully. C:\Users\Twins\AppData\Local\MRS\SQLite.Interop.dll => Moved successfully. C:\Users\Twins\AppData\Local\MRS\svcsystem.exe => Moved successfully. C:\Users\Twins\AppData\Local\MRS\System.Data.SQLite.dll => Moved successfully. C:\Users\Twins\AppData\Local\MRS\winsystem.exe => Moved successfully. Could not move "C:\Users\Twins\AppData\Local\MRS" directory. => Scheduled to move on reboot. C:\Users\Twins\AppData\Roaming\v9 => Moved successfully. C:\Users\Twins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage => Moved successfully. C:\Program Files (x86)\Supporter => Moved successfully. "C:\Users\Twins\AppData\Roaming\MRS" directory move: C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\BaseLibrary.dll => Moved successfully. C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\ConfigurationData.dll => Moved successfully. C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\Installer.dll => Moved successfully. C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\InstallerLibrary.dll => Moved successfully. C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\Newtonsoft.Json.dll => Moved successfully. C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\SQLite.Interop.dll => Moved successfully. C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\System.Data.SQLite.dll => Moved successfully. C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\win32.reg => Moved successfully. C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\WindowsUpdater.exe => Moved successfully. Could not move "C:\Users\Twins\AppData\Roaming\MRS" directory. => Scheduled to move on reboot. "C:\Users\Twins\AppData\Local\IdleCrawler" => File/Directory not found. C:\Users\UpdatusUser\AppData\Local\Torch => Moved successfully. C:\Users\UpdatusUser\AppData\Local\Chromatic Browser => Moved successfully. C:\Users\Twins\AppData\Local\Torch => Moved successfully. C:\Users\Twins\AppData\Local\Chromatic Browser => Moved successfully. C:\Users\Guest\AppData\Local\Torch => Moved successfully. C:\Users\Guest\AppData\Local\Chromatic Browser => Moved successfully. C:\Users\Administrator\AppData\Local\Torch => Moved successfully. C:\Users\Administrator\AppData\Local\Chromatic Browser => Moved successfully. C:\Program Files (x86)\MRS => Moved successfully. "C:\Windows\System32\Tasks\IdleCrawler Runner" => File/Directory not found. "C:\Users\Twins\AppData\Local\fst_us_83" => File/Directory not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fst => Moved successfully. "C:\Windows\System32\Tasks\GPUpdateCheck" => File/Directory not found. C:\Users\Twins\AppData\Roaming\wi_upd => Moved successfully. "C:\Windows\System32\Tasks\GPUpdate" => File/Directory not found. C:\Users\Twins\AppData\Roaming\GetPrivate => Moved successfully. "C:\Windows\Tasks\pcreg.job" => File/Directory not found. C:\Program Files\pcmax => Moved successfully. "C:\Windows\System32\Tasks\pcreg" => File/Directory not found. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-17 12:47:20)<= C:\Users\Twins\AppData\Local\Temp\etilqs_73YD4iKAeYHMIZd => Is moved successfully. C:\Users\Twins\AppData\Local\Temp\etilqs_NpLbhC1y6PpZ0Qb => Is moved successfully. C:\Users\Twins\AppData\Local\Temp\Skype\DbTemp\temp-1ItQpMIjaXMU8b9X0WIr1hZb => Is moved successfully. C:\Users\Twins\AppData\Local\Temp\Skype\DbTemp\temp-xe0eH0owaXLLhfViqxnCcPsn => Is moved successfully. C:\Users\Twins\AppData\Local\Temp\Skype\DbTemp\temp-Ze8X6KCLrcc6Yt08Y3e8misO => Is moved successfully. C:\Users\Twins\AppData\Local\Temp\Skype\DbTemp\temp-zKanTE50lDqpJIljl3InjNhI => Is moved successfully. C:\Users\Twins\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-31850 => Is moved successfully. C:\Users\Twins\AppData\Local\Temp => Moved successfully. C:\Users\Twins\AppData\Local\MRS => Is moved successfully. C:\Users\Twins\AppData\Roaming\MRS => Is moved successfully. ==== End of Fixlog ====
- June 17, 2014
- 13 replies
Resilient malware.

Hunter2222 replied to Hunter2222's topic in Resolved Malware Removal Logs

When I attemted to remove the supporter 1.80 and error message appeared reading "the specified module could not be found".
- June 16, 2014
- 13 replies
Resilient malware.

Hunter2222 replied to Hunter2222's topic in Resolved Malware Removal Logs

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 01 Ran by Twins at 2014-06-11 23:44:13 Running from C:\Users\Twins\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.) APB Reloaded (HKLM-x32\...\Steam App 113400) (Version: - Reloaded Productions) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies) AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC) BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.31638 - BitTorrent Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform) Empire Earth (HKLM-x32\...\{2447500B-22D7-47BD-9B13-1A927F43A267}) (Version: - ) Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios) IdleCrawler (HKLM-x32\...\IdleCrawler) (Version: 35.0.0.84 - Internet Deep Research Foundation) <==== ATTENTION iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java 6 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416031FF}) (Version: 6.0.310 - Oracle) Java 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games) League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - ) NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden NVIDIA 3D Vision Controller Driver 280.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 280.19 - NVIDIA Corporation) NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden Portforward Static IP Address 1.0.47 (HKLM-x32\...\Portforward Static IP Address) (Version: 1.0.47 - Portforward.com) Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64) Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.) Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2151.6 - Hi-Rez Studios) Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform) Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.40 - Bioware/EA) Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}) (Version: - Costmin) <==== ATTENTION swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab CYRI (HKLM-x32\...\{E5F05232-96B6-4552-A480-785A60A94B21}) (Version: 5.0.6.0 - Husdawg, LLC) System Update kb70007 (x32 Version: 1.0.0 - MRS) Hidden TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.6 - En Masse Entertainment) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net) ==================== Restore Points ========================= 09-06-2014 23:41:59 Scheduled Checkpoint 10-06-2014 02:32:22 Restore Operation 10-06-2014 03:06:46 Restore Operation 10-06-2014 18:12:12 Removed Adobe Reader 9. 11-06-2014 10:01:03 Scheduled Checkpoint ==================== Hosts content: ========================== 2006-11-02 08:34 - 2014-05-02 22:22 - 00450628 ___RA C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {0CBC4A36-353C-425E-B730-4FA308499E31} - System32\Tasks\GPUpdateCheck => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-06-09] () Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {19C4767B-414A-4AD4-B365-4E594F31924D} - System32\Tasks\Microsoft\Windows\Maintenance\IdleCrawler Update => %LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe <==== ATTENTION Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation) Task: {4D1EBDA2-D0E5-4D4A-830C-DF23C166703E} - System32\Tasks\DTReg => C:\Users\Twins\AppData\Roaming\defaulttab\defaulttab\DTReg.exe <==== ATTENTION Task: {6AC0B13B-77EA-43BD-B1B6-5AFFB0989889} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation) Task: {6B16E210-B65C-457B-824C-DF99624E7248} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated) Task: {740E6305-CED7-4A98-9527-3CA32D28A572} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd) Task: {753B2E53-FA29-4D82-93AB-1DDA03F64C37} - System32\Tasks\{7E0B3D46-A349-4B5C-8D3A-B29D13704B6A} => Firefox.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsProgressBar Task: {7ACC5419-445E-4429-A491-CE1D5FCA3340} - System32\Tasks\IdleCrawler Runner => %LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe <==== ATTENTION Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {975B871F-AC59-4C02-883B-DD7646B3119D} - System32\Tasks\DTChk => C:\Users\Public\Util\DTChk.exe Task: {A4DEEB13-31A0-4086-A495-16A90C46A76A} - System32\Tasks\pcreg => C:\Program Files\pcmax\service.exe <==== ATTENTION Task: {AA1777E9-EF04-450C-841A-F32E05CEDA16} - System32\Tasks\GPUpdate => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-06-09] () Task: {ABEEC1AF-8C00-4F62-8D2A-2E194DDE411D} - System32\Tasks\{14FE9E67-2288-43B8-A8D7-B08AA0B53B96} => Firefox.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?page=tsProgressBar Task: {D82CFB5D-BDD1-455A-A596-6F55EFC5BDA8} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] () Task: {FF7C57F2-D48F-4F4A-915A-CDE2732808E0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION Task: C:\Windows\Tasks\pcreg.job => C:\Program Files\pcmax\service.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2014-06-07 02:37 - 2014-05-29 17:59 - 00029184 _____ () C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\WindowsUpdater.exe 2014-06-07 02:37 - 2014-05-29 17:59 - 02322944 _____ () C:\Users\Twins\AppData\Local\MRS\svcsystem.exe 2014-06-06 01:55 - 2014-05-29 10:19 - 03268048 _____ () C:\Users\Twins\AppData\Local\fst_us_83\upfst_us_83.exe 2014-06-07 02:37 - 2014-05-29 17:59 - 00017920 _____ () C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\ConfigurationData.dll 2014-06-07 02:37 - 2014-05-29 17:59 - 00013824 _____ () C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\BaseLibrary.dll 2014-06-07 02:37 - 2014-05-29 17:59 - 00015360 _____ () C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\Installer.dll 2014-06-07 02:37 - 2014-05-29 17:59 - 00054784 _____ () C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\InstallerLibrary.dll 2014-06-07 02:37 - 2014-05-29 17:59 - 00017920 _____ () C:\Users\Twins\AppData\Local\MRS\ConfigurationData.dll 2014-06-07 02:37 - 2014-05-29 17:59 - 00013824 _____ () C:\Users\Twins\AppData\Local\MRS\BaseLibrary.dll 2014-06-10 15:14 - 2014-06-10 15:15 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-05-13 05:51 - 2014-05-13 05:51 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: USB Wireless 802.11 b/g Adaptor Description: USB Wireless 802.11 b/g Adaptor Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Lite-On Service: netr7364 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/11/2014 05:36:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application Wow.exe, version 3.3.5.12340, time stamp 0x4c2452fe, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000000, process id 0x10bc, application start time 0xWow.exe0. Error: (06/11/2014 02:40:20 PM) (Source: Software Licensing Service) (EventID: 8198) (User: ) Description: License Activation (SLUI.exe) failed with the following error code: 0x80070057 Error: (06/10/2014 06:45:50 PM) (Source: Software Licensing Service) (EventID: 8198) (User: ) Description: License Activation (SLUI.exe) failed with the following error code: 0x80070057 Error: (06/09/2014 11:19:15 PM) (Source: Software Licensing Service) (EventID: 8198) (User: ) Description: License Activation (SLUI.exe) failed with the following error code: 0x80070057 Error: (06/09/2014 11:17:37 PM) (Source: System Restore) (EventID: 8209) (User: ) Description: An unspecified error occurred during System Restore: (Restore Operation). Additional information: . Error: (06/09/2014 10:50:44 PM) (Source: Software Licensing Service) (EventID: 8198) (User: ) Description: License Activation (SLUI.exe) failed with the following error code: 0x80070057 Error: (06/09/2014 08:29:16 PM) (Source: Software Licensing Service) (EventID: 8198) (User: ) Description: License Activation (SLUI.exe) failed with the following error code: 0x80070057 Error: (06/09/2014 05:16:21 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OMABCAFEPEAFKCJMJEMONDIOCFGFIEOJ\2.2> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (06/09/2014 05:16:21 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: The entry <C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OMABCAFEPEAFKCJMJEMONDIOCFGFIEOJ\2.2> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error: (06/09/2014 01:25:19 AM) (Source: Software Licensing Service) (EventID: 8193) (User: ) Description: License Activation Scheduler (SLUINotify.dll) failed with the following error code: 0x80080005 System errors: ============= Error: (06/11/2014 05:15:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: NVIDIA Update Service Daemon%%1069 Error: (06/11/2014 05:15:21 AM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: nvUpdatusService.\UpdatusUser%%1330 Error: (06/11/2014 05:13:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: cdrom Error: (06/11/2014 05:12:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Client Virtualization HandlerApplication Virtualization Client%%1053 Error: (06/11/2014 05:12:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Application Virtualization Client%%1053 Error: (06/11/2014 05:12:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Application Virtualization Client Error: (06/11/2014 05:12:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Service Component of VO%%3 Error: (06/11/2014 05:12:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Apple Mobile Device%%1053 Error: (06/11/2014 05:12:58 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Apple Mobile Device Error: (06/11/2014 05:11:42 AM) (Source: Ntfs) (EventID: 137) (User: ) Description: The default transaction resource manager on volume D: encountered a non-retryable error and could not start. The data contains the error code. Microsoft Office Sessions: ========================= Error: (06/11/2014 05:36:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Wow.exe3.3.5.123404c2452feunknown0.0.0.000000000c00000050000000010bc01cf85afd57469e9 Error: (06/11/2014 02:40:20 PM) (Source: Software Licensing Service) (EventID: 8198) (User: ) Description: 0x80070057 Error: (06/10/2014 06:45:50 PM) (Source: Software Licensing Service) (EventID: 8198) (User: ) Description: 0x80070057 Error: (06/09/2014 11:19:15 PM) (Source: Software Licensing Service) (EventID: 8198) (User: ) Description: 0x80070057 Error: (06/09/2014 11:17:37 PM) (Source: System Restore) (EventID: 8209) (User: ) Description: Restore Operation Error: (06/09/2014 10:50:44 PM) (Source: Software Licensing Service) (EventID: 8198) (User: ) Description: 0x80070057 Error: (06/09/2014 08:29:16 PM) (Source: Software Licensing Service) (EventID: 8198) (User: ) Description: 0x80070057 Error: (06/09/2014 05:16:21 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\GUEST\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OMABCAFEPEAFKCJMJEMONDIOCFGFIEOJ\2.2 Error: (06/09/2014 05:16:21 PM) (Source: Windows Search Service) (EventID: 3013) (User: ) Description: Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\OMABCAFEPEAFKCJMJEMONDIOCFGFIEOJ\2.2 Error: (06/09/2014 01:25:19 AM) (Source: Software Licensing Service) (EventID: 8193) (User: ) Description: 0x80080005 CodeIntegrity Errors: =================================== Date: 2014-06-11 23:44:03.698 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 23:44:03.521 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 23:44:03.341 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 23:44:03.160 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 23:44:02.978 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 23:44:02.798 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 23:44:02.617 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 23:44:02.437 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 23:44:02.235 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system. Date: 2014-06-11 23:44:02.055 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsdrivera.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 56% Total physical RAM: 3069.76 MB Available physical RAM: 1334.91 MB Total Pagefile: 6369.55 MB Available Pagefile: 3959.02 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:289.14 GB) (Free:79.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: () (Fixed) (Total:8.95 GB) (Free:8.85 GB) NTFS Drive e: () (Fixed) (Total:8.95 GB) (Free:8.85 GB) NTFS Drive f: () (Fixed) (Total:289.13 GB) (Free:289 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 5CC239DD) Partition 1: (Active) - (Size=289 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 298 GB) (Disk ID: 6983D6E7) Partition 1: (Not Active) - (Size=289 GB) - (Type=07 NTFS) Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS) ==================== End Of Log ============================
- June 12, 2014
- 13 replies
Resilient malware.

Hunter2222 replied to Hunter2222's topic in Resolved Malware Removal Logs

14:36:34.0063 0x127c msiserver - ok 14:36:34.0082 0x127c [ 0EA73E498F53B96D83DBFCA074AD4CF8, E3DDE34FCFF272E06CD8DA836F8D79E2515885715D4A7CD7BF8D97D7A4E0E781 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:36:34.0083 0x127c MSKSSRV - ok 14:36:34.0111 0x127c [ 52E59B7E992A58E740AA63F57EDBAE8B, A89F607B330BA1F42CA9FF01EF289BBD088350CF376568E58CB9865F1DA6CD72 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:36:34.0112 0x127c MSPCLOCK - ok 14:36:34.0130 0x127c [ 49084A75BAE043AE02D5B44D02991BB2, 4CD2692D191035CE9D18F4D21F054FF8C3F9CF2734464EA33EAB480A28AD447F ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:36:34.0132 0x127c MSPQM - ok 14:36:34.0167 0x127c [ DC6CCF440CDEDE4293DB41C37A5060A5, 768D08A67508E1CE69B67642A5E5A639C0DD1E93C956C56ECC5A56B0E502C953 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:36:34.0224 0x127c MsRPC - ok 14:36:34.0257 0x127c [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 14:36:34.0259 0x127c mssmbios - ok 14:36:34.0282 0x127c [ 86D632D75D05D5B7C7C043FA3564AE86, 96911FBC106B91E76598EE110B5147D4C55E42C9194E857F866B6B395E78D2CB ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:36:34.0283 0x127c MSTEE - ok 14:36:34.0320 0x127c [ 0CC49F78D8ACA0877D885F149084E543, 984DDCB52F0DFC1B26C6504FE500E8D9C2CA7F79ED34608AE9866A0915B8BA67 ] Mup C:\Windows\system32\Drivers\mup.sys 14:36:34.0329 0x127c Mup - ok 14:36:34.0407 0x127c [ A5B10C845E7538C60C0F5D87A57CB3F5, 2B4E16702591C59BC2CA2B99DBB504BAB4F4EF0835B0D9C7453D340CBF0BDF16 ] napagent C:\Windows\system32\qagentRT.dll 14:36:34.0422 0x127c napagent - ok 14:36:34.0468 0x127c [ 2007B826C4ACD94AE32232B41F0842B9, 6267D165C3C8C5F83194890A6DBF71226D4B891AECD1D06F7AEB5D738C3DC9CA ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:36:34.0492 0x127c NativeWifiP - ok 14:36:34.0628 0x127c [ 65950E07329FCEE8E6516B17C8D0ABB6, 4429D9FF9B6E376D28D8FA4906B7554DF566EC23E455E3166C496B579622F204 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:36:34.0644 0x127c NDIS - ok 14:36:34.0732 0x127c [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:36:34.0733 0x127c NdisTapi - ok 14:36:34.0781 0x127c [ 8BAA43196D7B5BB972C9A6B2BBF61A19, 8AFFB26F6E8CF67F562818BBFE12FB448E4FCDF9B68858B625681565DE30DDC1 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:36:34.0788 0x127c Ndisuio - ok 14:36:34.0829 0x127c [ F8158771905260982CE724076419EF19, B86FFA790A30ED614A11C87F4D738C913EFC0924DC14750D544001D4E9556071 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:36:34.0834 0x127c NdisWan - ok 14:36:34.0881 0x127c [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:36:34.0928 0x127c NDProxy - ok 14:36:34.0991 0x127c [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:36:35.0011 0x127c NetBIOS - ok 14:36:35.0054 0x127c [ FC2C792EBDDC8E28DF939D6A92C83D61, 9EDF8B56E2B47C31457074DA371B604E5F7EB2B3B5CD4688CBEEDD5B266D119B ] netbt C:\Windows\system32\DRIVERS\netbt.sys 14:36:35.0063 0x127c netbt - ok 14:36:35.0108 0x127c [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] Netlogon C:\Windows\system32\lsass.exe 14:36:35.0111 0x127c Netlogon - ok 14:36:35.0194 0x127c [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] Netman C:\Windows\System32\netman.dll 14:36:35.0207 0x127c Netman - ok 14:36:35.0255 0x127c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:36:35.0261 0x127c NetMsmqActivator - ok 14:36:35.0275 0x127c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:36:35.0278 0x127c NetPipeActivator - ok 14:36:35.0378 0x127c [ 7846D0136CC2B264926A73047BA7688A, 6F56CC1B17095C378D98B58A92F9EDA2D009529DDB6F60E815D85C7606C8EDC0 ] netprofm C:\Windows\System32\netprofm.dll 14:36:35.0390 0x127c netprofm - ok 14:36:35.0492 0x127c [ B69D6BB680C85243AF0263B3E01D5E77, 526B5C0CCAE6BE2EFFF532930FF8198864EA032B6D9EFC680ABC55E10B6984B6 ] netr7364 C:\Windows\system32\DRIVERS\netr7364.sys 14:36:35.0510 0x127c netr7364 - ok 14:36:35.0547 0x127c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:36:35.0582 0x127c NetTcpActivator - ok 14:36:35.0591 0x127c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:36:35.0596 0x127c NetTcpPortSharing - ok 14:36:35.0705 0x127c [ 4AC08BD6AF2DF42E0C3196D826C8AEA7, 8D7DE921E14BAF09D7E2704CFB2FB1C8A78A46DAF86CDF7A347C5D113A8C110B ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:36:35.0707 0x127c nfrd960 - ok 14:36:35.0755 0x127c [ F145BF4C4668E7E312069F81EF847CFC, C4926EFB41FE2813E90D83456C6CB8F3157D835391B443C7E26168F4E1D67DC7 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:36:35.0761 0x127c NlaSvc - ok 14:36:35.0833 0x127c [ B298874F8E0EA93F06EC40AA8D146478, 275D769E5EFD3153985DAF84C5B22B9D65428E09AB41099901ABDD03B3A2625D ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:36:35.0835 0x127c Npfs - ok 14:36:35.0861 0x127c [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] nsi C:\Windows\system32\nsisvc.dll 14:36:35.0864 0x127c nsi - ok 14:36:35.0879 0x127c [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:36:35.0881 0x127c nsiproxy - ok 14:36:36.0064 0x127c [ 2ACCAA3C3C55370A32F17B3595E1A217, 8539A293A5E1EBA2CC0FA9E999099D3B6B035D41069398AE17D737BBE4D9FEA8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:36:36.0110 0x127c Ntfs - ok 14:36:36.0153 0x127c [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] Null C:\Windows\system32\drivers\Null.sys 14:36:36.0154 0x127c Null - ok 14:36:36.0203 0x127c [ 9733F305FA84AAF84E7FB09C0B345ADB, 466629CC22224B2D4FA2098EB277BBDF9D2A0CD3D27D29638225207A76A08281 ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x64.sys 14:36:36.0245 0x127c NVENETFD - ok 14:36:36.0887 0x127c [ FCBA1C22727939E7CFF9EB08FE9692AB, 081FBF38EA17746C5CF2260AD32B62385D4A075476E30CBB9A2AA080F8AA0CA4 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 14:36:37.0272 0x127c nvlddmkm - ok 14:36:37.0354 0x127c [ 2C040B7ADA5B06F6FACADAC8514AA034, EF32F7C411090230ED1D95B2D01E8464DCC89D72EFD94BBC8DF6856D00B1A783 ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:36:37.0358 0x127c nvraid - ok 14:36:37.0379 0x127c [ F7EA0FE82842D05EDA3EFDD376DBFDBA, 0ED0543A5331C0D8BBFD1BE3174482ED1B3EE70CA41CE8CE5C81977C37B3D129 ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:36:37.0381 0x127c nvstor - ok 14:36:37.0555 0x127c [ 10C232F6CFFD51D2332898AE7AE0FF23, 92E5452D8467852C22D702ACAFB5DBFD312A8F72A4353B8D0A9C18AEFCE4B2B2 ] nvsvc C:\Windows\system32\nvvsvc.exe 14:36:37.0582 0x127c nvsvc - ok 14:36:37.0708 0x127c [ 4789E020D2617046862D1790FC235FF6, FCFD56DF2CADA830E7B2D4B91D5A9D2FE783B1396CBA124000765168FA5B6574 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 14:36:37.0746 0x127c nvUpdatusService - ok 14:36:37.0849 0x127c [ 19067CA93075EF4823E3938A686F532F, 81339372E90CE9E2594461146A82B62452CF9DB3FF53381D30F6922059EDCF99 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:36:37.0925 0x127c nv_agp - ok 14:36:37.0932 0x127c NwlnkFlt - ok 14:36:37.0941 0x127c NwlnkFwd - ok 14:36:38.0003 0x127c [ B5B1CE65AC15BBD11C0619E3EF7CFC28, E9AA27724A7576D1869FF861A498DB8AF79A7B297F10272F1D63E6CB88CD455B ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 14:36:38.0005 0x127c ohci1394 - ok 14:36:38.0228 0x127c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:36:38.0263 0x127c ose - ok 14:36:38.0576 0x127c [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 14:36:38.0699 0x127c osppsvc - ok 14:36:38.0850 0x127c [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2pimsvc C:\Windows\system32\p2psvc.dll 14:36:38.0941 0x127c p2pimsvc - ok 14:36:38.0975 0x127c [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2psvc C:\Windows\system32\p2psvc.dll 14:36:38.0996 0x127c p2psvc - ok 14:36:39.0099 0x127c [ AECD57F94C887F58919F307C35498EA0, CD8E8B54A445EF0DC485D5F221588875C98328596F64EE03B2D8BD0B860504FB ] Parport C:\Windows\system32\drivers\parport.sys 14:36:39.0129 0x127c Parport - ok 14:36:39.0173 0x127c [ B43751085E2ABE389DA466BC62A4B987, 167CB6B18B6B7B74A229A976833E1FBE6D51C9C0EB8A23C92FC2465B692DF383 ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:36:39.0204 0x127c partmgr - ok 14:36:39.0248 0x127c [ 9AB157B374192FF276C1628FBDBA2B0E, E63E2EE1ABEEC5234F4F1318757EDB4A7567057B1DF1A2414C8698D47062B6AC ] PcaSvc C:\Windows\System32\pcasvc.dll 14:36:39.0252 0x127c PcaSvc - ok 14:36:39.0291 0x127c [ 47AB1E0FC9D0E12BB53BA246E3A0906D, 82B452D614B535FAD3AFEEA06DFBBF8F7C5031563A2558CFA04F9B94C76E45DF ] pci C:\Windows\system32\drivers\pci.sys 14:36:39.0296 0x127c pci - ok 14:36:39.0349 0x127c [ 2657F6C0B78C36D95034BE109336E382, C85CFDA57A64B7CC1BB09225C2F81629CEF21C5F25735B098F214397D6DE0D2C ] pciide C:\Windows\system32\drivers\pciide.sys 14:36:39.0351 0x127c pciide - ok 14:36:39.0411 0x127c [ 037661F3D7C507C9993B7010CEEE6288, A7B415675B14FD755D0167BBA458A902AA9ABFC4343A1B887289D31DE8A55285 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:36:39.0417 0x127c pcmcia - ok 14:36:39.0456 0x127c [ 58865916F53592A61549B04941BFD80D, 3511AF2EFD06636E144C36ECA8C7AA1A33C269EDB10A6D879AA25D9E11359AA9 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:36:39.0478 0x127c PEAUTH - ok 14:36:39.0719 0x127c [ 0ED8727EA0172860F47258456C06CAEA, 3CDAA1044E412EC4303CEABD36A8C7BADA2D6C6692E09B8FE440709E3F4F0166 ] PerfHost C:\Windows\SysWow64\perfhost.exe 14:36:39.0722 0x127c PerfHost - ok 14:36:39.0894 0x127c [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] pla C:\Windows\system32\pla.dll 14:36:39.0932 0x127c pla - ok 14:36:39.0984 0x127c [ FE6B0F59215C9FD9F9D26539C58C8B82, 52CF8BE31A28430226D117EB80974AEAE5EA07F39DE881164232D44BF67FF752 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:36:40.0025 0x127c PlugPlay - ok 14:36:40.0092 0x127c [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 14:36:40.0119 0x127c PNRPAutoReg - ok 14:36:40.0153 0x127c [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPsvc C:\Windows\system32\p2psvc.dll 14:36:40.0172 0x127c PNRPsvc - ok 14:36:40.0308 0x127c [ 89A5560671C2D8B4A4B51F3E1AA069D8, 07DEE5D73DDE09F954E2E13BB5603F0033829B6199C81A7C1709D94AB92B351E ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:36:40.0324 0x127c PolicyAgent - ok 14:36:40.0371 0x127c [ 23386E9952025F5F21C368971E2E7301, F7241C1799A8AA0E9106B101B841670304DC695FD8D290C690CE0ED5C13BC514 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:36:40.0374 0x127c PptpMiniport - ok 14:36:40.0394 0x127c [ 5080E59ECEE0BC923F14018803AA7A01, 2E201511821AECCF056962399AFA3533ED765A3E7FD30E7B38A6D13837367E69 ] Processor C:\Windows\system32\drivers\processr.sys 14:36:40.0396 0x127c Processor - ok 14:36:40.0429 0x127c [ E058CE4FC2449D8BFA14739C83B7FF2A, 6ACA086D5E0EF3C3EAEBD78010E50739BBA7CA05E937FFF3A4F2AD22FD57B54A ] ProfSvc C:\Windows\system32\profsvc.dll 14:36:40.0434 0x127c ProfSvc - ok 14:36:40.0449 0x127c [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] ProtectedStorage C:\Windows\system32\lsass.exe 14:36:40.0490 0x127c ProtectedStorage - ok 14:36:40.0538 0x127c [ C5AB7F0809392D0DA027F4A2A81BFA31, B5BC9712AD93661A77AF4D67DB5F05C58A93CF7CDD6F7BA20568C0A9F4630321 ] PSched C:\Windows\system32\DRIVERS\pacer.sys 14:36:40.0541 0x127c PSched - ok 14:36:40.0627 0x127c [ 0B83F4E681062F3839BE2EC1D98FD94A, 47E1B8014C59981693F5544872AF00383528AAEF0C6FE9AE8C45A6359EFB067D ] ql2300 C:\Windows\system32\drivers\ql2300.sys 14:36:40.0663 0x127c ql2300 - ok 14:36:40.0709 0x127c [ E1C80F8D4D1E39EF9595809C1369BF2A, 5C18F8366049C690FC8AA4A992AA0765A6607F72E0EF889A5F3757E59FB1C143 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 14:36:40.0715 0x127c ql40xx - ok 14:36:40.0828 0x127c [ 90574842C3DA781E279061A3EFF91F07, F87DE7355DAA4FACF2126A0427C08BAAD9E647E0B02EE5447746BE969B28DA8D ] QWAVE C:\Windows\system32\qwave.dll 14:36:40.0843 0x127c QWAVE - ok 14:36:40.0892 0x127c [ E8D76EDAB77EC9C634C27B8EAC33ADC5, 171A3C5D5C3C5845C3BF9A4BCD88E744B025C910AC2F528D0E7D66F173FF0BED ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:36:40.0894 0x127c QWAVEdrv - ok 14:36:40.0908 0x127c [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:36:40.0909 0x127c RasAcd - ok 14:36:40.0925 0x127c [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] RasAuto C:\Windows\System32\rasauto.dll 14:36:40.0929 0x127c RasAuto - ok 14:36:40.0965 0x127c [ AC7BC4D42A7E558718DFDEC599BBFC2C, E059EB9472FDDB73AF09FFEBA58D8284AFCDAB1516E0C5759980E60C892F8126 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:36:40.0970 0x127c Rasl2tp - ok 14:36:40.0990 0x127c [ 3AD83E4046C43BE510DE681588ACB8AF, C5445A23F35395B3EA3974C0D5E314E23D900C694D31F7B7A83FE9027D95A91C ] RasMan C:\Windows\System32\rasmans.dll 14:36:41.0001 0x127c RasMan - ok 14:36:41.0020 0x127c [ 4517FBF8B42524AFE4EDE1DE102AAE3E, F01C8A773A637B66192BD16DDE467CAECC6E62853DBDB507FF3FC67B4B388988 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:36:41.0023 0x127c RasPppoe - ok 14:36:41.0041 0x127c [ C6A593B51F34C33E5474539544072527, 8182C1D15CDC164363D3DD355197160167A00BA9FA833AA444317D06344EF7CE ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:36:41.0044 0x127c RasSstp - ok 14:36:41.0067 0x127c [ 322DB5C6B55E8D8EE8D6F358B2AAABB1, 07B89F701594F680F50A885B923521763A6131104CEE63D422E1C359C23AE2F6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:36:41.0075 0x127c rdbss - ok 14:36:41.0103 0x127c [ 603900CC05F6BE65CCBF373800AF3716, 83B010D51D1087673CF15FD0A992FD91CC910A073FEA9A8F20F6124B6E5489F2 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:36:41.0144 0x127c RDPCDD - ok 14:36:41.0190 0x127c [ C045D1FB111C28DF0D1BE8D4BDA22C06, 572986C93B982387EE94797A1EDE1C6C444B0F1078AC8201099452BFA021458F ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 14:36:41.0200 0x127c rdpdr - ok 14:36:41.0207 0x127c [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:36:41.0209 0x127c RDPENCDD - ok 14:36:41.0245 0x127c [ AE4BD9E1C33D351D8E607FC81F15160C, AD785CA72B7C6EB9F94B2E797C758C0F804DB26EE056DDC6D4F85BB562A02EA4 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:36:41.0256 0x127c RDPWD - ok 14:36:41.0334 0x127c [ C612B9557DA73F70D41F8A6FBC8E5344, D7D11F202066F848FBD3F26D9FF915C7F3D68F30631393B2049F3AC5A40FD108 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:36:41.0338 0x127c RemoteAccess - ok 14:36:41.0401 0x127c [ 44B9D8EC2F3EF3A0EFB00857AF70D861, A45D8024A242456A73337C91663A3E1633BF163234CDFD5DF86840F31FFFE84D ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:36:41.0406 0x127c RemoteRegistry - ok 14:36:41.0529 0x127c [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] RpcLocator C:\Windows\system32\locator.exe 14:36:41.0531 0x127c RpcLocator - ok 14:36:41.0596 0x127c [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] RpcSs C:\Windows\system32\rpcss.dll 14:36:41.0612 0x127c RpcSs - ok 14:36:41.0696 0x127c [ 22A9CB08B1A6707C1550C6BF099AAE73, 46A9D40A03DC0B6C93274C0C1CDB132B2339E76E77CAB0F12AEDAD4C31822B91 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:36:41.0698 0x127c rspndr - ok 14:36:41.0717 0x127c [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] SamSs C:\Windows\system32\lsass.exe 14:36:41.0719 0x127c SamSs - ok 14:36:41.0751 0x127c [ CD9C693589C60AD59BBBCFB0E524E01B, F9EBD4FF4C712A563B1120D123012E41105D31402BE45D6F8C8DA71155D64ECB ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:36:41.0754 0x127c sbp2port - ok 14:36:41.0816 0x127c [ FD1CDCF108D5EF3366F00D18B70FB89B, 5BCE3A9D5DC0B6937A734264C5B8DE0E6B8F77A869A118F94D57E662AAB28FE2 ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:36:41.0823 0x127c SCardSvr - ok 14:36:42.0061 0x127c [ 0F838C811AD295D2A4489B9993096C63, 3DF2F973359249735810CB5AD52E05126A93A1C7D9F6274ACB018A0A125846BD ] Schedule C:\Windows\system32\schedsvc.dll 14:36:42.0087 0x127c Schedule - ok 14:36:42.0215 0x127c [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] SCPolicySvc C:\Windows\System32\certprop.dll 14:36:42.0218 0x127c SCPolicySvc - ok 14:36:42.0279 0x127c [ 4FF71B076A7760FE75EA5AE2D0EE0018, DDDBC9530120F8C1AB449076F6F06F74354149B4C458E6682F957628EE795DE8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:36:42.0285 0x127c SDRSVC - ok 14:36:42.0344 0x127c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:36:42.0345 0x127c secdrv - ok 14:36:42.0413 0x127c [ 5ACDCBC67FCF894A1815B9F96D704490, FE0247A8BEDB860EBD46A9D49C641D0B9AA24EE34132CDDADC9F5A605238FDA7 ] seclogon C:\Windows\system32\seclogon.dll 14:36:42.0463 0x127c seclogon - ok 14:36:42.0517 0x127c [ 90973A64B96CD647FF81C79443618EED, 1D3CB7F724B7EADA6443DF07B258EE7FB7FEC92C2A7A9D3C57F6A220EF0DDDC4 ] SENS C:\Windows\System32\sens.dll 14:36:42.0520 0x127c SENS - ok 14:36:42.0546 0x127c [ F71BFE7AC6C52273B7C82CBF1BB2A222, 8C7F0E426B266DBBFE4BBE3333A33C338209BD8BE0E434A98D0D2CFD78D3F758 ] Serenum C:\Windows\system32\drivers\serenum.sys 14:36:42.0547 0x127c Serenum - ok 14:36:42.0577 0x127c [ E62FAC91EE288DB29A9696A9D279929C, 9B6A420556532F7F8D55FB6580A592A43BEA579A068B970C741A23DB079ECAD1 ] Serial C:\Windows\system32\drivers\serial.sys 14:36:42.0581 0x127c Serial - ok 14:36:42.0614 0x127c [ A842F04833684BCEEA7336211BE478DF, 9D964AEA237C44898098AC9C2D043F00C66EDA7D73C381D616737C01A9D0FF45 ] sermouse C:\Windows\system32\drivers\sermouse.sys 14:36:42.0623 0x127c sermouse - ok 14:36:42.0665 0x127c [ A8E4A4407A09F35DCCC3771AF590B0C4, F56ECE42CE81098FCCBCDFBBF006C3FB9EDD29C62F03C4EAE012EE690669481B ] SessionEnv C:\Windows\system32\sessenv.dll 14:36:42.0670 0x127c SessionEnv - ok 14:36:42.0693 0x127c [ 14D4B4465193A87C127933978E8C4106, A5C3F2F09E9A0715529B05AC1020EF0F432121E129447795257087E0D6A812FC ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:36:42.0694 0x127c sffdisk - ok 14:36:42.0717 0x127c [ 7073AEE3F82F3D598E3825962AA98AB2, 82A959A0970CBA8CC16D44736ED12158E59E138484F3F53EBDD3A4C02DA3700D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:36:42.0718 0x127c sffp_mmc - ok 14:36:42.0773 0x127c [ 35E59EBE4A01A0532ED67975161C7B82, 4F4296B8903FCD06439CC8BF93C703852E523834F09CF9121FDA729A988AF11B ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:36:42.0775 0x127c sffp_sd - ok 14:36:42.0838 0x127c [ 6B7838C94135768BD455CBDC23E39E5F, 868E054ED546479DEAD7C2834C7AB080820522C16F5B4BEF0F3B279A33ABA9C8 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 14:36:42.0877 0x127c sfloppy - ok 14:36:43.0012 0x127c [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 14:36:43.0033 0x127c Sftfs - ok 14:36:43.0145 0x127c [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 14:36:43.0184 0x127c sftlist - ok 14:36:43.0256 0x127c [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 14:36:43.0264 0x127c Sftplay - ok 14:36:43.0305 0x127c [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 14:36:43.0306 0x127c Sftredir - ok 14:36:43.0361 0x127c [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 14:36:43.0362 0x127c Sftvol - ok 14:36:43.0493 0x127c [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 14:36:43.0501 0x127c sftvsa - ok 14:36:43.0627 0x127c [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] SharedAccess C:\Windows\System32\ipnathlp.dll 14:36:43.0640 0x127c SharedAccess - ok 14:36:43.0761 0x127c [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:36:43.0771 0x127c ShellHWDetection - ok 14:36:43.0809 0x127c [ 7A5DE502AEB719D4594C6471060A78B3, E8E16DF8AFFC230FBB1A5938925D464A1BA776184B8C020B37669EE2105DB9F2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 14:36:43.0811 0x127c SiSRaid2 - ok 14:36:43.0845 0x127c [ 3A2F769FAB9582BC720E11EA1DFB184D, 83EEBCE37E8709FCE15FB44F546C727C56064ED49B73A471EA33480573558419 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 14:36:43.0847 0x127c SiSRaid4 - ok 14:36:43.0889 0x127c [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 14:36:43.0893 0x127c SkypeUpdate - ok 14:36:44.0402 0x127c [ A9A27A8E257B45A604FDAD4F26FE7241, C5A1056522EE2BA7B70D34E391477A0E9351569CEF28B875172F4B363F6D4177 ] slsvc C:\Windows\system32\SLsvc.exe 14:36:44.0455 0x127c slsvc - ok 14:36:44.0524 0x127c [ FD74B4B7C2088E390A30C85A896FC3AF, 897F1F89A4DDB356CF6E59EFBC32A2081C0CADE283793DB6879D263F7B2E313F ] SLUINotify C:\Windows\system32\SLUINotify.dll 14:36:44.0527 0x127c SLUINotify - ok 14:36:44.0617 0x127c [ 290B6F6A0EC4FCDFC90F5CB6D7020473, 971888FE760641FF86165B9876E6FC12DBC309C0FED2734C60B9E0EBC078AAE0 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:36:44.0621 0x127c Smb - ok 14:36:44.0657 0x127c [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:36:44.0660 0x127c SNMPTRAP - ok 14:36:44.0695 0x127c [ 386C3C63F00A7040C7EC5E384217E89D, DD8766BCBD77EC6F67979A8B37B943A3A0E5478CE3FB129BF8FCA29B66529721 ] spldr C:\Windows\system32\drivers\spldr.sys 14:36:44.0696 0x127c spldr - ok 14:36:44.0737 0x127c [ F66FF751E7EFC816D266977939EF5DC3, 689BDD0B442830E162F2F9A8EFBD0E137F518C7F0CD92EDF4A43EFBA188B69F4 ] Spooler C:\Windows\System32\spoolsv.exe 14:36:44.0746 0x127c Spooler - ok 14:36:44.0829 0x127c [ 880A57FCCB571EBD063D4DD50E93E46D, D46BA584D1C33F17C4156127742FA470AA044C4BCE9E6A209E5B1F3A44C73350 ] srv C:\Windows\system32\DRIVERS\srv.sys 14:36:44.0842 0x127c srv - ok 14:36:44.0972 0x127c [ A1AD14A6D7A37891FFFECA35EBBB0730, AE00950D330EE4C05F5AA9BC7E63E974766D8E93B607CB3E683C727E8A65049D ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:36:44.0978 0x127c srv2 - ok 14:36:45.0043 0x127c [ 4BED62F4FA4D8300973F1151F4C4D8A7, 1835895B3E837F8862F7F669DFBDF5EAB627E5656377624474C17E92CF440D2A ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:36:45.0048 0x127c srvnet - ok 14:36:45.0115 0x127c [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:36:45.0123 0x127c SSDPSRV - ok 14:36:45.0168 0x127c [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:36:45.0174 0x127c SstpSvc - ok 14:36:45.0224 0x127c [ 706080AD43599D4AB04F1676A3A62CC1, BD9A645163501E2234CAB2B99DB297A634526786D2CDC55FE1C18F5019623E34 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe 14:36:45.0236 0x127c Steam Client Service - ok 14:36:45.0424 0x127c [ 5A19667A580B1CE886EAF968B9743F45, 0A9EBE4057A0A6EF4732623794C2416A6BD8B87356DA46652BD92762505F57C7 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 14:36:45.0432 0x127c Stereo Service - ok 14:36:45.0505 0x127c [ 15825C1FBFB8779992CB65087F316AF5, E9431C016D209A7322C0586F11EEF0AB461AB5822960287BB1D0FBC30183614D ] stisvc C:\Windows\System32\wiaservc.dll 14:36:45.0524 0x127c stisvc - ok 14:36:45.0622 0x127c [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] swenum C:\Windows\system32\DRIVERS\swenum.sys 14:36:45.0631 0x127c swenum - ok 14:36:45.0687 0x127c [ 6DE37F4DE19D4EFD9C48C43ADDBC949A, 9C3714238571704CEE2AD4F1E15029243E00B494345C41F74EFDF3F0328CC9EA ] swprv C:\Windows\System32\swprv.dll 14:36:45.0703 0x127c swprv - ok 14:36:45.0753 0x127c [ 2F26A2C6FC96B29BEFF5D8ED74E6625B, 0227EAF144BC35AA4FF2535E8C9974C0609B7634EE45F4166B9F88F79B17BBF1 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 14:36:45.0755 0x127c Symc8xx - ok 14:36:45.0798 0x127c [ A909667976D3BCCD1DF813FED517D837, 0874DD4C1CA7AE2E519EBB45433BC9F11A574408F5D2F9E23A340CA76512F5CE ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 14:36:45.0832 0x127c Sym_hi - ok 14:36:45.0938 0x127c [ 36887B56EC2D98B9C362F6AE4DE5B7B0, 7349FABACB633A9EEE3D4E241A5F443C28D23CC87F21EAAB3F1711644AA21D7C ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 14:36:45.0940 0x127c Sym_u3 - ok 14:36:46.0186 0x127c [ 92D7A8B0F87B036F17D25885937897A6, 6759BAB11E5FBB143BE13DF1611AE5D41D379DF423D881E92E910DF6A37CBA85 ] SysMain C:\Windows\system32\sysmain.dll 14:36:46.0211 0x127c SysMain - ok 14:36:46.0436 0x127c [ 5697DA626175096815169A1D53829F53, F881142B2FC1543E64C238A05F63DF966B7960353F53A3AEADF84DBFF48DBDB2 ] SystemUpdatekb70007 C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\WindowsUpdater.exe 14:36:46.0437 0x127c SystemUpdatekb70007 - ok 14:36:46.0500 0x127c [ 005CE42567F9113A3BCCB3B20073B029, B1831D71410AD6E7DEB59D26BF6D2D07D2F6112936D6A6FDA57E9296ADA4076D ] TabletInputService C:\Windows\System32\TabSvc.dll 14:36:46.0504 0x127c TabletInputService - ok 14:36:46.0715 0x127c [ CC2562B4D55E0B6A4758C65407F63B79, C6AD05B345C699A715EC13830D8EA6EE9822F4B713D15B1F29AC044674A0F498 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:36:46.0759 0x127c TapiSrv - ok 14:36:46.0803 0x127c [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] TBS C:\Windows\System32\tbssvc.dll 14:36:46.0818 0x127c TBS - ok 14:36:46.0958 0x127c [ C2CB949645C299E23FBFD26CAD3FC96E, D2DB2F3F1013EA1E6E04D0AD74B8CDC3AD4BF6653F1092408629DD3492BE8968 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:36:46.0998 0x127c Tcpip - ok 14:36:47.0077 0x127c [ C2CB949645C299E23FBFD26CAD3FC96E, D2DB2F3F1013EA1E6E04D0AD74B8CDC3AD4BF6653F1092408629DD3492BE8968 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 14:36:47.0113 0x127c Tcpip6 - ok 14:36:47.0205 0x127c [ C7E72A4071EE0200E3C075DACFB2B334, 925A68FD021C7957792F31E9D69A31C180BEB878CD93D2C3E2BE463F58011A6C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:36:47.0213 0x127c tcpipreg - ok 14:36:47.0335 0x127c [ 1D8BF4AAA5FB7A2761475781DC1195BC, A28E972E9331BAD685D4C786FDE221565E0AD3E222B24B9182B7FA916BFCD9C8 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:36:47.0337 0x127c TDPIPE - ok 14:36:47.0360 0x127c [ 7F7E00CDF609DF657F4CDA02DD1C9BB1, 42A408E82D4017D27D3B0BBBA02BF4B21DEC060C89849785ED65962D18029B65 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:36:47.0362 0x127c TDTCP - ok 14:36:47.0392 0x127c [ 458919C8C42E398DC4802178D5FFEE27, E38828411DCE0AE2E2BF0D270FD80E47B46EDE4B44DAFD1DF11F54D427EACEB5 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:36:47.0394 0x127c tdx - ok 14:36:47.0459 0x127c [ 8C19678D22649EC002EF2282EAE92F98, 551E7EBA54C2345F2B7FD7AAA7ADA4C852C94F1B35E6E4BBEF883BAFA34F6262 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 14:36:47.0468 0x127c TermDD - ok 14:36:47.0552 0x127c [ 5CDD30BC217082DAC71A9878D9BFD566, 260D40973F9EEAE9A1890B813D8DCC01A9434D17DCE5DA1D16B72A57DCF59194 ] TermService C:\Windows\System32\termsrv.dll 14:36:47.0569 0x127c TermService - ok 14:36:47.0688 0x127c [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] Themes C:\Windows\system32\shsvcs.dll 14:36:47.0698 0x127c Themes - ok 14:36:47.0764 0x127c [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] THREADORDER C:\Windows\system32\mmcss.dll 14:36:47.0771 0x127c THREADORDER - ok 14:36:47.0842 0x127c [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] TrkWks C:\Windows\System32\trkwks.dll 14:36:47.0847 0x127c TrkWks - ok 14:36:48.0025 0x127c [ 66328B08EF5A9305D8EDE36B93930369, FD8136BF15AB8D2DB15D011C4F813737D68EED1178462DB8CE40606C16185A30 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:36:48.0027 0x127c TrustedInstaller - ok 14:36:48.0114 0x127c [ B2388462329ACD17AF50D8701E0C1B18, 959D7B7CCB526367645BAA11C56C88C9AD741EE338BAD6513C54FC7ED43F3AC0 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:36:48.0115 0x127c tssecsrv - ok 14:36:48.0172 0x127c [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 14:36:48.0173 0x127c tunmp - ok 14:36:48.0204 0x127c [ 30A9B3F45AD081BFFC3BCAA9C812B609, 57204F1F72FEFA086FF1D8A14487D56F4DEDD3C50FBB6903E0C4AC749EA720DE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:36:48.0242 0x127c tunnel - ok 14:36:48.0279 0x127c [ FEC266EF401966311744BD0F359F7F56, 6EE0223AEFA7A81BEB155FC0CD4421C2BEBCDCBC9663C23064B0445101114BF8 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 14:36:48.0283 0x127c uagp35 - ok 14:36:48.0327 0x127c [ FAF2640A2A76ED03D449E443194C4C34, CC2517DCFE6962EB2EDEB93E44CB53B113974C9C69A050E3F36385C8D78E810B ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:36:48.0336 0x127c udfs - ok 14:36:48.0424 0x127c [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:36:48.0475 0x127c UI0Detect - ok 14:36:48.0523 0x127c [ 4EC9447AC3AB462647F60E547208CA00, F304125321B1ECA915EDDBDB6A71EAEF3123DCB5604C9497D72F12E0C1BD5315 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:36:48.0537 0x127c uliagpkx - ok 14:36:48.0579 0x127c [ 697F0446134CDC8F99E69306184FBBB4, A741882B8FE403E3A5DECED5D4A2254B14AF40ACECD4DAA3D00D71C2205C2C5F ] uliahci C:\Windows\system32\drivers\uliahci.sys 14:36:48.0587 0x127c uliahci - ok 14:36:48.0612 0x127c [ 31707F09846056651EA2C37858F5DDB0, A619AC4B32EA77AC29458894614870086C4DDB81525ADBCFF1AB8970FC5C257A ] UlSata C:\Windows\system32\drivers\ulsata.sys 14:36:48.0650 0x127c UlSata - ok 14:36:48.0682 0x127c [ 85E5E43ED5B48C8376281BAB519271B7, DBDA4216553F7C5EA0C579346D0A638E62766D5B8FCB1BFF3149BB37BBF978D3 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 14:36:48.0687 0x127c ulsata2 - ok 14:36:48.0705 0x127c [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 14:36:48.0706 0x127c umbus - ok 14:36:48.0744 0x127c [ 7093799FF80E9DECA0680D2E3535BE60, 1CBFCCA84CB9212176BF5A1D32334BD54E58A2668A4746252738800468AD4AD4 ] upnphost C:\Windows\System32\upnphost.dll 14:36:48.0756 0x127c upnphost - ok 14:36:48.0793 0x127c [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 14:36:48.0796 0x127c USBAAPL64 - ok 14:36:48.0891 0x127c [ A565B509000BD3E42A9B93B9FFD40D3D, A22734F2DDAAD743D479D40EA91024F1A16A18D9D6C9FC4F90F3930AD040BFA3 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 14:36:48.0894 0x127c usbaudio - ok 14:36:48.0953 0x127c [ 858CC93477F9A9383E07861892600FF9, C72B25E7F6AF46AC22F8D2A1FA0345B290AAE642442C8A388EA75944334BB289 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:36:48.0956 0x127c usbccgp - ok 14:36:48.0984 0x127c [ 3F4BE4D7C5C4F64101F252263E588856, 279B05BF84E5C2DC7A24ED8FC7BCBE8A9D308F80D9EFF59DE37B4B53BD0A653C ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys 14:36:48.0988 0x127c usbcir - ok 14:36:49.0019 0x127c [ 82C3790E4E6F35087EF00994C7A72988, 95FA022BDAC65DCD2DA52C8FCC1F2C186B321F4599F40CB90262E24FD10AE16C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 14:36:49.0022 0x127c usbehci - ok 14:36:49.0049 0x127c [ BE2EB33AF6EE2E5DA07EB987E0A321F5, 0FCFABA080C553451AE4FAFB54DFE57639251D97DA204C07EC66F469826F3B46 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:36:49.0057 0x127c usbhub - ok 14:36:49.0071 0x127c [ 396041C6EA61202991221AA6A3B16190, 42B2372CF3496F53710C1DEBE49E18B1DAD38F7474A72B0F744DD98EBD3E21E5 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 14:36:49.0073 0x127c usbohci - ok 14:36:49.0099 0x127c [ ACFEE697AF477021BB3EC78C5431FED2, DE529549074E7CA1601D889D62CFF45F00741EB584F9F2091D61527944334C2A ] usbprint C:\Windows\system32\drivers\usbprint.sys 14:36:49.0101 0x127c usbprint - ok 14:36:49.0123 0x127c [ B854C1558FCA0C269A38663E8B59B581, 08CC36B33FA2281FC88671BE051863AA8CA911446D24596049DB77FB4CB09EA6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:36:49.0126 0x127c USBSTOR - ok 14:36:49.0150 0x127c [ B2872CBF9F47316ABD0E0C74A1ABA507, E9FB3EEA1D834A035675E22A3224E4E278C4D304F6511822D83250409D62BD3A ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 14:36:49.0152 0x127c usbuhci - ok 14:36:49.0189 0x127c [ D76E231E4850BB3F88A3D9A78DF191E3, 98CAD31C41AD155EA853DF850D94FA29543C3A7D26262D1B6881281D033CEBAF ] UxSms C:\Windows\System32\uxsms.dll 14:36:49.0192 0x127c UxSms - ok 14:36:49.0305 0x127c [ 294945381DFA7CE58CECF0A9896AF327, 67414C6D79D2826BC86BB37349C9D74DB4B667310CBC1ABFD103E26332AE4A00 ] vds C:\Windows\System32\vds.exe 14:36:49.0321 0x127c vds - ok 14:36:49.0389 0x127c [ 916B94BCF1E09873FFF2D5FB11767BBC, 072007FED4EF30C4D7AF8628CBEB2AC99EEAD99D7AB533E90E3748E3D4F11C28 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:36:49.0422 0x127c vga - ok 14:36:49.0457 0x127c [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] VgaSave C:\Windows\System32\drivers\vga.sys 14:36:49.0463 0x127c VgaSave - ok 14:36:49.0498 0x127c [ 8294B6C3FDB6C33F24E150DE647ECDAA, FEBD9536EF61F700DFD5D9CB815808C8415D5B23590B3CE17B12D84F4670EA4D ] viaide C:\Windows\system32\drivers\viaide.sys 14:36:49.0506 0x127c viaide - ok 14:36:49.0547 0x127c [ 2B7E885ED951519A12C450D24535DFCA, 249009EBC1D306D51FDFA4A89588462AA2D8B6DF0A20BE250B60DD73200CB7F3 ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:36:49.0551 0x127c volmgr - ok 14:36:49.0602 0x127c [ CEC5AC15277D75D9E5DEC2E1C6EAF877, EA989E257C4409F9AF3B35C4D7ED9134D930FE3733B077C4F3AA5497796F2CB0 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:36:49.0614 0x127c volmgrx - ok 14:36:49.0742 0x127c [ 582F710097B46140F5A89A19A6573D4B, 6F695B17BF476D027D3012352F3D4DFD0E0815823DA51A136767ECEF6D64A1CA ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:36:49.0749 0x127c volsnap - ok 14:36:49.0757 0x127c vosr - ok 14:36:49.0913 0x127c [ A68F455ED2673835209318DD61BFBB0E, 8B2B255E8E2F8B415F7AC0F7F4C423F639DD47737F7CEE0F7C816D9A6893C5F7 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 14:36:49.0919 0x127c vsmraid - ok 14:36:50.0017 0x127c [ B75232DAD33BFD95BF6F0A3E6BFF51E1, A8120040F144AD42A39347A615F31BF752634994D4D134E2FAD23FEA9C1D71DF ] VSS C:\Windows\system32\vssvc.exe 14:36:50.0065 0x127c VSS - ok 14:36:50.0190 0x127c [ F14A7DE2EA41883E250892E1E5230A9A, EBCB74BE26437F6FE84A3B41AD034F451D4BD12CA77D4C7A433DB912E7D31593 ] W32Time C:\Windows\system32\w32time.dll 14:36:50.0204 0x127c W32Time - ok 14:36:50.0259 0x127c [ FEF8FE5923FEAD2CEE4DFABFCE3393A7, D682FBF78CF987609AF35A019E7C90CBE02800D7DFC272FFDD71D82AA362FA7A ] WacomPen C:\Windows\system32\drivers\wacompen.sys 14:36:50.0270 0x127c WacomPen - ok 14:36:50.0304 0x127c [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 14:36:50.0308 0x127c Wanarp - ok 14:36:50.0315 0x127c [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:36:50.0317 0x127c Wanarpv6 - ok 14:36:50.0454 0x127c [ B4E4C37D0AA6100090A53213EE2BF1C1, 67107F542F3C937FA5D9B28BA2EBFE994FFE287F16C0BFCF79AD20B95C13F78B ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:36:50.0526 0x127c wcncsvc - ok 14:36:50.0622 0x127c [ EA4B369560E986F19D93F45A881484AC, B61411D64901C9CB8C80402CD1E8808F5A0FACA38206C8D584C7C1019F5ADF5A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:36:50.0626 0x127c WcsPlugInService - ok 14:36:50.0682 0x127c [ 0C17A0816F65B89E362E682AD5E7266E, 6233213D07B234056A1EC6FE1166A65371645269132B428FF3A29DDC0000301A ] Wd C:\Windows\system32\drivers\wd.sys 14:36:50.0685 0x127c Wd - ok 14:36:50.0770 0x127c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:36:50.0857 0x127c Wdf01000 - ok 14:36:50.0923 0x127c [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiServiceHost C:\Windows\system32\wdi.dll 14:36:50.0927 0x127c WdiServiceHost - ok 14:36:50.0933 0x127c [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiSystemHost C:\Windows\system32\wdi.dll 14:36:50.0937 0x127c WdiSystemHost - ok 14:36:51.0001 0x127c [ 3E6D05381CF35F75EBB055544A8ED9AC, BEC43932BD6C34406B8850E28178B937BFD9512E49FD9F8C54DA7EE272B478A9 ] WebClient C:\Windows\System32\webclnt.dll 14:36:51.0008 0x127c WebClient - ok 14:36:51.0151 0x127c [ 8D40BC587993F876658BF9FB0F7D3462, 23748E11F5CCE3D4978D748780283FA5A1154F53FF70D924CB2128FF8A4705F7 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:36:51.0218 0x127c Wecsvc - ok 14:36:51.0272 0x127c [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:36:51.0276 0x127c wercplsupport - ok 14:36:51.0359 0x127c [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] WerSvc C:\Windows\System32\WerSvc.dll 14:36:51.0408 0x127c WerSvc - ok 14:36:51.0590 0x127c WinDefend - ok 14:36:51.0730 0x127c WinHttpAutoProxySvc - ok 14:36:52.0124 0x127c [ D2E7296ED1BD26D8DB2799770C077A02, B494719C2DEB7B9D2505866868143C4E4F59B88461920AA49BD9F1251B6571B8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:36:52.0134 0x127c Winmgmt - ok 14:36:52.0322 0x127c [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869, 22D53818F4A4ACE441E121151CFD7CB1EDF5E8303DF9E113C9BB304B418A96EF ] WinRM C:\Windows\system32\WsmSvc.dll 14:36:52.0388 0x127c WinRM - ok 14:36:52.0512 0x127c [ EC339C8115E91BAED835957E9A677F16, 3BBE6D4F1731198E8F0CFEE67C4CCA5C31E6968F8E02EF9E029C1847A26F513B ] Wlansvc C:\Windows\System32\wlansvc.dll 14:36:52.0543 0x127c Wlansvc - ok 14:36:52.0619 0x127c [ E18AEBAAA5A773FE11AA2C70F65320F5, 9E2F6FC0F46D0EEEBF4BC1E3D8800B3D268079ABF8EDDD70CD21B789883D7390 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 14:36:52.0623 0x127c WmiAcpi - ok 14:36:52.0707 0x127c [ 21FA389E65A852698B6A1341F36EE02D, 2D60911EAAE26C4CE3DEF4FAD1EDE093F912209AA90741AAA8B93F06B37DF605 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:36:52.0714 0x127c wmiApSrv - ok 14:36:52.0807 0x127c WMPNetworkSvc - ok 14:36:52.0901 0x127c [ CBC156C913F099E6680D1DF9307DB7A8, FD8B227F445679E31048CA41442A978A98F267FED96E22C235F63C72AEEE2AB0 ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:36:52.0906 0x127c WPCSvc - ok 14:36:53.0060 0x127c [ 490A18B4E4D53DC10879DEAA8E8B70D9, D069D8C22CF78A0970E85C0B9879E08FF19458FAA75AE447BCF9236731F64252 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:36:53.0065 0x127c WPDBusEnum - ok 14:36:53.0119 0x127c [ 5E2401B3FC1089C90E081291357371A9, 224D378EEBFB721CBC24896CAE01B31DC54B6ED82C19C5B954E96D5E98B83C59 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 14:36:53.0123 0x127c WpdUsb - ok 14:36:53.0515 0x127c [ B42B9D8ABC18DFBCD6044BC10B3A9B99, FD00756DADD3BFC382FC80D7D1D25592385E647C7EAC318C154E949A51D9DC27 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 14:36:53.0544 0x127c WPFFontCache_v0400 - ok 14:36:53.0695 0x127c [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:36:53.0696 0x127c ws2ifsl - ok 14:36:53.0786 0x127c [ 9EA3E6D0EF7A5C2B9181961052A4B01A, F39BAF1FC7DD1600C0052C2A6AA3BCBC8CA3DA96D1AC7B42B0F2810D051EE1B0 ] wscsvc C:\Windows\System32\wscsvc.dll 14:36:53.0792 0x127c wscsvc - ok 14:36:53.0801 0x127c WSearch - ok 14:36:54.0003 0x127c [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll 14:36:54.0078 0x127c wuauserv - ok 14:36:54.0154 0x127c [ 501A65252617B495C0F1832F908D54D8, CB18A80EAB2F23579D1D38B12CD04CF579C6D0B73127A1E88305CC0488D40B2C ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:36:54.0164 0x127c WUDFRd - ok 14:36:54.0227 0x127c [ 6CBD51FF913C851D56ED9DC7F2A27DDE, 736C66A944F3D37464052211B2728AD53D31CB631CD33B9E094C00D76BF17399 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:36:54.0231 0x127c wudfsvc - ok 14:36:54.0293 0x127c ================ Scan global =============================== 14:36:54.0347 0x127c [ 060DC3A7A9A2626031EB23D90151428D, 4AADA06E83603E9D4894D6CFC8DADB018307B384F438C809D4BC8E22BD937C3B ] C:\Windows\system32\basesrv.dll 14:36:54.0386 0x127c [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll 14:36:54.0423 0x127c [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll 14:36:54.0544 0x127c [ 934E0B7D77FF78C18D9F8891221B6DE3, BB1ACD3CD6482D8B7C5931E8733B8094D2CE59C4FBC4012BD0799C8DC367FB74 ] C:\Windows\system32\services.exe 14:36:54.0559 0x127c [ Global ] - ok 14:36:54.0564 0x127c ================ Scan MBR ================================== 14:36:54.0596 0x127c [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 14:36:55.0050 0x127c \Device\Harddisk0\DR0 - ok 14:36:55.0055 0x127c [ 8913823FF508CCF109DB74B636C301DA ] \Device\Harddisk1\DR1 14:36:55.0288 0x127c \Device\Harddisk1\DR1 - ok 14:36:55.0294 0x127c ================ Scan VBR ================================== 14:36:55.0321 0x127c [ 2B243CB14BA4A62FB5CDC2E5AE394FC2 ] \Device\Harddisk0\DR0\Partition1 14:36:55.0464 0x127c \Device\Harddisk0\DR0\Partition1 - ok 14:36:55.0502 0x127c [ 6C781204E31E168D82FA711C0D60F6C3 ] \Device\Harddisk0\DR0\Partition2 14:36:55.0517 0x127c \Device\Harddisk0\DR0\Partition2 - ok 14:36:55.0525 0x127c [ 4D981D76AE3173C1B43365B8EA5F7D4A ] \Device\Harddisk1\DR1\Partition1 14:36:55.0562 0x127c \Device\Harddisk1\DR1\Partition1 - ok 14:36:55.0583 0x127c [ 76BA5CB30ADAB7E4BF9D9BAB0F97B49D ] \Device\Harddisk1\DR1\Partition2 14:36:55.0593 0x127c \Device\Harddisk1\DR1\Partition2 - ok 14:36:55.0593 0x127c ================ Scan generic autorun ====================== 14:36:55.0772 0x127c Windows Defender - ok 14:36:55.0817 0x127c [ 69B16C7B7746BA5C642FC05B3561FC73, 0DECEB6B1B7A2DD1F13133AC7328FF420DAD4610CEE1FA7466E8E0F6BAA39116 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe 14:36:55.0819 0x127c Adobe Reader Speed Launcher - ok 14:36:55.0875 0x127c [ B2387FD351A3D4780A917E4C00A83310, D23AADD424B1FC3D2C3A388252EEDA05F9B05922472A74E0CF4EEE7E005EADE1 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe 14:36:55.0913 0x127c iTunesHelper - ok 14:36:56.0042 0x127c [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 14:36:56.0047 0x127c SunJavaUpdateSched - ok 14:36:56.0634 0x127c [ C8F0DCA0E032881B6C4422B502194629, 32996D4C0578FA9A12F3BD205F69E5357A31FBD2C9AC47DA2AB8D77196E587B1 ] C:\Program Files (x86)\AVG\AVG2014\avgui.exe 14:36:56.0805 0x127c AVG_UI - ok 14:36:58.0211 0x127c [ C5B588624FBF72ACA41E2EE0590843E0, 7B97C5D5F94C811BFA554B10CD6E644D7C2C27B953EE1FE00748DEFD0E0BE9CF ] C:\Users\Twins\AppData\Local\fst_us_83\upfst_us_83.exe 14:36:58.0330 0x127c upfst_us_83.exe - ok 14:36:58.0545 0x127c [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 14:36:58.0587 0x127c Sidebar - ok 14:36:58.0594 0x127c WindowsWelcomeCenter - ok 14:36:58.0678 0x127c [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 14:36:58.0701 0x127c Sidebar - ok 14:36:58.0708 0x127c WindowsWelcomeCenter - ok 14:36:58.0713 0x127c WindowsWelcomeCenter - ok 14:36:58.0715 0x127c MobileAppSync - ok 14:36:58.0745 0x127c Skype - ok 14:36:58.0995 0x127c [ 2DBE29364339131BC03AAC549CB1BDF6, 002B41E53E542312EF33FD9E93156C717E75C14406EC1E9757B7F8B9844CF8BE ] C:\Users\Twins\AppData\Roaming\BitTorrent\BitTorrent.exe 14:36:59.0034 0x127c BitTorrent - ok 14:36:59.0254 0x127c [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 14:36:59.0276 0x127c Sidebar - ok 14:36:59.0284 0x127c WindowsWelcomeCenter - ok 14:36:59.0285 0x127c Waiting for KSN requests completion. In queue: 39 14:37:00.0285 0x127c Waiting for KSN requests completion. In queue: 39 14:37:01.0285 0x127c Waiting for KSN requests completion. In queue: 39 14:37:02.0333 0x127c AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4592 ), 0x41000 ( enabled : updated ) 14:37:02.0365 0x127c Win FW state via NFP2: enabled 14:37:04.0912 0x127c ============================================================ 14:37:04.0912 0x127c Scan finished 14:37:04.0912 0x127c ============================================================ 14:37:04.0928 0x0514 Detected object count: 0 14:37:04.0928 0x0514 Actual detected object count: 0
- June 10, 2014
- 13 replies
Resilient malware.

Hunter2222 replied to Hunter2222's topic in Resolved Malware Removal Logs

14:35:42.0327 0x1614 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:54 14:35:49.0492 0x1614 ============================================================ 14:35:49.0492 0x1614 Current date / time: 2014/06/10 14:35:49.0492 14:35:49.0493 0x1614 SystemInfo: 14:35:49.0493 0x1614 14:35:49.0493 0x1614 OS Version: 6.0.6002 ServicePack: 2.0 14:35:49.0493 0x1614 Product type: Workstation 14:35:49.0493 0x1614 ComputerName: TWINS-PC 14:35:49.0493 0x1614 UserName: Twins 14:35:49.0493 0x1614 Windows directory: C:\Windows 14:35:49.0493 0x1614 System windows directory: C:\Windows 14:35:49.0494 0x1614 Running under WOW64 14:35:49.0494 0x1614 Processor architecture: Intel x64 14:35:49.0494 0x1614 Number of processors: 2 14:35:49.0494 0x1614 Page size: 0x1000 14:35:49.0494 0x1614 Boot type: Normal boot 14:35:49.0494 0x1614 ============================================================ 14:35:53.0022 0x1614 KLMD registered as C:\Windows\system32\drivers\82414363.sys 14:35:53.0602 0x1614 System UUID: {F170379C-ED9D-9AF4-1CC6-AB12B7E4BE80} 14:35:54.0836 0x1614 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 14:35:54.0836 0x1614 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 14:35:54.0853 0x1614 ============================================================ 14:35:54.0853 0x1614 \Device\Harddisk0\DR0: 14:35:54.0860 0x1614 MBR partitions: 14:35:54.0860 0x1614 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x24245FC1 14:35:54.0860 0x1614 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x24246000, BlocksNum 0x11E7800 14:35:54.0860 0x1614 \Device\Harddisk1\DR1: 14:35:54.0860 0x1614 MBR partitions: 14:35:54.0860 0x1614 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x24244731 14:35:54.0860 0x1614 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x24244770, BlocksNum 0x11E8BA0 14:35:54.0860 0x1614 ============================================================ 14:35:54.0937 0x1614 C: <-> \Device\Harddisk0\DR0\Partition1 14:35:54.0967 0x1614 D: <-> \Device\Harddisk1\DR1\Partition2 14:35:55.0108 0x1614 E: <-> \Device\Harddisk0\DR0\Partition2 14:35:55.0126 0x1614 F: <-> \Device\Harddisk1\DR1\Partition1 14:35:55.0126 0x1614 ============================================================ 14:35:55.0126 0x1614 Initialize success 14:35:55.0126 0x1614 ============================================================ 14:36:00.0758 0x127c ============================================================ 14:36:00.0758 0x127c Scan started 14:36:00.0758 0x127c Mode: Manual; 14:36:00.0758 0x127c ============================================================ 14:36:00.0758 0x127c KSN ping started 14:36:14.0278 0x127c KSN ping finished: true 14:36:16.0324 0x127c ================ Scan system memory ======================== 14:36:16.0324 0x127c System memory - ok 14:36:16.0324 0x127c ================ Scan services ============================= 14:36:16.0761 0x127c [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI C:\Windows\system32\drivers\acpi.sys 14:36:16.0768 0x127c ACPI - ok 14:36:16.0955 0x127c [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:36:16.0962 0x127c AdobeFlashPlayerUpdateSvc - ok 14:36:17.0023 0x127c [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:36:17.0037 0x127c adp94xx - ok 14:36:17.0093 0x127c [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:36:17.0138 0x127c adpahci - ok 14:36:17.0172 0x127c [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 14:36:17.0176 0x127c adpu160m - ok 14:36:17.0200 0x127c [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:36:17.0205 0x127c adpu320 - ok 14:36:17.0299 0x127c [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:36:17.0301 0x127c AeLookupSvc - ok 14:36:17.0377 0x127c [ 2BA159E1F9FD75F6A496742B20F1D9CF, 50094F6E8415ACDBC0DA9C24EDAB3F9B192D2F0D6A820C18E8DBC6D72849D612 ] AFD C:\Windows\system32\drivers\afd.sys 14:36:17.0388 0x127c AFD - ok 14:36:17.0415 0x127c [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:36:17.0418 0x127c agp440 - ok 14:36:17.0522 0x127c [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx C:\Windows\system32\drivers\djsvs.sys 14:36:17.0531 0x127c aic78xx - ok 14:36:17.0579 0x127c [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG C:\Windows\System32\alg.exe 14:36:17.0583 0x127c ALG - ok 14:36:17.0600 0x127c [ 157D0898D4B73F075CE9FA26B482DF98, 84C3E163D7393FD306842F155C88A50B7D8AE88B59586F9014DB76B749CC33D5 ] aliide C:\Windows\system32\drivers\aliide.sys 14:36:17.0601 0x127c aliide - ok 14:36:17.0635 0x127c [ 970FA5059E61E30D25307B99903E991E, CFB241803A63EA3469B2596462A42DDCA813B3ACF96E56BB34F5979BB34DDC32 ] amdide C:\Windows\system32\drivers\amdide.sys 14:36:17.0636 0x127c amdide - ok 14:36:17.0688 0x127c [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 14:36:17.0719 0x127c AmdK8 - ok 14:36:17.0766 0x127c [ 9C37B3FD5615477CB9A0CD116CF43F5C, BD3F85A29931072F2B0C7283761E224E4621FE0D9D34D6D668A4516B28388484 ] Appinfo C:\Windows\System32\appinfo.dll 14:36:17.0768 0x127c Appinfo - ok 14:36:17.0886 0x127c [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:36:17.0888 0x127c Apple Mobile Device - ok 14:36:17.0979 0x127c [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc C:\Windows\system32\drivers\arc.sys 14:36:18.0010 0x127c arc - ok 14:36:18.0078 0x127c [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:36:18.0081 0x127c arcsas - ok 14:36:18.0414 0x127c [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 14:36:18.0416 0x127c aspnet_state - ok 14:36:18.0470 0x127c [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:36:18.0471 0x127c AsyncMac - ok 14:36:18.0501 0x127c [ E68D9B3A3905619732F7FE039466A623, 74C0B29E54EF064660B9C756E03D5A7EB78F261EFF768EB6E74D261FBD34340D ] atapi C:\Windows\system32\drivers\atapi.sys 14:36:18.0503 0x127c atapi - ok 14:36:18.0607 0x127c [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:36:18.0622 0x127c AudioEndpointBuilder - ok 14:36:18.0641 0x127c [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioSrv C:\Windows\System32\Audiosrv.dll 14:36:18.0652 0x127c AudioSrv - ok 14:36:18.0714 0x127c [ D89F8E4E025DAA0C39FF61AC0199E101, 0A80A572D93DBDE14CD5494EF3F866B44E9BC259D43EE23185E4FC227D08DE69 ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys 14:36:18.0717 0x127c Avgdiska - ok 14:36:19.0212 0x127c [ 561CE09C52F6E945ED4CE7E173D1F542, 25FB1B55E22D4DF3B03B6D395B6C4749C03B950139767FA095C24234BD962782 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe 14:36:19.0287 0x127c AVGIDSAgent - ok 14:36:19.0376 0x127c [ F9984B8432204D000E15DE0A40D6F9AD, EBF0AAAFC9793F1EDCF3502CAE265CC012A60FA2B5DAD35A66DAD19ACFE206FC ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys 14:36:19.0382 0x127c AVGIDSDriver - ok 14:36:19.0467 0x127c [ 73B684F26AD82BABC2A1B3E539ED027A, B164C0C395FF285ED31615E7DB5F43B31A2F1CB6156A68BB5F3802AFCA7B8887 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys 14:36:19.0472 0x127c AVGIDSHA - ok 14:36:19.0535 0x127c [ 18A542A22A31DFFEA51666E75393E7A5, 7EFA508ECE7266446B2A5E12DB7461D328F2B47E2A70A8AA2C9D0E42898C71AC ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys 14:36:19.0543 0x127c Avgldx64 - ok 14:36:19.0645 0x127c [ EC0E347F6C95541504CCF1B85D74F91F, F0819BF489C8776696D9DD89AC9673717BAF957DFAA071DA3911560172C6D952 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys 14:36:19.0652 0x127c Avgloga - ok 14:36:19.0732 0x127c [ ADC65C6074A994D91CA9C6339C3DC978, A736BF94E41B9B06E826E3F2BBA7B305990DF68CF17DA8F661AE952FB240DDE1 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys 14:36:19.0735 0x127c Avgmfx64 - ok 14:36:19.0790 0x127c [ 7D206FA06603E95984EFF9822C9FC958, 11863D7A5A14C852594F90FD3A54E55CBE8C27075E640C9B222102AD9DA91F35 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys 14:36:19.0792 0x127c Avgrkx64 - ok 14:36:19.0857 0x127c [ 6FB25E61AC5885F5BD8BC5202D129BDF, 2644612402A8F7EDF8EB98537D10BCF0284B89797EC17A426DE94CE6922C1F4A ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys 14:36:19.0863 0x127c Avgtdia - ok 14:36:20.0012 0x127c [ E5C581D358B62CF65776B8E4E17B9E5C, 955E4ECFD036330B139476CCCC7564B082C197D5E7577853E0C3D7B707EDB090 ] avgwd C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe 14:36:20.0021 0x127c avgwd - ok 14:36:20.0224 0x127c [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE C:\Windows\System32\bfe.dll 14:36:20.0237 0x127c BFE - ok 14:36:20.0323 0x127c [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS C:\Windows\System32\qmgr.dll 14:36:20.0395 0x127c BITS - ok 14:36:20.0427 0x127c [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 14:36:20.0436 0x127c blbdrive - ok 14:36:20.0628 0x127c [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 14:36:20.0641 0x127c Bonjour Service - ok 14:36:20.0704 0x127c [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:36:20.0707 0x127c bowser - ok 14:36:20.0917 0x127c [ D4F84730BE7FEB435D119792F84EA934, AE66026CEF3E3F71A210C903E55C327955872B22F01E80FC3410B0AA1355062C ] BRDriver64 C:\ProgramData\BitRaider\BRDriver64.sys 14:36:20.0920 0x127c BRDriver64 - ok 14:36:20.0969 0x127c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 14:36:20.0984 0x127c BrFiltLo - ok 14:36:21.0039 0x127c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 14:36:21.0077 0x127c BrFiltUp - ok 14:36:21.0117 0x127c [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser C:\Windows\System32\browser.dll 14:36:21.0121 0x127c Browser - ok 14:36:21.0218 0x127c [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid C:\Windows\system32\drivers\brserid.sys 14:36:21.0261 0x127c Brserid - ok 14:36:21.0344 0x127c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 14:36:21.0386 0x127c BrSerWdm - ok 14:36:21.0468 0x127c [ 78561B78811A147B99CB47EBBD2D2847, 4EF1ED64CAF0549B43A660FF70D5035DFD59CCD22E7353150E8A13944C936520 ] BRSptSvc C:\ProgramData\BitRaider\BRSptSvc.exe 14:36:21.0482 0x127c BRSptSvc - ok 14:36:21.0515 0x127c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 14:36:21.0524 0x127c BrUsbMdm - ok 14:36:21.0563 0x127c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 14:36:21.0576 0x127c BrUsbSer - ok 14:36:21.0635 0x127c [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 14:36:21.0667 0x127c BTHMODEM - ok 14:36:21.0761 0x127c [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:36:21.0770 0x127c cdfs - ok 14:36:21.0838 0x127c [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:36:21.0895 0x127c cdrom - ok 14:36:21.0951 0x127c [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc C:\Windows\System32\certprop.dll 14:36:21.0953 0x127c CertPropSvc - ok 14:36:22.0004 0x127c [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 14:36:22.0084 0x127c circlass - ok 14:36:22.0237 0x127c [ 3DCA9A18B204939CFB24BEA53E31EB48, 73CEDE020A6C8269EE8847A4E43071FD231179DA9430DE2983263B8345AD92B7 ] CLFS C:\Windows\system32\CLFS.sys 14:36:22.0247 0x127c CLFS - ok 14:36:22.0451 0x127c [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:36:22.0453 0x127c clr_optimization_v2.0.50727_32 - ok 14:36:22.0663 0x127c [ CE07A466201096F021CD09D631B21540, 1A11DDAB7000569A89F3FA26BDEE4D527FA6D57D3F91CDABAA9C02CACDDE5F6D ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:36:22.0667 0x127c clr_optimization_v2.0.50727_64 - ok 14:36:22.0993 0x127c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:36:23.0075 0x127c clr_optimization_v4.0.30319_32 - ok 14:36:23.0211 0x127c [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:36:23.0265 0x127c clr_optimization_v4.0.30319_64 - ok 14:36:23.0387 0x127c [ E5D5499A1C50A54B5161296B6AFE6192, 20A8A0478918063A9EE81565F21F4ACCAA7B6A8B2E9E084099879D85574BAB3E ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:36:23.0409 0x127c cmdide - ok 14:36:23.0448 0x127c [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 14:36:23.0451 0x127c Compbatt - ok 14:36:23.0458 0x127c COMSysApp - ok 14:36:23.0493 0x127c [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:36:23.0495 0x127c crcdisk - ok 14:36:23.0652 0x127c [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:36:23.0657 0x127c CryptSvc - ok 14:36:23.0917 0x127c [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 14:36:23.0939 0x127c cvhsvc - ok 14:36:24.0156 0x127c [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch C:\Windows\system32\rpcss.dll 14:36:24.0177 0x127c DcomLaunch - ok 14:36:24.0271 0x127c [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:36:24.0332 0x127c DfsC - ok 14:36:24.0651 0x127c [ C647F468F7DE343DF8C143655C5557D4, E2D35FE49C408B952D8FE0C7EF70D42798229D30B89CEF9858BAC9F4F9E98EF2 ] DFSR C:\Windows\system32\DFSR.exe 14:36:24.0778 0x127c DFSR - ok 14:36:24.0863 0x127c [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp C:\Windows\System32\dhcpcsvc.dll 14:36:24.0872 0x127c Dhcp - ok 14:36:25.0023 0x127c [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk C:\Windows\system32\drivers\disk.sys 14:36:25.0029 0x127c disk - ok 14:36:25.0195 0x127c [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:36:25.0199 0x127c Dnscache - ok 14:36:25.0236 0x127c [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc C:\Windows\System32\dot3svc.dll 14:36:25.0241 0x127c dot3svc - ok 14:36:25.0388 0x127c [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS C:\Windows\system32\dps.dll 14:36:25.0393 0x127c DPS - ok 14:36:25.0462 0x127c [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:36:25.0464 0x127c drmkaud - ok 14:36:25.0676 0x127c [ 0A3C78677FF62E9E0AE7CC25C790A968, 6A2D81BC3715FD4960D2C853870C056C5BFE581B25C4592CBF65EAC044DFEAB3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:36:25.0702 0x127c DXGKrnl - ok 14:36:25.0794 0x127c [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys 14:36:25.0801 0x127c E1G60 - ok 14:36:25.0807 0x127c EagleX64 - ok 14:36:25.0887 0x127c [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost C:\Windows\System32\eapsvc.dll 14:36:25.0890 0x127c EapHost - ok 14:36:25.0941 0x127c [ 5F94962BE5A62DB6E447FF6470C4F48A, D00F9B3315DE8610BBE93FFD3CA3E2CF5B10697C518FC25FA4274CC6894D022B ] Ecache C:\Windows\system32\drivers\ecache.sys 14:36:25.0955 0x127c Ecache - ok 14:36:26.0309 0x127c [ 14CE384D2E27B64C256BDA4DC39C312D, D5FA9C2BB162F1C22E419D33671B8202AAC245A87F6B183B97F83F5BFA165B41 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:36:26.0321 0x127c ehRecvr - ok 14:36:26.0455 0x127c [ B93159C1313D66FDFBBE876F5189CD52, 51E39160EA56F6B08449267EDF2A0F604612663768D2348DE23554AB07BDBB62 ] ehSched C:\Windows\ehome\ehsched.exe 14:36:26.0461 0x127c ehSched - ok 14:36:26.0523 0x127c [ F5EE2527D74449868E3C3227A59BCD28, 11640E97EE9D8F9A5DC3FEA6BA7A737AA796A7235C7F5C7EF1ABFB51C9D730D3 ] ehstart C:\Windows\ehome\ehstart.dll 14:36:26.0566 0x127c ehstart - ok 14:36:26.0630 0x127c [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:36:26.0643 0x127c elxstor - ok 14:36:26.0715 0x127c [ A9B18B63A4FD6BAAB83326706D857FAB, 7721CC67C0F8CE3060D0EB35A10E4ADC1E3CB470C0797B17D606060C270F96D7 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 14:36:26.0730 0x127c EMDMgmt - ok 14:36:26.0771 0x127c [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:36:26.0779 0x127c ErrDev - ok 14:36:26.0873 0x127c [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem C:\Windows\system32\es.dll 14:36:26.0884 0x127c EventSystem - ok 14:36:27.0065 0x127c [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat C:\Windows\system32\drivers\exfat.sys 14:36:27.0073 0x127c exfat - ok 14:36:27.0274 0x127c [ 1A4BEE34277784619DDAF0422C0C6E23, 3223E1B5DD4866D8E09F1B465FF82C911DDEE5B01B084543086E47B11D2AEA77 ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:36:27.0328 0x127c fastfat - ok 14:36:27.0374 0x127c [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 14:36:27.0383 0x127c fdc - ok 14:36:27.0451 0x127c [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost C:\Windows\system32\fdPHost.dll 14:36:27.0453 0x127c fdPHost - ok 14:36:27.0476 0x127c [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub C:\Windows\system32\fdrespub.dll 14:36:27.0477 0x127c FDResPub - ok 14:36:27.0539 0x127c [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:36:27.0547 0x127c FileInfo - ok 14:36:27.0592 0x127c [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:36:27.0594 0x127c Filetrace - ok 14:36:27.0637 0x127c [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 14:36:27.0639 0x127c flpydisk - ok 14:36:27.0678 0x127c [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:36:27.0687 0x127c FltMgr - ok 14:36:28.0082 0x127c [ F937F278E44138C0386FA1DE69B1F72B, 49180522CCCB5377B5B3A7EF8B9697FBE19A1E5D84BC282D24C39B3D52698851 ] FontCache C:\Windows\system32\FntCache.dll 14:36:28.0114 0x127c FontCache - ok 14:36:28.0265 0x127c [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:36:28.0267 0x127c FontCache3.0.0.0 - ok 14:36:28.0367 0x127c [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:36:28.0385 0x127c Fs_Rec - ok 14:36:28.0473 0x127c [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:36:28.0476 0x127c gagp30kx - ok 14:36:28.0514 0x127c [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 14:36:28.0526 0x127c GEARAspiWDM - ok 14:36:28.0708 0x127c [ A0E1B575BA8F504968CD40C0FAEB2384, F64A24A5A93F4E757882E97C65DA612F07A87F4DDD2E10C1AB0250AFA03BCEF1 ] gpsvc C:\Windows\System32\gpsvc.dll 14:36:28.0730 0x127c gpsvc - ok 14:36:29.0025 0x127c [ 68E732382B32417FF61FD663259B4B09, 10C5365AEAC46DF4F5F6A8F96D15141B4709851D4752613233E57EB20CE16446 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:36:29.0076 0x127c HdAudAddService - ok 14:36:29.0273 0x127c [ F942C5820205F2FB453243EDFEC82A3D, 17A6A3DCF884FB524C93F2477D97E9F2B8E547709F8F2AEA93BEEA322B62E914 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:36:29.0299 0x127c HDAudBus - ok 14:36:29.0342 0x127c [ B4881C84A180E75B8C25DC1D726C375F, C0BEDBF43EFB0DD442A1D7985EA4A7493671648954B7D1840E30FB2FC46589A4 ] HidBth C:\Windows\system32\drivers\hidbth.sys 14:36:29.0344 0x127c HidBth - ok 14:36:29.0371 0x127c [ 5F47839455D01FF6403B008D481A6F5B, 0CC1E8EE4C3E46937DEA39EAC2498C1A89667D6828430162FDFAE845C37D7079 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 14:36:29.0373 0x127c HidIr - ok 14:36:29.0395 0x127c [ 59361D38A297755D46A540E450202B2A, ED97800A3FF9B90EC58BC5122C42B53F46D9C157EFE488481E8677ED7058E33D ] hidserv C:\Windows\system32\hidserv.dll 14:36:29.0397 0x127c hidserv - ok 14:36:29.0426 0x127c [ 443BDD2D30BB4F00795C797E2CF99EDF, BCE1A241AE5CCE3E1C65CCF07ECB4305C7106F2EFFD51F2C519EB00026B474C4 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:36:29.0427 0x127c HidUsb - ok 14:36:29.0498 0x127c [ DFD1D30D8B68D883B5858748F7E35AD2, 051C9940054558DCB96746C0425A52F5294194163946B4A2A9CAEA64CFA855A1 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe 14:36:29.0499 0x127c HiPatchService - ok 14:36:29.0570 0x127c [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:36:29.0573 0x127c hkmsvc - ok 14:36:29.0622 0x127c [ D7109A1E6BD2DFDBCBA72A6BC626A13B, 6141B6645F4152A326ECA8AD0DD04CB38C9EDA395BDF6FF260AB17CB86FC4C87 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 14:36:29.0624 0x127c HpCISSs - ok 14:36:29.0678 0x127c [ 098F1E4E5C9CB5B0063A959063631610, 36B02A738413E4745978E3E90D9CE8ABC08376BEE411008A4312A752CB4A2E13 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:36:29.0695 0x127c HTTP - ok 14:36:29.0743 0x127c [ DA94C854CEA5FAC549D4E1F6E88349E8, 10BEB47DB90F55BD1792C2041E49ED13E4E52BCC11BE6599F6DA8D91B79CC8D1 ] i2omp C:\Windows\system32\drivers\i2omp.sys 14:36:29.0745 0x127c i2omp - ok 14:36:29.0783 0x127c [ CBB597659A2713CE0C9CC20C88C7591F, A2BAC75F7247D871842A32EAA7594D338E728D1BFEAEA3C1FCDBF65F007BC06A ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 14:36:29.0819 0x127c i8042prt - ok 14:36:29.0876 0x127c [ 3E3BF3627D886736D0B4E90054F929F6, 95A138B65DC9133E92F53A529C7AD897D8823EFAED343756549FDF6C8C749CD0 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 14:36:29.0885 0x127c iaStorV - ok 14:36:30.0037 0x127c [ 749F5F8CEDCA70F2A512945325FC489D, 443B4F779F27CD69C1F072823FCD9E5BA7590B6F48BE759DC6A1F898C467E58F ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:36:30.0108 0x127c idsvc - ok 14:36:30.0230 0x127c [ 8C3951AD2FE886EF76C7B5027C3125D3, 85CF7231756E02BD9E5F4378F3FC794394A072B8028F27827F83ACE9EE554499 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:36:30.0232 0x127c iirsp - ok 14:36:30.0303 0x127c [ 0401A380C88754B2399F8043AC9B2BF9, BFF3B53FAFAE6622AA9F74BAA4A3D522C06E2D732B88916766603B9FE8D0D77F ] IKEEXT C:\Windows\System32\ikeext.dll 14:36:30.0319 0x127c IKEEXT - ok 14:36:30.0344 0x127c [ DF797A12176F11B2D301C5B234BB200E, 384343636B21CA7EDF28EFD1B6728EAB1508CA49CE48FF3DC0D91DB843C0C73E ] intelide C:\Windows\system32\drivers\intelide.sys 14:36:30.0345 0x127c intelide - ok 14:36:30.0370 0x127c [ BFD84AF32FA1BAD6231C4585CB469630, 33E0842F2D0879B02C115301174FCB19ED3AAF7B1B8E6284839CE16DE56476EA ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:36:30.0373 0x127c intelppm - ok 14:36:30.0412 0x127c [ 5624BC1BC5EEB49C0AB76A8114F05EA3, BD5AA534D8A923AF4D205EEC6DA55A3DC5F915E5F3223BF23F24C09824FA90B6 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:36:30.0451 0x127c IPBusEnum - ok 14:36:30.0522 0x127c [ D8AABC341311E4780D6FCE8C73C0AD81, 141E8032A934777567E6DAC35FB1C77C40D9B6EE477F17F872F35833A8F57F72 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:36:30.0525 0x127c IpFilterDriver - ok 14:36:30.0572 0x127c [ BF0DBFA9792C5C14FA00F61C75116C1B, 24C14DCAF57013F1C238E3C123279737420A714EB29CB69239C9838C9A269A59 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 14:36:30.0580 0x127c iphlpsvc - ok 14:36:30.0588 0x127c IpInIp - ok 14:36:30.0656 0x127c [ 9C2EE2E6E5A7203BFAE15C299475EC67, E51628ECAB9CCCBCE02801C5E71406487A280765FEE318D14B0C227141B87658 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 14:36:30.0659 0x127c IPMIDRV - ok 14:36:30.0713 0x127c [ B7E6212F581EA5F6AB0C3A6CEEEB89BE, C29D7F392116BB09F7047A90702331F200DACFB3C94E7F912932971E0B7F0413 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 14:36:30.0716 0x127c IPNAT - ok 14:36:30.0975 0x127c [ 71F993192EB04B2C4C80F2DEE9119229, 881B7042724364C9D667DF6109E15DE78D9431DF5708CB16736AD723F4A38578 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 14:36:30.0989 0x127c iPod Service - ok 14:36:31.0049 0x127c [ 8C42CA155343A2F11D29FECA67FAA88D, 699F06D25C5F270CE1194F4D350CB0BE22C6AB609EECF35D066C034AC380BEE3 ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:36:31.0051 0x127c IRENUM - ok 14:36:31.0108 0x127c [ 0672BFCEDC6FC468A2B0500D81437F4F, A0322B569C309F258684AFECCD52924A33F363186261730469245B7FA357C645 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:36:31.0109 0x127c isapnp - ok 14:36:31.0142 0x127c [ E4FDF99599F27EC25D2CF6D754243520, 9139E708EE30F10652C9A458BD58B0343A3C05E84CD3E71FA0B0E4123503CF7B ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 14:36:31.0148 0x127c iScsiPrt - ok 14:36:31.0173 0x127c [ 63C766CDC609FF8206CB447A65ABBA4A, D9CA006FA852C95E90E8A0837E296FCBFD76246DA8AFDE563863D5F95BDFEC52 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 14:36:31.0175 0x127c iteatapi - ok 14:36:31.0215 0x127c [ 1281FE73B17664631D12F643CBEA3F59, B27571A0348CDF81DC102A61712CBA9A4AF7AC0015A7702B0DE73AD4E4646853 ] iteraid C:\Windows\system32\drivers\iteraid.sys 14:36:31.0217 0x127c iteraid - ok 14:36:31.0243 0x127c [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:36:31.0245 0x127c kbdclass - ok 14:36:31.0276 0x127c [ DBDF75D51464FBC47D0104EC3D572C05, E392EE961E734620245874C7700D56621A1A990C45DF5CE0B7D270BA708F255E ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 14:36:31.0311 0x127c kbdhid - ok 14:36:31.0358 0x127c [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] KeyIso C:\Windows\system32\lsass.exe 14:36:31.0369 0x127c KeyIso - ok 14:36:31.0465 0x127c [ 88956AD9FA510848AD176777A6C6C1F5, 8F2FBF7E70F836C2C11EE5ABCAFE3E51DC26E953DDFBEE3C1B4AA8E58EBDCF5E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:36:31.0484 0x127c KSecDD - ok 14:36:31.0574 0x127c [ 1D419CF43DB29396ECD7113D129D94EB, 21ECCE9D17F055C7B5066110864E10C99291CE50B389C545371333904CE2DBB5 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 14:36:31.0582 0x127c ksthunk - ok 14:36:31.0734 0x127c [ 1FAF6926F3416D3DA05C5B265491BDAE, 3989E18522691CC3820092033E00ED39D08861DFB369AA0DFFF4B379E48EA1F0 ] KtmRm C:\Windows\system32\msdtckrm.dll 14:36:31.0750 0x127c KtmRm - ok 14:36:31.0808 0x127c [ 50C7A3CB427E9BB5ED0708A669956AB5, 3DAD1C01AE58FE2C6134283B19118E2F3C884DDFFBAE4A46B7B5E4FB1A2567A1 ] LanmanServer C:\Windows\system32\srvsvc.dll 14:36:31.0814 0x127c LanmanServer - ok 14:36:31.0948 0x127c [ CAF86FC1388BE1E470F1A7B43E348ADB, 9E9AE0B617D1031E8462524802A2D997AE7C944A7D00D403FF903145A7FEB761 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:36:31.0957 0x127c LanmanWorkstation - ok 14:36:32.0005 0x127c [ 96ECE2659B6654C10A0C310AE3A6D02C, 3322E87B9F64C3ACBCB634F2390AAB212FA7695383BF01F0092A803871BF19B2 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:36:32.0007 0x127c lltdio - ok 14:36:32.0053 0x127c [ 961CCBD0B1CCB5675D64976FAE37D092, 258378BE76A13E4368C9587E6A22727721E4B267B0D26D3D3E333B3B2A5A0611 ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:36:32.0062 0x127c lltdsvc - ok 14:36:32.0079 0x127c [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] lmhosts C:\Windows\System32\lmhsvc.dll 14:36:32.0083 0x127c lmhosts - ok 14:36:32.0116 0x127c [ ACBE1AF32D3123E330A07BFBC5EC4A9B, 0E17E4DD30B5AF8F269EF8EA003836C9E16273262A050B9BE3ED802DD3AC9319 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:36:32.0121 0x127c LSI_FC - ok 14:36:32.0144 0x127c [ 799FFB2FC4729FA46D2157C0065B3525, AB462A34D061C113DA12641C45159A58D0AEA1C440233D061A20DF99586CFA93 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 14:36:32.0182 0x127c LSI_SAS - ok 14:36:32.0234 0x127c [ F445FF1DAAD8A226366BFAF42551226B, 92B63E15363F1EAE8A54D4E74ED21669D0A9FE99C654671556C58456228278B1 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:36:32.0241 0x127c LSI_SCSI - ok 14:36:32.0286 0x127c [ 52F87B9CC8932C2A7375C3B2A9BE5E3E, 2EB22DD418D4934BDD22C5DB49D5D06178EC0419AB5CC28DD544CA91823987B0 ] luafv C:\Windows\system32\drivers\luafv.sys 14:36:32.0292 0x127c luafv - ok 14:36:32.0354 0x127c [ 76A58DF02BD4EA29F189B82D0BEF17F8, B3A96AABE050BB332ECD9AF7C35D08B468AC459D30FF4D49B609BA3F95ECEEDA ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:36:32.0361 0x127c Mcx2Svc - ok 14:36:32.0422 0x127c [ 5C5CD6AACED32FB26C3FB34B3DCF972F, 34A66C21FA79800D3CDE933CFA71343218F94D67AAE763EA0B53AC49060CB6D0 ] megasas C:\Windows\system32\drivers\megasas.sys 14:36:32.0424 0x127c megasas - ok 14:36:32.0462 0x127c [ 859BC2436B076C77C159ED694ACFE8F8, 4AEA57A8B9EACEC1B8DED3ECC95621C56E6D65CFE2DA9F07DAF7C7BAD132B624 ] MegaSR C:\Windows\system32\drivers\megasr.sys 14:36:32.0478 0x127c MegaSR - ok 14:36:32.0509 0x127c [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] MMCSS C:\Windows\system32\mmcss.dll 14:36:32.0512 0x127c MMCSS - ok 14:36:32.0572 0x127c [ 59848D5CC74606F0EE7557983BB73C2E, EA6ACF0619DE1E4272AEDC69F2E66E29DA499E8E8094243C9EF735FD8369229D ] Modem C:\Windows\system32\drivers\modem.sys 14:36:32.0582 0x127c Modem - ok 14:36:32.0646 0x127c [ C247CC2A57E0A0C8C6DCCF7807B3E9E5, 357811D1B8F70828F6432879F59DAB916FBB55673B3473D879382DE33CFB3FAF ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:36:32.0672 0x127c monitor - ok 14:36:32.0743 0x127c [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:36:32.0745 0x127c mouclass - ok 14:36:32.0786 0x127c [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:36:32.0824 0x127c mouhid - ok 14:36:32.0837 0x127c [ 11BC9B1E8801B01F7F6ADB9EAD30019B, 1BAF820C0AB1B70A114E767B2155A58BF86CD0D9CF582813C1635A86BE3A7A05 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 14:36:32.0844 0x127c MountMgr - ok 14:36:32.0926 0x127c [ E1B6FCAE82474FC071155263E2841D54, 341E2CEB1A86586730130311C4FAF86851151D5F08EF915A5F89B6C4094AE1F4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 14:36:32.0930 0x127c MozillaMaintenance - ok 14:36:32.0979 0x127c [ F8276EB8698142884498A528DFEA8478, C0FF504F721F1D00F42CFE783D4F32C6728518F64646F5C5C11BA3A4824815BB ] mpio C:\Windows\system32\drivers\mpio.sys 14:36:32.0985 0x127c mpio - ok 14:36:33.0037 0x127c [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:36:33.0043 0x127c mpsdrv - ok 14:36:33.0148 0x127c [ 897E3BAF68BA406A61682AE39C83900C, 13F61D5C22BED061BE7C2669CCCAA2BAD4A0CE83800DF57A50306DE0A476FC27 ] MpsSvc C:\Windows\system32\mpssvc.dll 14:36:33.0183 0x127c MpsSvc - ok 14:36:33.0282 0x127c [ 3C200630A89EF2C0864D515B7A75802E, AA4A312E7A28FCE7A944747BADB809CAAD3D67899EBBE663D473621DB25B140A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 14:36:33.0284 0x127c Mraid35x - ok 14:36:33.0353 0x127c [ 7C1DE4AA96DC0C071611F9E7DE02A68D, 8B248A82324FB23C64D41FA91BCC22093DE44C48D688E5995C484A7072A6EC08 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:36:33.0358 0x127c MRxDAV - ok 14:36:33.0422 0x127c [ 1485811B320FF8C7EDAD1CAEBB1C6C2B, 9F157AAA1A793EF7E52817E4126B774C17FFA0036DADCF10A024FDC068F94F67 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:36:33.0428 0x127c mrxsmb - ok 14:36:33.0544 0x127c [ 3B929A60C833FC615FD97FBA82BC7632, 40EEBEB43F42A1A37FAA529E0C21984426F90C1EEFE1EF9BB2F696164595F91D ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:36:33.0552 0x127c mrxsmb10 - ok 14:36:33.0627 0x127c [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3, 197F70E24D2BBDEC35C2D5BC442267ACC4C5AE3FD5BB30A0928976BE9758C942 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:36:33.0637 0x127c mrxsmb20 - ok 14:36:33.0719 0x127c [ 1AC860612B85D8E85EE257D372E39F4D, 74682CCE44BCEE31BCA286D4F4E53B64CAAE244155F2B4C8FEB6AE7C391CA89D ] msahci C:\Windows\system32\drivers\msahci.sys 14:36:33.0721 0x127c msahci - ok 14:36:33.0768 0x127c [ 264BBB4AAF312A485F0E44B65A6B7202, 1DF36540C77D5D885B6C2EE91F0446864D8E6D6CFED87A9ED0765E76FE05E102 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:36:33.0773 0x127c msdsm - ok 14:36:33.0890 0x127c [ 7EC02CE772F068ED0BEAFA3DA341A9BC, 3B5B4EA0BF1D1E57F4DF74A569304A5EE41821F5E2F352760B8C9CA82C6D8292 ] MSDTC C:\Windows\System32\msdtc.exe 14:36:33.0895 0x127c MSDTC - ok 14:36:33.0968 0x127c [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:36:33.0971 0x127c Msfs - ok 14:36:34.0016 0x127c [ 00EBC952961664780D43DCA157E79B27, 4F8F5718D8574A128E0F6CD54C9BE59A93A7638A5689A8FF68D0C81D3E67808F ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:36:34.0018 0x127c msisadrv - ok 14:36:34.0049 0x127c [ 366B0C1F4478B519C181E37D43DCDA32, A98E2BC397FAD7D90653F55AC283CACAE7465D7F10A198D715046B1D896AF246 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:36:34.0055 0x127c MSiSCSI - ok
- June 10, 2014
- 13 replies
Resilient malware.

Hunter2222 replied to Hunter2222's topic in Resolved Malware Removal Logs

I did not see an Addition.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2014 Ran by Twins (administrator) on TWINS-PC on 10-06-2014 14:28:37 Running from C:\Users\Twins\Downloads Platform: Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe () C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\WindowsUpdater.exe () C:\Users\Twins\AppData\Local\MRS\svcsystem.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE () C:\Users\Twins\AppData\Local\fst_us_83\upfst_us_83.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (BitTorrent Inc.) C:\Users\Twins\AppData\Roaming\BitTorrent\BitTorrent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\RunOnce: [upfst_us_83.exe] - C:\Users\Twins\AppData\Local\fst_us_83\upfst_us_83.exe -runonce [3268048 2014-05-29] () HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3149640501-3797806197-2921890984-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-3149640501-3797806197-2921890984-1000\...\Run: [MobileAppSync] => "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe" HKU\S-1-5-21-3149640501-3797806197-2921890984-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.) HKU\S-1-5-21-3149640501-3797806197-2921890984-1000\...\Run: [bitTorrent] => C:\Users\Twins\AppData\Roaming\BitTorrent\BitTorrent.exe [1643344 2014-06-07] (BitTorrent Inc.) HKU\S-1-5-21-3149640501-3797806197-2921890984-1000\...\Policies\Explorer: [HideSCAHealth] 1 AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKCU - (No Name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392 SearchScopes: HKCU - DefaultScope {92A9831E-49D0-48FE-8092-0507586674D7} URL = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {92A9831E-49D0-48FE-8092-0507586674D7} URL = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms} SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392 BHO: CostMin - {006846C3-6F78-DB49-910E-F4DAF29997DF} - C:\Program Files (x86)\CostMin\mJtw9vw0_g.x64.dll No File BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\Parameters: [NameServer] 75.126.206.18,184.173.169.186 Tcpip\..\Interfaces\{0560C90F-70CA-4D87-BB38-5DBF008C45B2}: [NameServer]75.126.206.18,184.173.169.186 Tcpip\..\Interfaces\{1396EA25-2475-4A19-A2C6-A1E0B3255BA3}: [NameServer]75.126.206.18,184.173.169.186 Tcpip\..\Interfaces\{c328fed4-6a85-11db-9fbd-806e6f6e6963}: [NameServer]75.126.206.18,184.173.169.186 FireFox: ======== FF ProfilePath: C:\Users\Twins\AppData\Roaming\Mozilla\Firefox\Profiles\soy9rh8d.default-1402368840332 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKCU\...\Firefox\Extensions: [sp2@sp.com] - C:\Program Files (x86)\Social Privacy\FF\ Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Media Player) - C:\Users\Twins\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdkcahignpnpnffmhchioblaeehimpm [2014-02-18] CHR Extension: (Social Privacy) - C:\Users\Twins\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfaifkapfifnanhhiidacmhldddojchn [2014-01-22] CHR Extension: (Media View) - C:\Users\Twins\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjpcgbjoinhnojhpapcjckeooahpcleb [2014-03-15] CHR Extension: (Media Viewer) - C:\Users\Twins\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbcknkbofkmhgcemmndopfhfpcmcjpkg [2014-02-24] CHR Extension: (Media Watch) - C:\Users\Twins\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfedpadljnihlijmjdebmegbbhilhihk [2014-03-22] CHR Extension: (Google Wallet) - C:\Users\Twins\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (No Name) - C:\Users\Twins\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfmepelgpppdgpfifejkcdnimlipaoo [2014-03-08] CHR Extension: (No Name) - C:\Users\Twins\AppData\Local\Google\Chrome\User Data\Default\Extensions\omabcafepeafkcjmjemondiocfgfieoj [2014-06-07] CHR Extension: (Media View) - C:\Users\Twins\AppData\Local\Google\Chrome\User Data\Default\Extensions\pknkgbegokklcebhknklnjhhelcjobjc [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [gjpcgbjoinhnojhpapcjckeooahpcleb] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3838\ch\MediaViewV1alpha3838.crx [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [kbcknkbofkmhgcemmndopfhfpcmcjpkg] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha7191\ch\MediaViewerV1alpha7191.crx [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [kfedpadljnihlijmjdebmegbbhilhihk] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home3385\ch\MediaWatchV1home3385.crx [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Twins\AppData\Local\Temp\crx8863.tmp [2014-02-27] CHR HKLM-x32\...\Chrome\Extension: [pknkgbegokklcebhknklnjhhelcjobjc] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3401\ch\MediaViewV1alpha3401.crx [2014-02-27] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-05-11] (BitRaider, LLC) R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed] R2 SystemUpdatekb70007; C:\Users\Twins\AppData\Roaming\MRS\SystemUpdatekb70007\WindowsUpdater.exe [29184 2014-05-29] () [File not signed] S2 vosr; C:\Users\Twins\AppData\Roaming\VOPackage\VOsrv.exe [X] ==================== Drivers (Whitelisted) ==================== R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.) S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-05-11] (BitRaider) R3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-09] (NVIDIA Corporation) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-10 14:28 - 2014-06-10 14:28 - 02080768 _____ (Farbar) C:\Users\Twins\Downloads\FRST64.exe 2014-06-10 14:17 - 2014-06-10 14:24 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Twins\Downloads\spybot-2.3.exe 2014-06-09 22:50 - 2014-06-09 22:51 - 00000000 ____D () C:\Program Files (x86)\GetPrivate 2014-06-09 20:45 - 2014-06-09 20:46 - 00028420 _____ () C:\Users\Twins\Downloads\Addition.txt 2014-06-09 20:44 - 2014-06-10 14:28 - 00014559 _____ () C:\Users\Twins\Downloads\FRST.txt 2014-06-09 20:44 - 2014-06-10 14:28 - 00000000 ____D () C:\FRST 2014-06-09 17:33 - 2014-06-09 17:33 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-09 17:23 - 2014-06-09 23:13 - 00000000 ____D () C:\AdwCleaner 2014-06-09 17:20 - 2014-06-09 22:32 - 00000000 ____D () C:\Users\Twins\AppData\Local\Temp(475) 2014-06-09 17:20 - 2014-06-09 17:20 - 00023721 _____ () C:\ComboFix.txt 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\hedev\AppData\Local\Temp(145) 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\temp 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\AppData\AppData\Local\temp 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\$RECYCLE(0).BIN 2014-06-09 16:57 - 2014-06-09 17:20 - 00000000 ____D () C:\Qoobox 2014-06-09 16:55 - 2014-06-09 16:55 - 00019116 _____ () C:\Users\Twins\Rogue killer report.txt 2014-06-09 16:42 - 2014-06-09 16:42 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-06-09 16:24 - 2014-06-09 23:13 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-06-09 16:22 - 2014-06-09 16:24 - 00001684 _____ () C:\Users\Twins\Desktop\Rkill.txt 2014-06-09 00:43 - 2014-06-09 00:43 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Oracle 2014-06-09 00:40 - 2014-06-09 00:42 - 00004312 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log 2014-06-08 22:17 - 2014-06-09 23:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-08 22:15 - 2014-06-03 16:08 - 00000000 ____D () C:\Users\Twins\Desktop\Chameleon 2014-06-08 20:27 - 2014-06-08 20:27 - 00355932 _____ () C:\Users\Twins\AppData\Local\dd_vcredistMSI17A1.txt 2014-06-08 20:27 - 2014-06-08 20:27 - 00012686 _____ () C:\Users\Twins\AppData\Local\dd_vcredistUI17A1.txt 2014-06-08 20:27 - 2014-06-08 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks(143) 2014-06-08 13:16 - 2014-06-08 13:16 - 00000000 ____D () C:\Users\Twins\Downloads\World of Warcraft - Cataclysm 4.3.4 (15595) 2014-06-07 03:29 - 2014-06-09 23:13 - 00000000 ____D () C:\Users\Twins\Downloads\World of Warcraft 3.3.5a (no install) 2014-06-07 03:28 - 2014-06-07 03:28 - 02271768 _____ () C:\Users\Twins\Downloads\World_of_Warcraft__Wrath_of_the_Lich_King_3.3.5a_(12340)(2).exe 2014-06-07 03:18 - 2014-06-09 22:54 - 00000000 ____D () C:\Users\Twins\Desktop\Old Firefox Data 2014-06-07 03:10 - 2014-06-07 03:10 - 00000966 _____ () C:\Users\Twins\Desktop\Malwarebytes Anti-Malware (3).lnk 2014-06-07 03:07 - 2014-06-07 03:07 - 00003062 _____ () C:\Windows\System32\Tasks\{AD25DF9B-4329-446D-8C2B-242460392057} 2014-06-07 03:03 - 2014-06-07 03:08 - 00000888 _____ () C:\Users\Twins\Desktop\firefox - Shortcut.lnk 2014-06-07 02:43 - 2014-06-07 02:43 - 00000779 _____ () C:\Users\Twins\Desktop\BitTorrent.lnk 2014-06-07 02:43 - 2014-06-07 02:43 - 00000759 _____ () C:\Users\Twins\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2014-06-07 02:42 - 2014-06-07 02:42 - 01643344 _____ (BitTorrent Inc.) C:\Users\Twins\Downloads\BitTorrent(1).exe 2014-06-07 02:40 - 2014-06-07 02:40 - 01643344 _____ (BitTorrent Inc.) C:\Users\Twins\Downloads\BitTorrent.exe 2014-06-07 02:39 - 2014-06-07 02:39 - 02271768 _____ () C:\Users\Twins\Downloads\StartDownload.exe 2014-06-07 02:38 - 2014-06-09 22:43 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-06-07 02:38 - 2014-06-09 22:43 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-06-07 02:37 - 2014-06-09 23:13 - 00000000 ____D () C:\Users\Twins\AppData\Local\MRS 2014-06-07 02:37 - 2014-06-09 22:44 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\v9 2014-06-07 02:37 - 2014-06-09 22:44 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-06-07 02:37 - 2014-06-09 22:43 - 00000000 ____D () C:\Program Files (x86)\Supporter 2014-06-07 02:37 - 2014-06-07 02:37 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\MRS 2014-06-07 02:36 - 2014-06-09 23:13 - 00000000 ____D () C:\Users\Twins\AppData\Local\IdleCrawler 2014-06-07 02:36 - 2014-06-09 22:44 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch 2014-06-07 02:36 - 2014-06-09 22:44 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser 2014-06-07 02:36 - 2014-06-09 22:44 - 00000000 ____D () C:\Users\Twins\AppData\Local\Torch 2014-06-07 02:36 - 2014-06-09 22:43 - 00000000 ____D () C:\Users\Twins\AppData\Local\Chromatic Browser 2014-06-07 02:36 - 2014-06-09 22:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch 2014-06-07 02:36 - 2014-06-09 22:43 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser 2014-06-07 02:36 - 2014-06-09 22:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-06-07 02:36 - 2014-06-09 22:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-06-07 02:36 - 2014-06-07 02:37 - 00000000 ____D () C:\Program Files (x86)\MRS 2014-06-07 02:36 - 2014-06-07 02:36 - 00004574 _____ () C:\Windows\System32\Tasks\IdleCrawler Runner 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Twins\AppData\Local\Comodo 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Guest 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Administrator 2014-06-07 02:34 - 2014-06-07 02:35 - 02271768 _____ () C:\Users\Twins\Downloads\World_of_Warcraft__Wrath_of_the_Lich_King_3.3.5a_(12340)(1).exe 2014-06-06 01:55 - 2014-06-10 14:02 - 00000000 ____D () C:\Users\Twins\AppData\Local\fst_us_83 2014-06-06 01:55 - 2014-06-09 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fst 2014-06-06 01:53 - 2014-06-10 06:51 - 00003476 _____ () C:\Windows\System32\Tasks\GPUpdateCheck 2014-06-06 01:53 - 2014-06-09 23:13 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\wi_upd 2014-06-06 01:53 - 2014-06-09 22:51 - 00003218 _____ () C:\Windows\System32\Tasks\GPUpdate 2014-06-06 01:53 - 2014-06-09 22:44 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\GetPrivate 2014-06-06 01:52 - 2014-06-06 01:52 - 02271768 _____ () C:\Users\Twins\Downloads\World_of_Warcraft__Wrath_of_the_Lich_King_3.3.5a_(12340).exe 2014-06-04 19:45 - 2014-02-08 21:59 - 00000000 ____D () C:\Users\Twins\Desktop\res_mods 2014-06-04 19:45 - 2014-02-08 21:57 - 00000000 ____D () C:\Users\Twins\Desktop\res 2014-06-04 17:39 - 2014-06-09 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks 2014-06-04 17:39 - 2014-06-04 17:39 - 00354396 _____ () C:\Users\Twins\AppData\Local\dd_vcredistMSI5E87.txt 2014-06-04 17:39 - 2014-06-04 17:39 - 00011910 _____ () C:\Users\Twins\AppData\Local\dd_vcredistUI5E87.txt 2014-06-04 17:39 - 2014-06-04 17:39 - 00000717 _____ () C:\Users\Public\Desktop\World of Tanks.lnk 2014-06-04 17:39 - 2014-06-04 17:39 - 00000000 ____D () C:\Games 2014-06-04 17:38 - 2014-06-04 17:38 - 09237816 _____ (Wargaming.net ) C:\Users\Twins\Downloads\WoT_internet_install_na(1).exe 2014-06-02 18:57 - 2014-06-07 03:22 - 00000000 ____D () C:\temp 2014-06-01 00:15 - 2014-06-01 00:15 - 00000744 _____ () C:\Users\Public\Desktop\Speccy.lnk 2014-06-01 00:15 - 2014-06-01 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-06-01 00:15 - 2014-06-01 00:15 - 00000000 ____D () C:\Program Files\Speccy 2014-06-01 00:14 - 2014-06-01 00:15 - 04890736 _____ (Piriform Ltd) C:\Users\Twins\Downloads\spsetup126.exe 2014-06-01 00:11 - 2014-06-10 06:51 - 00000270 _____ () C:\Windows\Tasks\pcreg.job 2014-06-01 00:11 - 2014-06-03 10:54 - 00000000 ____D () C:\Program Files\pcmax 2014-06-01 00:11 - 2014-06-01 00:11 - 00002898 _____ () C:\Windows\System32\Tasks\pcreg 2014-05-25 18:29 - 2014-05-25 18:30 - 00557470 _____ () C:\Users\Twins\Documents\TheMiniMaus.wotreplay 2014-05-21 23:09 - 2014-05-21 23:09 - 00003002 _____ () C:\Windows\System32\Tasks\{7E0B3D46-A349-4B5C-8D3A-B29D13704B6A} 2014-05-21 23:09 - 2014-05-21 23:09 - 00003002 _____ () C:\Windows\System32\Tasks\{14FE9E67-2288-43B8-A8D7-B08AA0B53B96} 2014-05-20 11:18 - 2014-05-20 11:18 - 00000000 ____D () C:\ProgramData\Curse Client 2014-05-20 11:15 - 2014-05-20 11:18 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Curse Advertising 2014-05-20 11:15 - 2014-05-20 11:15 - 00000000 ____D () C:\Users\Twins\Documents\My Curse 2014-05-20 11:13 - 2014-06-07 03:06 - 00000000 ____D () C:\Users\Twins\AppData\Local\Deployment 2014-05-20 11:13 - 2014-05-20 11:13 - 00000000 ____D () C:\Users\Twins\AppData\Local\Apps\2.0 2014-05-20 11:12 - 2014-05-20 11:12 - 00402696 _____ () C:\Users\Twins\Downloads\setup.exe 2014-05-20 02:32 - 2014-06-09 21:59 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\TS3Client 2014-05-20 02:32 - 2014-05-20 02:32 - 00001001 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2014-05-20 02:32 - 2014-05-20 02:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-05-20 02:32 - 2014-05-20 02:32 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client 2014-05-20 02:30 - 2014-05-20 02:31 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Twins\Downloads\TeamSpeak3-Client-win32-3.0.14(1).exe 2014-05-20 02:29 - 2014-05-20 02:30 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Twins\Downloads\TeamSpeak3-Client-win32-3.0.14.exe 2014-05-19 21:56 - 2014-05-19 21:56 - 00000382 _____ () C:\Users\Twins\Desktop\Local Area Connection - Shortcut.lnk 2014-05-19 08:37 - 2014-05-19 08:37 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software 2014-05-19 08:37 - 2014-05-19 08:37 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software 2014-05-18 22:13 - 2014-05-18 22:13 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Wargaming.net 2014-05-18 02:15 - 2014-06-08 20:27 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-05-18 02:15 - 2014-06-08 20:27 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-05-18 02:15 - 2014-05-18 02:15 - 00354442 _____ () C:\Users\Twins\AppData\Local\dd_vcredistMSI6B14.txt 2014-05-18 02:15 - 2014-05-18 02:15 - 00011142 _____ () C:\Users\Twins\AppData\Local\dd_vcredistUI6B14.txt 2014-05-18 02:13 - 2014-05-18 02:13 - 09237816 _____ (Wargaming.net ) C:\Users\Twins\Downloads\WoT_internet_install_na.exe 2014-05-15 21:08 - 2014-05-15 21:09 - 00000000 ____D () C:\Users\Twins\AppData\Local\TERA-Diagnostic 2014-05-15 20:52 - 2014-06-06 22:38 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Tera_Awesomium 2014-05-14 11:38 - 2014-06-06 20:14 - 00000000 ____D () C:\Program Files (x86)\TERA 2014-05-14 11:38 - 2014-05-14 11:38 - 00001505 _____ () C:\Users\Public\Desktop\TERA-Launcher.lnk 2014-05-14 11:38 - 2014-05-14 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA 2014-05-14 11:38 - 2014-05-14 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment 2014-05-14 11:36 - 2014-05-14 11:37 - 29265824 _____ (En Masse Entertainment) C:\Users\Twins\Downloads\TERA-Setup.exe 2014-05-14 11:33 - 2014-05-14 11:34 - 10458976 _____ () C:\Users\Twins\Downloads\TERA-Setup-HC.exe 2014-05-13 20:24 - 2014-05-05 20:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-13 20:24 - 2014-05-05 19:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-13 20:24 - 2014-05-05 19:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-13 20:24 - 2014-05-05 19:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-13 20:23 - 2014-05-05 20:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-13 20:23 - 2014-05-05 20:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-13 20:14 - 2014-03-25 12:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-13 20:14 - 2014-03-25 09:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2014-05-12 10:01 - 2014-05-16 22:09 - 00000000 ____D () C:\Users\Twins\Documents\My Games 2014-05-12 08:59 - 2014-05-12 08:59 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Awesomium 2014-05-12 08:53 - 2014-05-12 08:53 - 00001872 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk 2014-05-12 08:53 - 2014-05-12 08:53 - 00001863 _____ () C:\Users\Public\Desktop\Smite.lnk 2014-05-12 08:53 - 2014-05-12 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2014-05-12 08:53 - 2014-05-12 08:53 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios 2014-05-12 08:52 - 2014-05-12 08:53 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios 2014-05-12 08:50 - 2014-05-12 08:50 - 39967251 _____ (Hi-Rez Studios) C:\Users\Twins\Downloads\InstallHiRezGamesEnglish.exe 2014-05-12 05:49 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-05-12 05:49 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-05-12 05:49 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-05-12 05:49 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-05-12 05:48 - 2014-05-12 05:49 - 00004100 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-11 15:18 - 2014-05-11 15:18 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\AVG2014 2014-05-11 15:16 - 2014-05-19 08:37 - 00000872 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-05-11 15:16 - 2014-05-19 08:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-05-11 15:16 - 2014-05-11 15:16 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\TuneUp Software 2014-05-11 15:14 - 2014-06-03 10:54 - 00000000 ____D () C:\ProgramData\AVG2014 2014-05-11 15:14 - 2014-05-11 15:14 - 00000000 ____D () C:\$AVG 2014-05-11 15:12 - 2014-05-11 15:12 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-05-11 15:09 - 2014-06-07 02:57 - 00000000 ____D () C:\Users\Twins\AppData\Local\Avg2014 2014-05-11 15:09 - 2014-06-05 18:32 - 00000000 ____D () C:\ProgramData\MFAData 2014-05-11 15:09 - 2014-05-11 15:09 - 04485528 _____ (AVG Technologies) C:\Users\Twins\Downloads\avg_free_stb_all_2014_4577_cnet.exe 2014-05-11 15:09 - 2014-05-11 15:09 - 00000000 ____D () C:\Users\Twins\AppData\Local\MFAData 2014-05-11 04:13 - 2014-05-11 04:13 - 00000000 ____D () C:\Users\Twins\AppData\Local\SWTOR 2014-05-11 03:23 - 2014-06-09 00:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-05-11 03:10 - 2014-06-09 23:12 - 00000000 ____D () C:\ProgramData\BitRaider 2014-05-11 03:10 - 2014-05-11 03:10 - 00000000 ____D () C:\Users\Public\Documents\BitRaider 2014-05-11 03:07 - 2014-05-11 03:07 - 00001280 _____ () C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk 2014-05-11 03:07 - 2014-05-11 03:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA 2014-05-11 03:06 - 2014-05-11 03:07 - 00013992 _____ () C:\Users\Twins\Documents\Install STAR WARS The Old Republic.log 2014-05-11 03:05 - 2014-05-11 15:01 - 29720272 _____ () C:\Users\Twins\Downloads\SWTOR_setup.exe 2014-05-11 01:07 - 2014-06-09 17:28 - 00051850 _____ () C:\Windows\PFRO.log ==================== One Month Modified Files and Folders ======= 2014-06-10 14:28 - 2014-06-10 14:28 - 02080768 _____ (Farbar) C:\Users\Twins\Downloads\FRST64.exe 2014-06-10 14:28 - 2014-06-09 20:44 - 00014559 _____ () C:\Users\Twins\Downloads\FRST.txt 2014-06-10 14:28 - 2014-06-09 20:44 - 00000000 ____D () C:\FRST 2014-06-10 14:28 - 2011-09-15 12:36 - 00000000 ____D () C:\Users\Twins\AppData\Local\Temp 2014-06-10 14:27 - 2006-11-02 11:22 - 00004112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-10 14:27 - 2006-11-02 11:22 - 00004112 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-10 14:26 - 2011-11-23 15:52 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\BitTorrent 2014-06-10 14:25 - 2012-01-06 16:30 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Skype 2014-06-10 14:24 - 2014-06-10 14:17 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Twins\Downloads\spybot-2.3.exe 2014-06-10 14:09 - 2014-05-02 22:14 - 00000748 _____ () C:\Windows\wininit.ini 2014-06-10 14:09 - 2013-12-15 03:22 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-06-10 14:08 - 2013-12-15 03:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-06-10 14:02 - 2014-06-06 01:55 - 00000000 ____D () C:\Users\Twins\AppData\Local\fst_us_83 2014-06-10 13:56 - 2008-01-20 21:53 - 01489137 _____ () C:\Windows\WindowsUpdate.log 2014-06-10 13:51 - 2012-04-16 14:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-10 13:44 - 2012-03-09 21:29 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk 2014-06-10 06:51 - 2014-06-06 01:53 - 00003476 _____ () C:\Windows\System32\Tasks\GPUpdateCheck 2014-06-10 06:51 - 2014-06-01 00:11 - 00000270 _____ () C:\Windows\Tasks\pcreg.job 2014-06-10 06:51 - 2014-01-22 23:49 - 00000414 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job 2014-06-10 06:50 - 2011-09-15 12:56 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-10 06:50 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-09 23:13 - 2014-06-09 17:23 - 00000000 ____D () C:\AdwCleaner 2014-06-09 23:13 - 2014-06-09 16:24 - 00000000 ____D () C:\Program Files (x86)\ERUNT 2014-06-09 23:13 - 2014-06-08 22:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-09 23:13 - 2014-06-07 03:29 - 00000000 ____D () C:\Users\Twins\Downloads\World of Warcraft 3.3.5a (no install) 2014-06-09 23:13 - 2014-06-07 02:37 - 00000000 ____D () C:\Users\Twins\AppData\Local\MRS 2014-06-09 23:13 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Twins\AppData\Local\IdleCrawler 2014-06-09 23:13 - 2014-06-06 01:53 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\wi_upd 2014-06-09 23:13 - 2014-01-29 12:14 - 00000000 ____D () C:\Users\Twins\AppData\Local\TeamSpeak 3 Client 2014-06-09 23:13 - 2013-12-25 00:18 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-06-09 23:13 - 2013-10-10 17:29 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-06-09 23:13 - 2013-06-17 19:24 - 00000000 ____D () C:\Users\Twins\AppData\Local\SWTORPerf 2014-06-09 23:13 - 2013-05-15 18:42 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\SystemRequirementsLab 2014-06-09 23:13 - 2013-02-21 17:02 - 00000000 ____D () C:\Users\Twins\AppData\Local\TERA 2014-06-09 23:13 - 2012-05-14 21:06 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\PFStaticIP 2014-06-09 23:13 - 2012-04-12 23:20 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\.minecraft 2014-06-09 23:13 - 2012-03-09 21:08 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Azureus 2014-06-09 23:13 - 2012-01-03 22:48 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6 2014-06-09 23:13 - 2011-09-15 12:37 - 00000000 ___RD () C:\Users\Twins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-09 23:13 - 2011-09-15 12:37 - 00000000 ___RD () C:\Users\Twins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-06-09 23:13 - 2011-09-15 12:36 - 00000000 ___RD () C:\Users\Twins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-06-09 23:13 - 2011-09-15 12:36 - 00000000 ___RD () C:\Users\Twins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-06-09 23:13 - 2011-09-15 12:36 - 00000000 ____D () C:\Users\Twins 2014-06-09 23:13 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\spool 2014-06-09 23:12 - 2014-05-11 03:10 - 00000000 ____D () C:\ProgramData\BitRaider 2014-06-09 23:12 - 2014-01-14 19:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-06-09 23:12 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\registration 2014-06-09 23:07 - 2006-11-02 11:42 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-06-09 22:54 - 2014-06-07 03:18 - 00000000 ____D () C:\Users\Twins\Desktop\Old Firefox Data 2014-06-09 22:51 - 2014-06-09 22:50 - 00000000 ____D () C:\Program Files (x86)\GetPrivate 2014-06-09 22:51 - 2014-06-06 01:53 - 00003218 _____ () C:\Windows\System32\Tasks\GPUpdate 2014-06-09 22:46 - 2013-12-15 03:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware 2014-06-09 22:46 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\Msdtc 2014-06-09 22:44 - 2014-06-07 02:37 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\v9 2014-06-09 22:44 - 2014-06-07 02:37 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-06-09 22:44 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch 2014-06-09 22:44 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser 2014-06-09 22:44 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Twins\AppData\Local\Torch 2014-06-09 22:44 - 2014-06-06 01:53 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\GetPrivate 2014-06-09 22:44 - 2014-01-29 12:14 - 00000000 ____D () C:\Users\Twins\AppData\Local\SwvUpdater 2014-06-09 22:44 - 2013-03-28 00:45 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Conduit 2014-06-09 22:44 - 2006-11-02 08:33 - 68157440 _____ () C:\Windows\system32\config\software_previous 2014-06-09 22:44 - 2006-11-02 08:33 - 59244544 _____ () C:\Windows\system32\config\components_previous 2014-06-09 22:44 - 2006-11-02 08:33 - 27000832 _____ () C:\Windows\system32\config\system_previous 2014-06-09 22:44 - 2006-11-02 08:33 - 04980736 _____ () C:\Windows\system32\config\default_previous 2014-06-09 22:44 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\security_previous 2014-06-09 22:44 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous 2014-06-09 22:43 - 2014-06-07 02:38 - 00000000 ____D () C:\ProgramData\IePluginServices 2014-06-09 22:43 - 2014-06-07 02:38 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-06-09 22:43 - 2014-06-07 02:37 - 00000000 ____D () C:\Program Files (x86)\Supporter 2014-06-09 22:43 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Twins\AppData\Local\Chromatic Browser 2014-06-09 22:43 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch 2014-06-09 22:43 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser 2014-06-09 22:43 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch 2014-06-09 22:43 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-06-09 22:43 - 2014-06-06 01:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fst 2014-06-09 22:43 - 2014-06-04 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks 2014-06-09 22:43 - 2014-01-29 12:14 - 00000000 ____D () C:\Users\Twins\AppData\Local\Mobogenie 2014-06-09 22:43 - 2013-12-15 03:28 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-09 22:43 - 2013-12-15 03:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-06-09 22:43 - 2013-06-17 19:17 - 00000000 ____D () C:\Users\hedev\AppData\Local\Temp 2014-06-09 22:43 - 2012-06-09 21:12 - 00000000 ____D () C:\Program Files (x86)\Uncompressor 2014-06-09 22:43 - 2012-04-14 19:27 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-09 22:43 - 2012-04-13 21:54 - 00000000 ____D () C:\Program Files\Java 2014-06-09 22:43 - 2006-11-02 09:33 - 00000000 __RHD () C:\Users\Default 2014-06-09 22:32 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\Twins\AppData\Local\Temp(475) 2014-06-09 21:59 - 2014-05-20 02:32 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\TS3Client 2014-06-09 20:46 - 2014-06-09 20:45 - 00028420 _____ () C:\Users\Twins\Downloads\Addition.txt 2014-06-09 17:33 - 2014-06-09 17:33 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-06-09 17:28 - 2014-05-11 01:07 - 00051850 _____ () C:\Windows\PFRO.log 2014-06-09 17:27 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\schemas 2014-06-09 17:20 - 2014-06-09 17:20 - 00023721 _____ () C:\ComboFix.txt 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\hedev\AppData\Local\Temp(145) 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\Guest\AppData\Local\temp 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\AppData\AppData\Local\temp 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-06-09 17:20 - 2014-06-09 17:20 - 00000000 ____D () C:\$RECYCLE(0).BIN 2014-06-09 17:20 - 2014-06-09 16:57 - 00000000 ____D () C:\Qoobox 2014-06-09 16:55 - 2014-06-09 16:55 - 00019116 _____ () C:\Users\Twins\Rogue killer report.txt 2014-06-09 16:42 - 2014-06-09 16:42 - 00000000 ____D () C:\ProgramData\RogueKiller 2014-06-09 16:24 - 2014-06-09 16:22 - 00001684 _____ () C:\Users\Twins\Desktop\Rkill.txt 2014-06-09 00:44 - 2014-05-11 03:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-09 00:43 - 2014-06-09 00:43 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Oracle 2014-06-09 00:42 - 2014-06-09 00:40 - 00004312 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log 2014-06-09 00:42 - 2014-01-14 21:39 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-08 22:48 - 2006-11-02 09:33 - 00000000 ___RD () C:\Windows\Offline Web Pages 2014-06-08 20:27 - 2014-06-08 20:27 - 00355932 _____ () C:\Users\Twins\AppData\Local\dd_vcredistMSI17A1.txt 2014-06-08 20:27 - 2014-06-08 20:27 - 00012686 _____ () C:\Users\Twins\AppData\Local\dd_vcredistUI17A1.txt 2014-06-08 20:27 - 2014-06-08 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks(143) 2014-06-08 20:27 - 2014-05-18 02:15 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-06-08 20:27 - 2014-05-18 02:15 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-06-08 13:16 - 2014-06-08 13:16 - 00000000 ____D () C:\Users\Twins\Downloads\World of Warcraft - Cataclysm 4.3.4 (15595) 2014-06-07 03:28 - 2014-06-07 03:28 - 02271768 _____ () C:\Users\Twins\Downloads\World_of_Warcraft__Wrath_of_the_Lich_King_3.3.5a_(12340)(2).exe 2014-06-07 03:22 - 2014-06-02 18:57 - 00000000 ____D () C:\temp 2014-06-07 03:10 - 2014-06-07 03:10 - 00000966 _____ () C:\Users\Twins\Desktop\Malwarebytes Anti-Malware (3).lnk 2014-06-07 03:08 - 2014-06-07 03:03 - 00000888 _____ () C:\Users\Twins\Desktop\firefox - Shortcut.lnk 2014-06-07 03:07 - 2014-06-07 03:07 - 00003062 _____ () C:\Windows\System32\Tasks\{AD25DF9B-4329-446D-8C2B-242460392057} 2014-06-07 03:07 - 2014-05-03 20:20 - 00000900 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-07 03:07 - 2011-09-15 12:37 - 00000979 _____ () C:\Users\Twins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-07 03:07 - 2011-09-15 12:37 - 00000973 _____ () C:\Users\Twins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-06-07 03:06 - 2014-05-20 11:13 - 00000000 ____D () C:\Users\Twins\AppData\Local\Deployment 2014-06-07 02:57 - 2014-05-11 15:09 - 00000000 ____D () C:\Users\Twins\AppData\Local\Avg2014 2014-06-07 02:43 - 2014-06-07 02:43 - 00000779 _____ () C:\Users\Twins\Desktop\BitTorrent.lnk 2014-06-07 02:43 - 2014-06-07 02:43 - 00000759 _____ () C:\Users\Twins\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk 2014-06-07 02:42 - 2014-06-07 02:42 - 01643344 _____ (BitTorrent Inc.) C:\Users\Twins\Downloads\BitTorrent(1).exe 2014-06-07 02:40 - 2014-06-07 02:40 - 01643344 _____ (BitTorrent Inc.) C:\Users\Twins\Downloads\BitTorrent.exe 2014-06-07 02:39 - 2014-06-07 02:39 - 02271768 _____ () C:\Users\Twins\Downloads\StartDownload.exe 2014-06-07 02:37 - 2014-06-07 02:37 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\MRS 2014-06-07 02:37 - 2014-06-07 02:36 - 00000000 ____D () C:\Program Files (x86)\MRS 2014-06-07 02:36 - 2014-06-07 02:36 - 00004574 _____ () C:\Windows\System32\Tasks\IdleCrawler Runner 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Twins\AppData\Local\Comodo 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Guest 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo 2014-06-07 02:36 - 2014-06-07 02:36 - 00000000 ____D () C:\Users\Administrator 2014-06-07 02:36 - 2014-03-08 22:24 - 00000000 ____D () C:\ProgramData\41c75174d4b9f261 2014-06-07 02:36 - 2014-02-13 22:57 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-06-07 02:36 - 2011-11-23 15:53 - 00000000 ____D () C:\Users\Twins\AppData\Local\Google 2014-06-07 02:35 - 2014-06-07 02:34 - 02271768 _____ () C:\Users\Twins\Downloads\World_of_Warcraft__Wrath_of_the_Lich_King_3.3.5a_(12340)(1).exe 2014-06-06 22:38 - 2014-05-15 20:52 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Tera_Awesomium 2014-06-06 20:14 - 2014-05-14 11:38 - 00000000 ____D () C:\Program Files (x86)\TERA 2014-06-06 01:52 - 2014-06-06 01:52 - 02271768 _____ () C:\Users\Twins\Downloads\World_of_Warcraft__Wrath_of_the_Lich_King_3.3.5a_(12340).exe 2014-06-05 18:32 - 2014-05-11 15:09 - 00000000 ____D () C:\ProgramData\MFAData 2014-06-04 17:39 - 2014-06-04 17:39 - 00354396 _____ () C:\Users\Twins\AppData\Local\dd_vcredistMSI5E87.txt 2014-06-04 17:39 - 2014-06-04 17:39 - 00011910 _____ () C:\Users\Twins\AppData\Local\dd_vcredistUI5E87.txt 2014-06-04 17:39 - 2014-06-04 17:39 - 00000717 _____ () C:\Users\Public\Desktop\World of Tanks.lnk 2014-06-04 17:39 - 2014-06-04 17:39 - 00000000 ____D () C:\Games 2014-06-04 17:38 - 2014-06-04 17:38 - 09237816 _____ (Wargaming.net ) C:\Users\Twins\Downloads\WoT_internet_install_na(1).exe 2014-06-04 01:26 - 2011-09-15 12:50 - 00001356 _____ () C:\Users\Twins\AppData\Local\d3d9caps.dat 2014-06-03 16:08 - 2014-06-08 22:15 - 00000000 ____D () C:\Users\Twins\Desktop\Chameleon 2014-06-03 10:54 - 2014-06-01 00:11 - 00000000 ____D () C:\Program Files\pcmax 2014-06-03 10:54 - 2014-05-11 15:14 - 00000000 ____D () C:\ProgramData\AVG2014 2014-06-01 00:15 - 2014-06-01 00:15 - 00000744 _____ () C:\Users\Public\Desktop\Speccy.lnk 2014-06-01 00:15 - 2014-06-01 00:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2014-06-01 00:15 - 2014-06-01 00:15 - 00000000 ____D () C:\Program Files\Speccy 2014-06-01 00:15 - 2014-06-01 00:14 - 04890736 _____ (Piriform Ltd) C:\Users\Twins\Downloads\spsetup126.exe 2014-06-01 00:11 - 2014-06-01 00:11 - 00002898 _____ () C:\Windows\System32\Tasks\pcreg 2014-05-26 23:40 - 2013-12-25 00:05 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-05-25 18:30 - 2014-05-25 18:29 - 00557470 _____ () C:\Users\Twins\Documents\TheMiniMaus.wotreplay 2014-05-23 21:52 - 2014-05-09 00:58 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\NCSOFT 2014-05-23 21:52 - 2014-05-09 00:58 - 00000000 ____D () C:\Users\Twins\AppData\Local\NCSOFT 2014-05-23 21:52 - 2014-05-09 00:58 - 00000000 ____D () C:\Program Files (x86)\NCSOFT 2014-05-21 23:12 - 2012-01-06 16:30 - 00000000 ____D () C:\ProgramData\Skype 2014-05-21 23:09 - 2014-05-21 23:09 - 00003002 _____ () C:\Windows\System32\Tasks\{7E0B3D46-A349-4B5C-8D3A-B29D13704B6A} 2014-05-21 23:09 - 2014-05-21 23:09 - 00003002 _____ () C:\Windows\System32\Tasks\{14FE9E67-2288-43B8-A8D7-B08AA0B53B96} 2014-05-21 23:09 - 2014-03-13 22:30 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-05-20 11:18 - 2014-05-20 11:18 - 00000000 ____D () C:\ProgramData\Curse Client 2014-05-20 11:18 - 2014-05-20 11:15 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Curse Advertising 2014-05-20 11:15 - 2014-05-20 11:15 - 00000000 ____D () C:\Users\Twins\Documents\My Curse 2014-05-20 11:13 - 2014-05-20 11:13 - 00000000 ____D () C:\Users\Twins\AppData\Local\Apps\2.0 2014-05-20 11:12 - 2014-05-20 11:12 - 00402696 _____ () C:\Users\Twins\Downloads\setup.exe 2014-05-20 02:32 - 2014-05-20 02:32 - 00001001 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2014-05-20 02:32 - 2014-05-20 02:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-05-20 02:32 - 2014-05-20 02:32 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client 2014-05-20 02:31 - 2014-05-20 02:30 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Twins\Downloads\TeamSpeak3-Client-win32-3.0.14(1).exe 2014-05-20 02:30 - 2014-05-20 02:29 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Twins\Downloads\TeamSpeak3-Client-win32-3.0.14.exe 2014-05-19 21:56 - 2014-05-19 21:56 - 00000382 _____ () C:\Users\Twins\Desktop\Local Area Connection - Shortcut.lnk 2014-05-19 08:37 - 2014-05-19 08:37 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software 2014-05-19 08:37 - 2014-05-19 08:37 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software 2014-05-19 08:37 - 2014-05-11 15:16 - 00000872 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-05-19 08:37 - 2014-05-11 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-05-18 22:13 - 2014-05-18 22:13 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Wargaming.net 2014-05-18 02:15 - 2014-05-18 02:15 - 00354442 _____ () C:\Users\Twins\AppData\Local\dd_vcredistMSI6B14.txt 2014-05-18 02:15 - 2014-05-18 02:15 - 00011142 _____ () C:\Users\Twins\AppData\Local\dd_vcredistUI6B14.txt 2014-05-18 02:13 - 2014-05-18 02:13 - 09237816 _____ (Wargaming.net ) C:\Users\Twins\Downloads\WoT_internet_install_na.exe 2014-05-16 22:09 - 2014-05-12 10:01 - 00000000 ____D () C:\Users\Twins\Documents\My Games 2014-05-15 21:09 - 2014-05-15 21:08 - 00000000 ____D () C:\Users\Twins\AppData\Local\TERA-Diagnostic 2014-05-14 11:38 - 2014-05-14 11:38 - 00001505 _____ () C:\Users\Public\Desktop\TERA-Launcher.lnk 2014-05-14 11:38 - 2014-05-14 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA 2014-05-14 11:38 - 2014-05-14 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment 2014-05-14 11:37 - 2014-05-14 11:36 - 29265824 _____ (En Masse Entertainment) C:\Users\Twins\Downloads\TERA-Setup.exe 2014-05-14 11:34 - 2014-05-14 11:33 - 10458976 _____ () C:\Users\Twins\Downloads\TERA-Setup-HC.exe 2014-05-13 20:37 - 2013-08-07 03:01 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-13 20:34 - 2006-11-02 08:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys 2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys 2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys 2014-05-13 05:52 - 2012-04-16 14:38 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-13 05:51 - 2012-04-16 14:38 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-13 05:51 - 2011-09-15 12:45 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-12 09:56 - 2014-05-09 01:19 - 00133073 _____ () C:\Windows\DirectX.log 2014-05-12 08:59 - 2014-05-12 08:59 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\Awesomium 2014-05-12 08:53 - 2014-05-12 08:53 - 00001872 _____ () C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk 2014-05-12 08:53 - 2014-05-12 08:53 - 00001863 _____ () C:\Users\Public\Desktop\Smite.lnk 2014-05-12 08:53 - 2014-05-12 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios 2014-05-12 08:53 - 2014-05-12 08:53 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios 2014-05-12 08:53 - 2014-05-12 08:52 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios 2014-05-12 08:52 - 2011-09-15 13:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-05-12 08:50 - 2014-05-12 08:50 - 39967251 _____ (Hi-Rez Studios) C:\Users\Twins\Downloads\InstallHiRezGamesEnglish.exe 2014-05-12 05:49 - 2014-05-12 05:48 - 00004100 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-05-12 05:39 - 2014-05-03 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-05-11 16:31 - 2006-11-02 11:36 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk 2014-05-11 16:31 - 2006-11-02 11:36 - 00001753 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk 2014-05-11 16:31 - 2006-11-02 11:35 - 00001707 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk 2014-05-11 16:31 - 2006-11-02 11:34 - 00001718 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk 2014-05-11 15:18 - 2014-05-11 15:18 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\AVG2014 2014-05-11 15:16 - 2014-05-11 15:16 - 00000000 ____D () C:\Users\Twins\AppData\Roaming\TuneUp Software 2014-05-11 15:14 - 2014-05-11 15:14 - 00000000 ____D () C:\$AVG 2014-05-11 15:12 - 2014-05-11 15:12 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-05-11 15:09 - 2014-05-11 15:09 - 04485528 _____ (AVG Technologies) C:\Users\Twins\Downloads\avg_free_stb_all_2014_4577_cnet.exe 2014-05-11 15:09 - 2014-05-11 15:09 - 00000000 ____D () C:\Users\Twins\AppData\Local\MFAData 2014-05-11 15:01 - 2014-05-11 03:05 - 29720272 _____ () C:\Users\Twins\Downloads\SWTOR_setup.exe 2014-05-11 13:16 - 2014-05-03 20:42 - 00000719 _____ () C:\Windows\setupact.log 2014-05-11 11:39 - 2011-09-15 12:36 - 00001460 _____ () C:\Users\Twins\AppData\Local\d3d9caps64.dat 2014-05-11 04:13 - 2014-05-11 04:13 - 00000000 ____D () C:\Users\Twins\AppData\Local\SWTOR 2014-05-11 03:10 - 2014-05-11 03:10 - 00000000 ____D () C:\Users\Public\Documents\BitRaider 2014-05-11 03:07 - 2014-05-11 03:07 - 00001280 _____ () C:\Users\Public\Desktop\Star Wars - The Old Republic.lnk 2014-05-11 03:07 - 2014-05-11 03:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA 2014-05-11 03:07 - 2014-05-11 03:06 - 00013992 _____ () C:\Users\Twins\Documents\Install STAR WARS The Old Republic.log ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-10 06:57 ==================== End Of Log =========================
- June 10, 2014
- 13 replies
Resilient malware.

Hunter2222 posted a topic in Resolved Malware Removal Logs

Hello, I am having severe issues with malware on my pc. I've tried running Malwarebytes several times, and every time it detects the same issues and says it corrects them. Afterwards, I find that the same detected malware is still there. I've run multiple different programs including AVG, Adwcleaner, Chameleon, and Rogue killer among other things. they all seem to detect the same problems, but the threats are never removed successfully (even though the programs always say they were). I'm at my wits end on this.
- June 10, 2014
- 13 replies

Sign In

Hunter2222

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by Hunter2222

Resilient malware.

Resilient malware.

Resilient malware.

Resilient malware.

Resilient malware.

Resilient malware.

Resilient malware.

Resilient malware.

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information