Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus/trojan issues [Closed]


  • This topic is locked This topic is locked

#1
Blain1

Blain1

    Member

  • Member
  • PipPip
  • 13 posts
Hi guys, my wife's laptop has some major issues.
I have run most of the AV/malware/trojan removal tools and this is my last resort.
Please help!
Here is my OTL log:

OTL logfile created on: 8/26/2013 7:26:59 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nomary\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 64.79% Memory free
5.50 Gb Paging File | 4.72 Gb Available in Paging File | 85.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.44 Gb Total Space | 2.40 Gb Free Space | 2.17% Space Free | Partition Type: NTFS
Drive D: | 106.90 Gb Total Space | 17.65 Gb Free Space | 16.51% Space Free | Partition Type: NTFS

Computer Name: NOMARY-PC | User Name: Nomary | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/08 12:22:44 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/02/10 21:17:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Nomary\Downloads\OTL.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/04 01:09:40 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [1997/08/06 00:00:00 | 000,022,016 | ---- | M] () -- C:\Windows\System32\DOCOBJ.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (CAATT)
SRV - File not found [On_Demand | Stopped] -- -- (ATTRcAppSvc)
SRV - [2013/08/22 13:36:32 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/20 20:06:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/27 07:14:09 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/06/27 07:12:56 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/09 00:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/09/08 12:22:44 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/10/28 05:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/04/16 07:09:45 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/29 07:03:28 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/03/27 05:10:00 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (catchme)
DRV - [2013/04/02 21:29:42 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/04/02 21:29:42 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/04/02 21:29:42 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/01/30 21:30:29 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/09/02 17:38:45 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/08/15 20:49:35 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/15 20:49:34 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/06/05 10:22:05 | 000,025,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/24 12:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 12:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/10/05 17:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/23 06:06:38 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009/08/09 22:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/29 17:10:42 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/23 10:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/06/24 15:03:02 | 000,044,544 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV - [2009/06/24 05:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/06/11 00:18:00 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/05/04 08:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/04/03 07:39:58 | 000,027,320 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2007/06/27 10:42:34 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx56.sys -- (SWUMX56) Sierra Wireless USB MUX Driver (UMTS56)
DRV - [2007/06/27 10:41:48 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u56.sys -- (SWNC8U56) Sierra Wireless MUX NDIS Driver (UMTS56)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 E4 9B F1 E6 A1 CE 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.911
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.23.0.5

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@e-academy.com/Host SDM Plugin; version=1.0.0.0: C:\Users\Nomary\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/23 13:05:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/22 13:36:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/22 13:36:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/07 12:42:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/22 13:36:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/22 13:36:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/07 12:42:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/01/15 21:43:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nomary\AppData\Roaming\Mozilla\Extensions
[2012/10/24 23:02:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nomary\AppData\Roaming\Mozilla\Firefox\Profiles\ifawttcs.default\extensions
[2011/09/02 05:26:21 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Nomary\AppData\Roaming\Mozilla\Firefox\Profiles\ifawttcs.default\extensions\[email protected]
[2013/08/22 13:36:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/22 13:36:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/05/12 17:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/05/12 17:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/05/12 17:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/05/12 17:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/05/12 18:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2010/05/12 17:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: iTunes Application Detector (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Nomary\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Nomary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EA125D8-FFA2-433A-B055-301A0818E01D}: DhcpNameServer = 209.183.33.23 209.183.35.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846C9806-504B-45FD-A2A9-7F4A5B67FD2E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3DD4762-C374-4B05-9990-1C43692ADA62}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/08/25 14:27:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/25 14:26:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/25 14:24:38 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013/08/25 14:12:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/08/25 14:07:17 | 000,000,000 | ---D | C] -- C:\FRST
[2013/08/25 12:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/08/25 12:36:39 | 000,000,000 | ---D | C] -- C:\Users\Nomary\Desktop\mbar
[2013/08/25 12:09:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/25 11:05:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/25 10:44:09 | 000,000,000 | ---D | C] -- C:\found.000
[2013/08/23 07:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/08/23 07:29:44 | 000,000,000 | ---D | C] -- C:\Users\Nomary\Desktop\RK_Quarantine
[2013/08/22 13:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/20 16:57:10 | 000,000,000 | ---D | C] -- C:\Users\Nomary\AppData\Local\Programs
[2013/08/20 16:53:52 | 001,898,112 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Nomary\Desktop\rkill(1).exe
[2013/08/20 08:47:41 | 000,000,000 | ---D | C] -- C:\Users\Nomary\AppData\Local\temp
[2013/08/20 08:22:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/19 09:31:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/08/14 19:24:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/14 19:24:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/14 19:24:25 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/14 19:24:24 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/14 19:24:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/08/14 19:24:22 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/14 19:24:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/08/14 19:24:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/08/14 19:09:28 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/08/14 19:09:28 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/08/14 19:09:15 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/08/14 19:09:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/08/07 12:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013/08/03 16:18:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[6 C:\Users\Nomary\Desktop\*.tmp files -> C:\Users\Nomary\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/25 14:24:38 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013/08/25 14:24:38 | 000,000,668 | ---- | M] () -- C:\Windows\System32\bootdelete.lst
[2013/08/25 11:08:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/25 11:08:11 | 2213,302,272 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/25 10:46:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/25 10:45:03 | 000,003,280 | ---- | M] () -- C:\bootsqm.dat
[2013/08/25 09:59:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/25 09:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/23 21:18:10 | 000,025,424 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/23 21:18:10 | 000,025,424 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/22 16:47:11 | 000,001,990 | ---- | M] () -- C:\Users\Nomary\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/08/20 20:06:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/08/20 20:06:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/08/20 16:57:27 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/20 16:53:55 | 001,898,112 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Nomary\Desktop\rkill(1).exe
[2013/08/20 16:28:53 | 000,429,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/14 19:12:40 | 000,627,354 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/14 19:12:40 | 000,107,638 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/10 09:21:04 | 000,002,056 | ---- | M] () -- C:\Users\Nomary\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/08/10 09:16:08 | 000,602,360 | ---- | M] () -- C:\Users\Nomary\Desktop\RN app Critical Care.pdf
[2013/08/03 11:34:46 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[6 C:\Users\Nomary\Desktop\*.tmp files -> C:\Users\Nomary\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/25 14:24:38 | 000,000,668 | ---- | C] () -- C:\Windows\System32\bootdelete.lst
[2013/08/25 10:45:03 | 000,003,280 | ---- | C] () -- C:\bootsqm.dat
[2013/08/20 16:57:27 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/10 09:16:08 | 000,602,360 | ---- | C] () -- C:\Users\Nomary\Desktop\RN app Critical Care.pdf
[2013/01/30 17:34:19 | 000,007,602 | ---- | C] () -- C:\Users\Nomary\AppData\Local\Resmon.ResmonCfg
[2011/08/22 14:32:01 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2011/06/05 10:26:05 | 000,025,736 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2011/02/24 08:33:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\RMActivate_isv.exe
[2011/02/24 08:32:32 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/09/14 20:34:24 | 000,683,801 | ---- | C] () -- C:\Windows\unins000.exe
[2010/09/14 20:34:24 | 000,002,305 | ---- | C] () -- C:\Windows\unins000.dat
[2010/04/25 11:20:02 | 000,000,022 | ---- | C] () -- C:\Windows\exchng.ini
[2010/04/25 11:20:01 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/04/25 10:28:27 | 000,000,737 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/15 21:24:35 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/01/15 21:22:35 | 000,123,780 | R--- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2010/01/15 21:22:35 | 000,001,496 | R--- | C] () -- C:\Windows\System32\drivers\RtkAcerM.dat
[2010/01/15 21:22:35 | 000,000,728 | R--- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010/01/15 21:22:35 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010/01/15 21:22:35 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010/01/15 21:22:35 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010/01/15 21:22:35 | 000,000,008 | R--- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010/01/15 15:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 000,429,448 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,627,354 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,638 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 16:04:01 | 000,344,064 | ---- | C] () -- C:\Windows\System32\msrd3x40.dll
[2009/06/17 23:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1997/08/06 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL
[1997/08/06 00:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997/08/06 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/02/01 08:24:13 | 000,000,000 | ---D | M] -- C:\Users\Nomary\AppData\Roaming\Aventail
[2011/09/03 10:49:30 | 000,000,000 | ---D | M] -- C:\Users\Nomary\AppData\Roaming\e-academy Inc
[2012/01/09 20:50:07 | 000,000,000 | ---D | M] -- C:\Users\Nomary\AppData\Roaming\ICAClient
[2010/11/27 18:50:09 | 000,000,000 | ---D | M] -- C:\Users\Nomary\AppData\Roaming\Leadertech
[2010/01/29 23:03:45 | 000,000,000 | ---D | M] -- C:\Users\Nomary\AppData\Roaming\OpenOffice.org
[2011/06/05 08:06:59 | 000,000,000 | ---D | M] -- C:\Users\Nomary\AppData\Roaming\Sierra Wireless
[2010/09/09 10:22:05 | 000,000,000 | ---D | M] -- C:\Users\Nomary\AppData\Roaming\Southwest Airlines
[2013/05/19 13:57:49 | 000,000,000 | ---D | M] -- C:\Users\Nomary\AppData\Roaming\Thunderbird
[2012/09/02 17:39:48 | 000,000,000 | ---D | M] -- C:\Users\Nomary\AppData\Roaming\Titanium
[2013/08/20 21:53:54 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Could you please post the logs from Rkill, RogueKiller, and FRST.

Also, please describes the symptoms of the computer.
  • 0

#3
Blain1

Blain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for your fast response, I am at work right now but will get you that info ASAP!

The laptop is running very slow, can't update Avira, system restore points have disappeared, browsers and other programs are very slow to open if they do at all, Malawarebytes bytes shows nothing, I run Ccleaner and Superantispyware religiously, nothing on those either.

I ran the 3 programs you mentioned in safe mode, along with a multitude of others, Hijackthis shows nothing suspect either.

The OTL log is from after I ran everything, I shut it down out of safe mode this morning and did not boot it normally.

Edited by Blain1, 26 August 2013 - 10:14 AM.

  • 0

#4
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Okay, I will wait for the logs. Are you running from Safe Mode because normal mode will not work, or just because it works faster in Safe Mode?
  • 0

#5
Blain1

Blain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I can run things in safe mode that would not work in regular mode plus it is faster.
  • 0

#6
Blain1

Blain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok here they are all run in regular mode:
Avira updated now:

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 08/26/2013 12:09:33 PM in x86 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Nomary\AppData\Local\Temp\RtkBtMnt.exe (PID: 3376) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingc.../hosts-permbat/

Program finished at: 08/26/2013 12:12:50 PM
Execution time: 0 hours(s), 3 minute(s), and 16 seconds(s)


RogueKiller V8.6.6 [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Nomary [Admin rights]
Mode : Scan -- Date : 08/26/2013 12:16:57
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[84] : NtCreateSection @ 0x8326B12D -> HOOKED (Unknown @ 0x968A8CCE)
[Address] SSDT[299] : NtRequestWaitReplyPort @ 0x83285B12 -> HOOKED (Unknown @ 0x968A8CD8)
[Address] SSDT[316] : NtSetContextThread @ 0x8332589F -> HOOKED (Unknown @ 0x968A8CD3)
[Address] SSDT[347] : NtSetSecurityObject @ 0x832497F3 -> HOOKED (Unknown @ 0x968A8CDD)
[Address] SSDT[368] : NtSystemDebugControl @ 0x832CD7DA -> HOOKED (Unknown @ 0x968A8CE2)
[Address] SSDT[370] : NtTerminateProcess @ 0x832A2D76 -> HOOKED (Unknown @ 0x968A8C6F)
[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x968A8CF6)
[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x968A8CFB)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250827AS ATA Device +++++
--- User ---
[MBR] d265edae687e4da24a71bd08eb91d569
[BSP] d5459d2273c328b8cd941e90548b6c39 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12288 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25167872 | Size: 113092 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 256780288 | Size: 109465 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 480964608 | Size: 3628 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08262013_121656.txt >>
RKreport[0]_D_08232013_074944.txt;RKreport[0]_D_08252013_164732.txt;RKreport[0]_S_08232013_074831.txt
RKreport[0]_S_08252013_144259.txt



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-08-2013
Ran by Nomary (administrator) on 26-08-2013 12:19:06
Running from C:\Users\Nomary\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Software 2000 Limited) C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Southwest Airlines) C:\Program Files\Southwest Airlines\Ding\Ding.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
() C:\Users\Nomary\Downloads\RogueKiller(1).exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files\Apple Software Update\SoftwareUpdate.exe
(Macrovision Corporation) C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7600672 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1352272 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5703920 2013-08-14] (SUPERAntiSpyware)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
Startup: C:\Users\Nomary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk
ShortcutTarget: DING!.lnk -> C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-15] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Nomary\AppData\Roaming\Mozilla\Firefox\Profiles\ifawttcs.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.609 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.609 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.609 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.609 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @e-academy.com/Host SDM Plugin; version=1.0.0.0 - C:\Users\Nomary\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()
FF Extension: No Name - C:\Users\Nomary\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Виявлення пристроїв Logitech - C:\Users\Nomary\AppData\Roaming\Mozilla\Firefox\Profiles\ifawttcs.default\Extensions\[email protected]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (NPAPI plugin to host SDM ActiveX) - C:\Users\Nomary\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Nomary\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-08] (SUPERAntiSpyware.com)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
S3 ATTRcAppSvc; "C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" [x]
S3 CAATT; "C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-02] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [44544 2009-06-24] (Nuvoton Technology Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [159776 2009-06-24] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-01-30] (Avira GmbH)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [25736 2011-06-05] ()
S3 SWNC8U56; C:\Windows\System32\DRIVERS\swnc8u56.sys [101248 2007-06-27] (Sierra Wireless Inc.)
S3 SWUMX56; C:\Windows\System32\DRIVERS\swumx56.sys [73856 2007-06-27] (Sierra Wireless Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2012-09-02] (The OpenVPN Project)
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-26 12:16 - 2013-08-26 12:17 - 00002291 _____ C:\Users\Nomary\Desktop\RKreport[0]_S_08262013_121656.txt
2013-08-26 12:14 - 2013-08-26 12:14 - 00002596 _____ C:\Users\Nomary\Desktop\Rkill 8-26.txt
2013-08-26 12:00 - 2013-08-26 12:06 - 00019845 _____ C:\Windows\WindowsUpdate.log
2013-08-26 11:57 - 2013-08-26 12:08 - 00000112 _____ C:\Windows\setupact.log
2013-08-26 11:57 - 2013-08-26 11:57 - 00000000 _____ C:\Windows\setuperr.log
2013-08-26 11:56 - 2013-08-26 11:56 - 00043104 _____ C:\Windows\PFRO.log
2013-08-26 07:28 - 2013-08-26 07:28 - 00068582 _____ C:\Users\Nomary\Downloads\OTL.Txt
2013-08-26 07:28 - 2013-08-26 07:28 - 00030962 _____ C:\Users\Nomary\Downloads\Extras.Txt
2013-08-25 21:45 - 2013-08-25 21:45 - 20597896 _____ (Microsoft Corporation) C:\Users\Nomary\Downloads\Windows-KB890830-V5.3.exe
2013-08-25 21:20 - 2013-08-25 21:22 - 128967616 _____ C:\Users\Nomary\Downloads\sbw269i1.exe
2013-08-25 16:59 - 2013-08-25 16:59 - 00006628 _____ C:\Users\Nomary\Desktop\hijackthis8-25-13.log
2013-08-25 16:47 - 2013-08-25 16:47 - 00001784 _____ C:\Users\Nomary\Desktop\RKreport[0]_D_08252013_164732.txt
2013-08-25 14:42 - 2013-08-25 14:42 - 00001740 _____ C:\Users\Nomary\Desktop\RKreport[0]_S_08252013_144259.txt
2013-08-25 14:32 - 2013-08-25 14:32 - 00000767 _____ C:\Users\Nomary\Desktop\JRT.txt
2013-08-25 14:26 - 2013-08-25 14:26 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 14:24 - 2013-08-25 14:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-08-25 14:12 - 2013-08-25 14:24 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-25 14:08 - 2013-08-25 14:08 - 00021075 _____ C:\Users\Nomary\Downloads\Addition.txt
2013-08-25 14:07 - 2013-08-25 14:07 - 00000000 ____D C:\FRST
2013-08-25 12:37 - 2013-08-25 13:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-25 12:36 - 2013-08-25 13:29 - 00000000 ____D C:\Users\Nomary\Desktop\mbar
2013-08-25 12:36 - 2013-08-25 12:36 - 00377856 _____ C:\Users\Nomary\Downloads\59qiem6m.exe
2013-08-25 12:34 - 2013-08-25 12:34 - 01021434 _____ (Thisisu) C:\Users\Nomary\Downloads\JRT.exe
2013-08-25 12:34 - 2013-08-25 12:34 - 00923136 _____ C:\Users\Nomary\Downloads\RogueKiller(1).exe
2013-08-25 12:33 - 2013-08-25 14:12 - 09167352 _____ (SurfRight B.V.) C:\Users\Nomary\Downloads\HitmanPro.exe
2013-08-25 12:33 - 2013-08-25 12:33 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Nomary\Downloads\mbar-1.07.0.1005.exe
2013-08-25 11:05 - 2013-08-25 11:06 - 00000000 ____D C:\AdwCleaner
2013-08-25 10:45 - 2013-08-25 10:45 - 00003280 ____N C:\bootsqm.dat
2013-08-25 10:44 - 2013-08-25 10:44 - 00000000 ____D C:\found.000
2013-08-25 10:22 - 2013-08-25 11:54 - 00002810 _____ C:\Users\Nomary\Desktop\unhide.txt
2013-08-25 10:21 - 2013-08-25 10:21 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Nomary\Downloads\unhide.exe
2013-08-25 10:20 - 2013-08-25 10:20 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Nomary\Downloads\tdsskiller(2).exe
2013-08-25 10:17 - 2013-08-25 10:18 - 00994642 _____ C:\Users\Nomary\Downloads\AdwCleaner.exe
2013-08-25 09:57 - 2013-08-25 09:57 - 02347384 _____ (ESET) C:\Users\Nomary\Downloads\esetsmartinstaller_enu(1).exe
2013-08-23 07:50 - 2013-08-23 07:50 - 02347384 _____ (ESET) C:\Users\Nomary\Downloads\esetsmartinstaller_enu.exe
2013-08-23 07:50 - 2013-08-23 07:50 - 00000000 ____D C:\Program Files\ESET
2013-08-23 07:49 - 2013-08-23 07:49 - 00001588 _____ C:\Users\Nomary\Desktop\RKreport[0]_D_08232013_074944.txt
2013-08-23 07:48 - 2013-08-23 07:48 - 00001551 _____ C:\Users\Nomary\Desktop\RKreport[0]_S_08232013_074831.txt
2013-08-23 07:29 - 2013-08-25 16:47 - 00000000 ____D C:\Users\Nomary\Desktop\RK_Quarantine
2013-08-23 07:11 - 2013-08-23 07:11 - 00602112 _____ (OldTimer Tools) C:\Users\Nomary\Downloads\OTL(1).exe
2013-08-23 07:09 - 2013-08-23 07:10 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Nomary\Downloads\tdsskiller(1).exe
2013-08-23 07:07 - 2013-08-23 09:12 - 04745728 _____ (AVAST Software) C:\Users\Nomary\Downloads\aswMBR.exe
2013-08-22 13:36 - 2013-08-22 13:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default\AppData\Roaming\Titanium
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Titanium
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2013-08-20 20:59 - 2013-08-20 21:01 - 128594696 _____ C:\Users\Nomary\Downloads\hra0fpg4.exe
2013-08-20 16:57 - 2013-08-20 16:57 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-20 16:56 - 2013-08-20 16:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nomary\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-20 16:53 - 2013-08-26 12:12 - 00002596 _____ C:\Users\Nomary\Desktop\Rkill.txt
2013-08-20 16:53 - 2013-08-20 16:53 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Nomary\Desktop\rkill(1).exe
2013-08-20 08:52 - 2013-08-20 08:52 - 00007147 _____ C:\Users\Nomary\Desktop\hijackthis.log
2013-08-20 08:22 - 2013-08-20 08:39 - 00000000 ____D C:\Windows\erdnt
2013-08-19 09:31 - 2013-08-25 11:12 - 00000000 ____D C:\Windows\Minidump
2013-08-14 19:24 - 2013-07-24 21:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 19:24 - 2013-07-24 21:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 19:24 - 2013-07-24 21:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 19:24 - 2013-07-24 21:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 19:24 - 2013-07-24 21:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 19:24 - 2013-07-24 21:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-14 19:24 - 2013-07-24 21:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-14 19:24 - 2013-07-24 21:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 19:24 - 2013-07-24 21:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 19:24 - 2013-07-24 21:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 19:24 - 2013-07-24 21:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 19:24 - 2013-07-24 21:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-14 19:24 - 2013-07-24 21:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-14 19:24 - 2013-07-24 21:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 19:24 - 2013-07-24 21:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 19:24 - 2013-07-24 21:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 19:09 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 19:09 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 19:09 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 19:09 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 19:09 - 2013-07-08 23:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 19:09 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 19:09 - 2013-07-08 23:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 19:09 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 19:09 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 19:09 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 19:09 - 2013-07-06 00:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 19:09 - 2013-06-14 22:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-07 18:22 - 2013-08-07 18:22 - 00503412 _____ C:\Users\Nomary\Downloads\No Pass Zone (Phase 1).pptx
2013-08-07 12:42 - 2013-08-10 09:21 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-03 16:18 - 2013-08-14 19:24 - 00000000 ____D C:\Windows\system32\MRT
2013-08-03 11:32 - 2013-08-03 11:32 - 04429440 _____ (Piriform Ltd) C:\Users\Nomary\Downloads\ccsetup404.exe

==================== One Month Modified Files and Folders =======

2013-08-26 12:18 - 2013-08-26 12:18 - 01070979 _____ (Farbar) C:\Users\Nomary\Downloads\FRST.exe
2013-08-26 12:17 - 2013-08-26 12:16 - 00002291 _____ C:\Users\Nomary\Desktop\RKreport[0]_S_08262013_121656.txt
2013-08-26 12:17 - 2009-07-13 23:34 - 00025424 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-26 12:17 - 2009-07-13 23:34 - 00025424 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-26 12:14 - 2013-08-26 12:14 - 00002596 _____ C:\Users\Nomary\Desktop\Rkill 8-26.txt
2013-08-26 12:14 - 2013-08-26 12:00 - 00019845 _____ C:\Windows\WindowsUpdate.log
2013-08-26 12:12 - 2013-08-20 16:53 - 00002596 _____ C:\Users\Nomary\Desktop\Rkill.txt
2013-08-26 12:08 - 2013-08-26 11:57 - 00000112 _____ C:\Windows\setupact.log
2013-08-26 12:08 - 2012-03-26 20:11 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-26 12:08 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-26 12:06 - 2013-02-13 19:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-26 11:59 - 2012-03-26 20:11 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-26 11:57 - 2013-08-26 11:57 - 00000000 _____ C:\Windows\setuperr.log
2013-08-26 11:56 - 2013-08-26 11:56 - 00043104 _____ C:\Windows\PFRO.log
2013-08-26 07:28 - 2013-08-26 07:28 - 00068582 _____ C:\Users\Nomary\Downloads\OTL.Txt
2013-08-26 07:28 - 2013-08-26 07:28 - 00030962 _____ C:\Users\Nomary\Downloads\Extras.Txt
2013-08-25 21:45 - 2013-08-25 21:45 - 20597896 _____ (Microsoft Corporation) C:\Users\Nomary\Downloads\Windows-KB890830-V5.3.exe
2013-08-25 21:22 - 2013-08-25 21:20 - 128967616 _____ C:\Users\Nomary\Downloads\sbw269i1.exe
2013-08-25 16:59 - 2013-08-25 16:59 - 00006628 _____ C:\Users\Nomary\Desktop\hijackthis8-25-13.log
2013-08-25 16:47 - 2013-08-25 16:47 - 00001784 _____ C:\Users\Nomary\Desktop\RKreport[0]_D_08252013_164732.txt
2013-08-25 16:47 - 2013-08-23 07:29 - 00000000 ____D C:\Users\Nomary\Desktop\RK_Quarantine
2013-08-25 14:42 - 2013-08-25 14:42 - 00001740 _____ C:\Users\Nomary\Desktop\RKreport[0]_S_08252013_144259.txt
2013-08-25 14:32 - 2013-08-25 14:32 - 00000767 _____ C:\Users\Nomary\Desktop\JRT.txt
2013-08-25 14:26 - 2013-08-25 14:26 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 14:24 - 2013-08-25 14:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-08-25 14:24 - 2013-08-25 14:12 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-25 14:24 - 2012-09-02 17:38 - 00000000 ____D C:\Users\Nomary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2013-08-25 14:24 - 2012-09-02 17:38 - 00000000 ____D C:\Program Files\pia_manager
2013-08-25 14:12 - 2013-08-25 12:33 - 09167352 _____ (SurfRight B.V.) C:\Users\Nomary\Downloads\HitmanPro.exe
2013-08-25 14:08 - 2013-08-25 14:08 - 00021075 _____ C:\Users\Nomary\Downloads\Addition.txt
2013-08-25 14:07 - 2013-08-25 14:07 - 00000000 ____D C:\FRST
2013-08-25 13:29 - 2013-08-25 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-25 13:29 - 2013-08-25 12:36 - 00000000 ____D C:\Users\Nomary\Desktop\mbar
2013-08-25 12:36 - 2013-08-25 12:36 - 00377856 _____ C:\Users\Nomary\Downloads\59qiem6m.exe
2013-08-25 12:34 - 2013-08-25 12:34 - 01021434 _____ (Thisisu) C:\Users\Nomary\Downloads\JRT.exe
2013-08-25 12:34 - 2013-08-25 12:34 - 00923136 _____ C:\Users\Nomary\Downloads\RogueKiller(1).exe
2013-08-25 12:33 - 2013-08-25 12:33 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Nomary\Downloads\mbar-1.07.0.1005.exe
2013-08-25 12:09 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2013-08-25 11:54 - 2013-08-25 10:22 - 00002810 _____ C:\Users\Nomary\Desktop\unhide.txt
2013-08-25 11:12 - 2013-08-19 09:31 - 00000000 ____D C:\Windows\Minidump
2013-08-25 11:06 - 2013-08-25 11:05 - 00000000 ____D C:\AdwCleaner
2013-08-25 10:45 - 2013-08-25 10:45 - 00003280 ____N C:\bootsqm.dat
2013-08-25 10:44 - 2013-08-25 10:44 - 00000000 ____D C:\found.000
2013-08-25 10:21 - 2013-08-25 10:21 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Nomary\Downloads\unhide.exe
2013-08-25 10:20 - 2013-08-25 10:20 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Nomary\Downloads\tdsskiller(2).exe
2013-08-25 10:18 - 2013-08-25 10:17 - 00994642 _____ C:\Users\Nomary\Downloads\AdwCleaner.exe
2013-08-25 09:57 - 2013-08-25 09:57 - 02347384 _____ (ESET) C:\Users\Nomary\Downloads\esetsmartinstaller_enu(1).exe
2013-08-23 18:33 - 2010-11-10 22:14 - 00000000 ____D C:\Users\Nomary\AppData\Local\Apps\2.0
2013-08-23 09:12 - 2013-08-23 07:07 - 04745728 _____ (AVAST Software) C:\Users\Nomary\Downloads\aswMBR.exe
2013-08-23 07:50 - 2013-08-23 07:50 - 02347384 _____ (ESET) C:\Users\Nomary\Downloads\esetsmartinstaller_enu.exe
2013-08-23 07:50 - 2013-08-23 07:50 - 00000000 ____D C:\Program Files\ESET
2013-08-23 07:49 - 2013-08-23 07:49 - 00001588 _____ C:\Users\Nomary\Desktop\RKreport[0]_D_08232013_074944.txt
2013-08-23 07:48 - 2013-08-23 07:48 - 00001551 _____ C:\Users\Nomary\Desktop\RKreport[0]_S_08232013_074831.txt
2013-08-23 07:11 - 2013-08-23 07:11 - 00602112 _____ (OldTimer Tools) C:\Users\Nomary\Downloads\OTL(1).exe
2013-08-23 07:10 - 2013-08-23 07:09 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Nomary\Downloads\tdsskiller(1).exe
2013-08-23 07:02 - 2012-06-09 11:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-22 13:36 - 2013-08-22 13:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-21 17:47 - 2012-09-03 04:55 - 00029522 _____ C:\Users\Nomary\.pia_manager_crash.log
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default\AppData\Roaming\Titanium
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Titanium
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2013-08-20 21:53 - 2009-07-13 23:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-20 21:01 - 2013-08-20 20:59 - 128594696 _____ C:\Users\Nomary\Downloads\hra0fpg4.exe
2013-08-20 20:06 - 2012-12-21 13:09 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-20 20:06 - 2011-06-15 19:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 16:57 - 2013-08-20 16:57 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-20 16:57 - 2010-02-27 13:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-20 16:56 - 2013-08-20 16:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nomary\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-20 16:53 - 2013-08-20 16:53 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Nomary\Desktop\rkill(1).exe
2013-08-20 16:28 - 2009-07-13 23:33 - 00429448 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-20 08:52 - 2013-08-20 08:52 - 00007147 _____ C:\Users\Nomary\Desktop\hijackthis.log
2013-08-20 08:47 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-08-20 08:47 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Default
2013-08-20 08:39 - 2013-08-20 08:22 - 00000000 ____D C:\Windows\erdnt
2013-08-15 09:24 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-14 20:53 - 2011-06-23 10:18 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-14 20:06 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-08-14 19:24 - 2013-08-03 16:18 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 19:12 - 2010-01-15 15:37 - 00744902 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-10 09:21 - 2013-08-07 12:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-07 18:22 - 2013-08-07 18:22 - 00503412 _____ C:\Users\Nomary\Downloads\No Pass Zone (Phase 1).pptx
2013-08-05 16:00 - 2010-01-15 21:47 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-03 20:07 - 2012-08-31 19:19 - 00000000 ____D C:\Users\Nomary\Documents\Capstone
2013-08-03 20:07 - 2011-09-03 08:40 - 00000000 ____D C:\PERRLA
2013-08-03 20:04 - 2012-07-02 18:20 - 00000000 ____D C:\Users\Nomary\Documents\Evidence Based Practice
2013-08-03 20:04 - 2011-12-28 20:43 - 00000000 ____D C:\Users\Nomary\Documents\Transitions in nursing course
2013-08-03 20:03 - 2012-04-22 19:20 - 00000000 ____D C:\Users\Nomary\Documents\Collaborative nursing
2013-08-03 16:17 - 2011-09-03 11:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-03 16:17 - 2009-07-13 21:04 - 00000499 _____ C:\Windows\win.ini
2013-08-03 11:34 - 2013-04-26 14:49 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-03 11:34 - 2010-01-16 12:38 - 00000000 ____D C:\Program Files\CCleaner
2013-08-03 11:32 - 2013-08-03 11:32 - 04429440 _____ (Piriform Ltd) C:\Users\Nomary\Downloads\ccsetup404.exe

Files to move or delete:
====================
C:\Users\Nomary\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Nomary\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 16:46

==================== End Of Log ============================
  • 0

#7
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi, I think you misunderstood me. I need to look at the original logs to see what was removed. I don't really see anything in you logs now. Could you please post the following logs:


C:\Users\Nomary\Desktop\RKreport[0]_D_08252013_164732.txt
C:\Users\Nomary\Desktop\RKreport[0]_D_08232013_074944.txt
C:\Users\Nomary\Downloads\Extras.Txt
C:\Users\Nomary\Downloads\Addition.txt
aswMBR log
TDSSKiller log (located in C:\)

Also, do you know about these downloads? (Are they randomly named anti-malware tools?)

C:\Users\Nomary\Downloads\59qiem6m.exe
C:\Users\Nomary\Downloads\sbw269i1.exe
C:\Users\Nomary\Downloads\hra0fpg4.exe

Also, could you describe what happens when you try to update Avira?
  • 0

#8
Blain1

Blain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
My mistake, Avira does update now since I ran everything

I tired to get all the files you wanted, there was no tdss files in C so i created one, sorry for any duplication

The other files you referenced are Freedrweb files



RogueKiller V8.6.6 [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User : Nomary [Admin rights]
Mode : Remove -- Date : 08/25/2013 16:47:32
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc000035f] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250827AS ATA Device +++++
--- User ---
[MBR] d265edae687e4da24a71bd08eb91d569
[BSP] d5459d2273c328b8cd941e90548b6c39 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12288 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25167872 | Size: 113092 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 256780288 | Size: 109465 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 480964608 | Size: 3628 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08252013_164732.txt >>
RKreport[0]_D_08232013_074944.txt;RKreport[0]_S_08232013_074831.txt;RKreport[0]_S_08252013_144259.txt


RogueKiller V8.6.6 [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User : Nomary [Admin rights]
Mode : Remove -- Date : 08/23/2013 07:49:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc000035f] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


RogueKiller V8.6.6 [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Safe mode with network support
User : Nomary [Admin rights]
Mode : Remove -- Date : 08/23/2013 07:49:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0xc000035f] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250827AS ATA Device +++++
--- User ---
[MBR] d265edae687e4da24a71bd08eb91d569
[BSP] d5459d2273c328b8cd941e90548b6c39 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12288 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25167872 | Size: 113092 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 256780288 | Size: 109465 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 480964608 | Size: 3628 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08232013_074944.txt >>
RKreport[0]_S_08232013_074831.txt



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250827AS ATA Device +++++
--- User ---
[MBR] d265edae687e4da24a71bd08eb91d569
[BSP] d5459d2273c328b8cd941e90548b6c39 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12288 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25167872 | Size: 113092 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 256780288 | Size: 109465 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 480964608 | Size: 3628 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08232013_074944.txt >>
RKreport[0]_S_08232013_074831.txt



OTL Extras logfile created on: 8/26/2013 7:26:59 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Nomary\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 64.79% Memory free
5.50 Gb Paging File | 4.72 Gb Available in Paging File | 85.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.44 Gb Total Space | 2.40 Gb Free Space | 2.17% Space Free | Partition Type: NTFS
Drive D: | 106.90 Gb Total Space | 17.65 Gb Free Space | 16.51% Space Free | Partition Type: NTFS

Computer Name: NOMARY-PC | User Name: Nomary | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Nomary\AppData\Local\Temp\RarSFX0\SwiApiMux.exe" = C:\Users\Nomary\AppData\Local\Temp\RarSFX0\SwiApiMux.exe:*:Enabled:SwiApiMux


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DCF3CFB-0FB6-01DF-AA2B-3DBC40A5839F}" = Catalyst Control Center Graphics Full Existing
"{10035C61-374F-4E19-3DE6-FFAD64F20152}" = CCC Help Portuguese
"{1107B37C-A748-A839-7B95-C22668E84446}" = CCC Help Chinese Standard
"{125F9665-0BC8-48E6-8AFC-72844BB5F892}" = PERRLA
"{172BE173-7514-13D8-26A0-21BE6D02849A}" = CCC Help Finnish
"{1BB4C660-E5E0-8C76-52CA-861A3F1C122C}" = CCC Help Dutch
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA94A28-5D32-CDC3-4FC7-F8AB6842AB55}" = CCC Help Japanese
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java™ 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 20
"{26E5F8B6-CB96-D266-6631-C2E998138A48}" = CCC Help Thai
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C997A7A-B527-6250-B6FE-696E72290CCF}" = CCC Help German
"{2D3858B1-226A-420D-9C9D-B51864E85429}" = Nuvoton CIR Device Driver
"{3143EA78-CF29-631E-DD1D-E567A0939D73}" = Catalyst Control Center Graphics Light
"{36A98148-A6B5-EBA5-6353-9833C7F5C06E}" = Catalyst Control Center Graphics Full New
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DBA8005-4659-C0C2-32FC-CCAEBA155AC6}" = CCC Help Russian
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{453DC0A2-6F09-FCEC-57A0-2B3540B363B4}" = CCC Help Korean
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{46E6CCE4-99DA-F751-555A-A83D08727108}" = CCC Help Polish
"{48FD7162-300B-FBD6-BBF1-E787DCA61C02}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF9E60E-0C91-4E25-A264-6E47EB1CC25C}" = Secure Download Manager
"{5239B19E-21EE-327A-7F8A-47ABC68BA306}" = CCC Help English
"{6560081A-2245-41B9-CF3C-7EA6C9BEAE51}" = Catalyst Control Center Localization All
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C810E30-FC8A-7059-5752-8800FCA6203C}" = CCC Help Chinese Traditional
"{6E699A98-4FDF-AC94-8F2B-8ECCAC09794A}" = ccc-utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{753D852A-D86D-42C9-9978-40AE66FB8985}" = Driver Installer
"{75EF9F92-76D4-F910-6A98-AE8F2EBF99BB}" = ccc-core-static
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BC46298-4325-EDF3-D3EA-C39390B315AF}" = CCC Help Turkish
"{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}" = Private Internet Access Support Files
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B999A44-8314-493B-877E-A1DA5B54D9B8}" = Catalyst Control Center - Branding
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB39BF09-4A6D-4D5A-C18C-5FA93ACA7AEF}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)
"{B2717DE0-E633-F8A5-727A-30EE10F85932}" = CCC Help Norwegian
"{B68D9CA9-23EF-D5C9-035F-61B5B2DE228B}" = Catalyst Control Center Core Implementation
"{C0AF9DFE-8B2A-4AC4-22B8-F0EF518C8443}" = CCC Help Greek
"{C12F5BC8-AA4A-6046-2C5C-5822317733CD}" = CCC Help French
"{C6A037B6-C14B-D618-01F2-75F7C6DFF69E}" = CCC Help Danish
"{C7C7ABDD-3787-A13B-1F47-27CA9C39DB96}" = CCC Help Spanish
"{C9FD8F40-C7BB-A23E-4C87-57485D7501EF}" = CCC Help Czech
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DB44C345-3CD6-0076-D710-47936E6B4BA6}" = CCC Help Hungarian
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2DFCB25-A7CE-AEF9-99C2-2421F076C840}" = CCC Help Italian
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EFBB78E7-56FF-9793-E36D-E2F4FEEFB6C7}" = ATI Catalyst Install Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.3
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0.8 (x86 en-US)" = Mozilla Thunderbird 17.0.8 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyITLab ActiveX Installer_is1" = MyITLab ActiveX Installer 2, 9, 8, 65535
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office8.0" = Microsoft Office 97, Standard Edition
"RealPlayer 12.0" = RealPlayer
"sp6" = Logitech SetPoint 6.20
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 8/26/2013 5:31:36 AM | Computer Name = Nomary-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/26/2013 5:31:38 AM | Computer Name = Nomary-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/26/2013 5:31:38 AM | Computer Name = Nomary-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/26/2013 5:31:38 AM | Computer Name = Nomary-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/26/2013 8:24:33 AM | Computer Name = Nomary-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/26/2013 8:24:33 AM | Computer Name = Nomary-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/26/2013 8:24:33 AM | Computer Name = Nomary-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/26/2013 8:24:33 AM | Computer Name = Nomary-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/26/2013 8:24:33 AM | Computer Name = Nomary-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/26/2013 8:24:33 AM | Computer Name = Nomary-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-08-2013 02
Ran by Nomary at 2013-08-25 14:08:33
Running from C:\Users\Nomary\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader X (10.1.7) (Version: 10.1.7)
AMD USB Filter Driver (Version: 1.0.11.86)
Apple Application Support (Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Avira Free Antivirus (Version: 13.0.0.3885)
Belarc Advisor 8.3 (Version: 8.3.0.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0729.2227.38498)
Catalyst Control Center Graphics Full Existing (Version: 2009.0729.2227.38498)
Catalyst Control Center Graphics Full New (Version: 2009.0729.2227.38498)
Catalyst Control Center Graphics Light (Version: 2009.0729.2227.38498)
Catalyst Control Center InstallProxy (Version: 2009.0729.2227.38498)
Catalyst Control Center Localization All (Version: 2009.0729.2227.38498)
CCC Help Chinese Standard (Version: 2009.0729.2226.38498)
CCC Help Chinese Traditional (Version: 2009.0729.2226.38498)
CCC Help Czech (Version: 2009.0729.2226.38498)
CCC Help Danish (Version: 2009.0729.2226.38498)
CCC Help Dutch (Version: 2009.0729.2226.38498)
CCC Help English (Version: 2009.0729.2226.38498)
CCC Help Finnish (Version: 2009.0729.2226.38498)
CCC Help French (Version: 2009.0729.2226.38498)
CCC Help German (Version: 2009.0729.2226.38498)
CCC Help Greek (Version: 2009.0729.2226.38498)
CCC Help Hungarian (Version: 2009.0729.2226.38498)
CCC Help Italian (Version: 2009.0729.2226.38498)
CCC Help Japanese (Version: 2009.0729.2226.38498)
CCC Help Korean (Version: 2009.0729.2226.38498)
CCC Help Norwegian (Version: 2009.0729.2226.38498)
CCC Help Polish (Version: 2009.0729.2226.38498)
CCC Help Portuguese (Version: 2009.0729.2226.38498)
CCC Help Russian (Version: 2009.0729.2226.38498)
CCC Help Spanish (Version: 2009.0729.2226.38498)
CCC Help Swedish (Version: 2009.0729.2226.38498)
CCC Help Thai (Version: 2009.0729.2226.38498)
CCC Help Turkish (Version: 2009.0729.2226.38498)
ccc-core-static (Version: 2009.0729.2227.38498)
ccc-utility (Version: 2009.0729.2227.38498)
CCleaner (Version: 4.04)
Citrix online plug-in (Web) (Version: 12.0.3.6)
Curse Client (HKCU Version: 4.0.1.286)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DING! (Version: 1.05.005)
Driver Installer (Version: 2.2.0.536)
eReg (Version: 1.20.138.34)
ESET Online Scanner v3
Google Chrome (Version: 28.0.1500.95)
Google Update Helper (Version: 1.3.21.153)
HiJackThis (Version: 1.0.0)
iCloud (Version: 2.1.2.8)
iTunes (Version: 11.0.2.26)
Java Auto Updater (Version: 2.0.2.1)
Java™ 6 Update 16 (Version: 6.0.160)
Java™ 6 Update 20 (Version: 6.0.200)
Logitech SetPoint 6.20 (Version: 6.20.64)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 97, Standard Edition
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
Mozilla Thunderbird 17.0.8 (x86 en-US) (Version: 17.0.8)
MyITLab ActiveX Installer 2, 9, 8, 65535
Nokia Connectivity Adapter Cable DKU-5
Nuvoton CIR Device Driver (Version: 8.60.1000)
OpenOffice.org 3.1 (Version: 3.1.9420)
PERRLA (Version: 7.2.11)
Private Internet Access Support Files (Version: 1.0.0.0)
QuickTime (Version: 7.73.80.64)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5888)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30102)
RealUpgrade 1.1 (Version: 1.1.0)
Secure Download Manager (Version: 3.0.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SUPERAntiSpyware (Version: 4.54.1000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Upgrade Kit (Version: 1.00.3002)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
World of Warcraft (Version: 4.2.2.14545)


==================== Restore Points =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {07B2B296-75E4-4E24-A3CA-5AE0C9644D36} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1794924910-2322437000-40203241-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {2725B279-F0DB-4C30-864C-ECCD8C418A1E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1794924910-2322437000-40203241-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2010-11-05] (RealNetworks, Inc.)
Task: {3493558E-D3C1-4CD2-82CF-497C5FBA8887} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {43A64790-E280-4927-B3B6-29006ACAE548} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2012-09-02] ()
Task: {6E222EC5-3910-45AD-BCF7-67DD72F9358A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {8FD7C035-2D3A-4166-BCA6-4AC7175557F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {A8781C32-C953-400E-83DA-7EC56438562F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-26] (Google Inc.)
Task: {C2984B60-B662-498C-ACC8-D5FA9CB19F1D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-26] (Google Inc.)
Task: {E97B50FB-7D17-4505-A6E7-424D3AB7B4B1} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {E9A11C8F-AA4A-4FDC-8A71-14A1374FD8EB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {F0C9549D-AFF3-4D65-B6BB-D5F57B5FDDFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (08/25/2013 02:08:34 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (08/25/2013 02:08:34 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (08/25/2013 00:02:24 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c).

Error: (08/25/2013 00:02:24 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode
.


Operation:
Instantiating VSS server

Error: (08/25/2013 00:02:24 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]


Operation:
Instantiating VSS server

Error: (08/25/2013 11:03:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 23.0.1.4974, time stamp: 0x520bc252
Faulting module name: xul.dll, version: 23.0.1.4974, time stamp: 0x520bc166
Exception code: 0xc0000005
Fault offset: 0x0017af08
Faulting process id: 0x4d8
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (08/25/2013 09:59:56 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Windows Logon Application because of this error.

Program: Windows Logon Application
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 0

Error: (08/25/2013 09:59:56 AM) (Source: Application Error) (User: )
Description: Faulting application name: winlogon.exe, version: 6.1.7601.17514, time stamp: 0x4ce79517
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db96c5
Exception code: 0xc0000006
Fault offset: 0x00031ae4
Faulting process id: 0x2dc
Faulting application start time: 0xwinlogon.exe0
Faulting application path: winlogon.exe1
Faulting module path: winlogon.exe2
Report Id: winlogon.exe3

Error: (08/25/2013 09:48:07 AM) (Source: Software Protection Platform Service) (User: )
Description: The Software Protection service failed to start. 0xD0000185
6.1.7601.17514

Error: (08/25/2013 09:44:47 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\MFC71.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Ding.exe because of this error.

Program: Ding.exe
File: C:\Windows\System32\MFC71.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3


System errors:
=============
Error: (08/25/2013 01:18:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/25/2013 01:18:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/25/2013 01:18:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/25/2013 01:18:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/25/2013 01:18:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/25/2013 01:18:05 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/25/2013 01:15:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/25/2013 01:15:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/25/2013 01:15:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (08/25/2013 01:15:42 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (08/25/2013 02:08:34 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (08/25/2013 02:08:34 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (08/25/2013 00:02:24 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x8007043c

Error: (08/25/2013 00:02:24 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (08/25/2013 00:02:24 PM) (Source: VSS)(User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode


Operation:
Instantiating VSS server

Error: (08/25/2013 11:03:49 AM) (Source: Application Error)(User: )
Description: firefox.exe23.0.1.4974520bc252xul.dll23.0.1.4974520bc166c00000050017af084d801cea1ac378cf1e9C:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\xul.dlled1ded28-0d9f-11e3-afce-00238be2dc9d

Error: (08/25/2013 09:59:56 AM) (Source: Application Error)(User: )
Description: Windows Logon ApplicationC00001850

Error: (08/25/2013 09:59:56 AM) (Source: Application Error)(User: )
Description: winlogon.exe6.1.7601.175144ce79517ntdll.dll6.1.7601.1820551db96c5c000000600031ae42dc01cea1a088fec778C:\Windows\system32\winlogon.exeC:\Windows\SYSTEM32\ntdll.dll00e2aa99-0d97-11e3-a048-00238be2dc9d

Error: (08/25/2013 09:48:07 AM) (Source: Software Protection Platform Service)(User: )
Description: 0xD00001856.1.7601.17514

Error: (08/25/2013 09:44:47 AM) (Source: Application Error)(User: )
Description: C:\Windows\System32\MFC71.dllDing.exeC00001853


==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 2814.36 MB
Available physical RAM: 2117.79 MB
Total Pagefile: 5627.01 MB
Available Pagefile: 5105.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.44 GB) (Free:2.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:106.9 GB) (Free:17.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 45942191)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=110 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=12)

==================== End Of Log ============================



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-08-2013
Ran by Nomary (administrator) on 26-08-2013 12:19:06
Running from C:\Users\Nomary\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Software 2000 Limited) C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Southwest Airlines) C:\Program Files\Southwest Airlines\Ding\Ding.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
() C:\Users\Nomary\Downloads\RogueKiller(1).exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files\Apple Software Update\SoftwareUpdate.exe
(Macrovision Corporation) C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7600672 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1352272 2010-10-28] (Logitech, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]
HKCU\...\Run: [ISUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5703920 2013-08-14] (SUPERAntiSpyware)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
Startup: C:\Users\Nomary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk
ShortcutTarget: DING!.lnk -> C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-15] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Nomary\AppData\Roaming\Mozilla\Firefox\Profiles\ifawttcs.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.609 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.609 - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.609 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.609 - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @e-academy.com/Host SDM Plugin; version=1.0.0.0 - C:\Users\Nomary\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()
FF Extension: No Name - C:\Users\Nomary\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Виявлення пристроїв Logitech - C:\Users\Nomary\AppData\Roaming\Mozilla\Firefox\Profiles\ifawttcs.default\Extensions\[email protected]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (NPAPI plugin to host SDM ActiveX) - C:\Users\Nomary\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Nomary\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-08] (SUPERAntiSpyware.com)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
S3 ATTRcAppSvc; "C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe" /n "ATTRcAppSvc" [x]
S3 CAATT; "C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe" /n "CAATT" [x]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-02] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-02] (Avira Operations GmbH & Co. KG)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
R3 nuvotoncir; C:\Windows\System32\DRIVERS\nuvotoncir.sys [44544 2009-06-24] (Nuvoton Technology Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [159776 2009-06-24] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-08-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-01-30] (Avira GmbH)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [25736 2011-06-05] ()
S3 SWNC8U56; C:\Windows\System32\DRIVERS\swnc8u56.sys [101248 2007-06-27] (Sierra Wireless Inc.)
S3 SWUMX56; C:\Windows\System32\DRIVERS\swumx56.sys [73856 2007-06-27] (Sierra Wireless Inc.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2012-09-02] (The OpenVPN Project)
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-26 12:16 - 2013-08-26 12:17 - 00002291 _____ C:\Users\Nomary\Desktop\RKreport[0]_S_08262013_121656.txt
2013-08-26 12:14 - 2013-08-26 12:14 - 00002596 _____ C:\Users\Nomary\Desktop\Rkill 8-26.txt
2013-08-26 12:00 - 2013-08-26 12:06 - 00019845 _____ C:\Windows\WindowsUpdate.log
2013-08-26 11:57 - 2013-08-26 12:08 - 00000112 _____ C:\Windows\setupact.log
2013-08-26 11:57 - 2013-08-26 11:57 - 00000000 _____ C:\Windows\setuperr.log
2013-08-26 11:56 - 2013-08-26 11:56 - 00043104 _____ C:\Windows\PFRO.log
2013-08-26 07:28 - 2013-08-26 07:28 - 00068582 _____ C:\Users\Nomary\Downloads\OTL.Txt
2013-08-26 07:28 - 2013-08-26 07:28 - 00030962 _____ C:\Users\Nomary\Downloads\Extras.Txt
2013-08-25 21:45 - 2013-08-25 21:45 - 20597896 _____ (Microsoft Corporation) C:\Users\Nomary\Downloads\Windows-KB890830-V5.3.exe
2013-08-25 21:20 - 2013-08-25 21:22 - 128967616 _____ C:\Users\Nomary\Downloads\sbw269i1.exe
2013-08-25 16:59 - 2013-08-25 16:59 - 00006628 _____ C:\Users\Nomary\Desktop\hijackthis8-25-13.log
2013-08-25 16:47 - 2013-08-25 16:47 - 00001784 _____ C:\Users\Nomary\Desktop\RKreport[0]_D_08252013_164732.txt
2013-08-25 14:42 - 2013-08-25 14:42 - 00001740 _____ C:\Users\Nomary\Desktop\RKreport[0]_S_08252013_144259.txt
2013-08-25 14:32 - 2013-08-25 14:32 - 00000767 _____ C:\Users\Nomary\Desktop\JRT.txt
2013-08-25 14:26 - 2013-08-25 14:26 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 14:24 - 2013-08-25 14:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-08-25 14:12 - 2013-08-25 14:24 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-25 14:08 - 2013-08-25 14:08 - 00021075 _____ C:\Users\Nomary\Downloads\Addition.txt
2013-08-25 14:07 - 2013-08-25 14:07 - 00000000 ____D C:\FRST
2013-08-25 12:37 - 2013-08-25 13:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-25 12:36 - 2013-08-25 13:29 - 00000000 ____D C:\Users\Nomary\Desktop\mbar
2013-08-25 12:36 - 2013-08-25 12:36 - 00377856 _____ C:\Users\Nomary\Downloads\59qiem6m.exe
2013-08-25 12:34 - 2013-08-25 12:34 - 01021434 _____ (Thisisu) C:\Users\Nomary\Downloads\JRT.exe
2013-08-25 12:34 - 2013-08-25 12:34 - 00923136 _____ C:\Users\Nomary\Downloads\RogueKiller(1).exe
2013-08-25 12:33 - 2013-08-25 14:12 - 09167352 _____ (SurfRight B.V.) C:\Users\Nomary\Downloads\HitmanPro.exe
2013-08-25 12:33 - 2013-08-25 12:33 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Nomary\Downloads\mbar-1.07.0.1005.exe
2013-08-25 11:05 - 2013-08-25 11:06 - 00000000 ____D C:\AdwCleaner
2013-08-25 10:45 - 2013-08-25 10:45 - 00003280 ____N C:\bootsqm.dat
2013-08-25 10:44 - 2013-08-25 10:44 - 00000000 ____D C:\found.000
2013-08-25 10:22 - 2013-08-25 11:54 - 00002810 _____ C:\Users\Nomary\Desktop\unhide.txt
2013-08-25 10:21 - 2013-08-25 10:21 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Nomary\Downloads\unhide.exe
2013-08-25 10:20 - 2013-08-25 10:20 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Nomary\Downloads\tdsskiller(2).exe
2013-08-25 10:17 - 2013-08-25 10:18 - 00994642 _____ C:\Users\Nomary\Downloads\AdwCleaner.exe
2013-08-25 09:57 - 2013-08-25 09:57 - 02347384 _____ (ESET) C:\Users\Nomary\Downloads\esetsmartinstaller_enu(1).exe
2013-08-23 07:50 - 2013-08-23 07:50 - 02347384 _____ (ESET) C:\Users\Nomary\Downloads\esetsmartinstaller_enu.exe
2013-08-23 07:50 - 2013-08-23 07:50 - 00000000 ____D C:\Program Files\ESET
2013-08-23 07:49 - 2013-08-23 07:49 - 00001588 _____ C:\Users\Nomary\Desktop\RKreport[0]_D_08232013_074944.txt
2013-08-23 07:48 - 2013-08-23 07:48 - 00001551 _____ C:\Users\Nomary\Desktop\RKreport[0]_S_08232013_074831.txt
2013-08-23 07:29 - 2013-08-25 16:47 - 00000000 ____D C:\Users\Nomary\Desktop\RK_Quarantine
2013-08-23 07:11 - 2013-08-23 07:11 - 00602112 _____ (OldTimer Tools) C:\Users\Nomary\Downloads\OTL(1).exe
2013-08-23 07:09 - 2013-08-23 07:10 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Nomary\Downloads\tdsskiller(1).exe
2013-08-23 07:07 - 2013-08-23 09:12 - 04745728 _____ (AVAST Software) C:\Users\Nomary\Downloads\aswMBR.exe
2013-08-22 13:36 - 2013-08-22 13:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default\AppData\Roaming\Titanium
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Titanium
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2013-08-20 20:59 - 2013-08-20 21:01 - 128594696 _____ C:\Users\Nomary\Downloads\hra0fpg4.exe
2013-08-20 16:57 - 2013-08-20 16:57 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-20 16:56 - 2013-08-20 16:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nomary\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-20 16:53 - 2013-08-26 12:12 - 00002596 _____ C:\Users\Nomary\Desktop\Rkill.txt
2013-08-20 16:53 - 2013-08-20 16:53 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Nomary\Desktop\rkill(1).exe
2013-08-20 08:52 - 2013-08-20 08:52 - 00007147 _____ C:\Users\Nomary\Desktop\hijackthis.log
2013-08-20 08:22 - 2013-08-20 08:39 - 00000000 ____D C:\Windows\erdnt
2013-08-19 09:31 - 2013-08-25 11:12 - 00000000 ____D C:\Windows\Minidump
2013-08-14 19:24 - 2013-07-24 21:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 19:24 - 2013-07-24 21:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 19:24 - 2013-07-24 21:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 19:24 - 2013-07-24 21:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 19:24 - 2013-07-24 21:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 19:24 - 2013-07-24 21:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-14 19:24 - 2013-07-24 21:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-14 19:24 - 2013-07-24 21:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 19:24 - 2013-07-24 21:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 19:24 - 2013-07-24 21:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 19:24 - 2013-07-24 21:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 19:24 - 2013-07-24 21:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-14 19:24 - 2013-07-24 21:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-14 19:24 - 2013-07-24 21:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 19:24 - 2013-07-24 21:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 19:24 - 2013-07-24 21:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-14 19:09 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 19:09 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 19:09 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 19:09 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 19:09 - 2013-07-08 23:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 19:09 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 19:09 - 2013-07-08 23:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 19:09 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 19:09 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 19:09 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 19:09 - 2013-07-06 00:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 19:09 - 2013-06-14 22:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-07 18:22 - 2013-08-07 18:22 - 00503412 _____ C:\Users\Nomary\Downloads\No Pass Zone (Phase 1).pptx
2013-08-07 12:42 - 2013-08-10 09:21 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-03 16:18 - 2013-08-14 19:24 - 00000000 ____D C:\Windows\system32\MRT
2013-08-03 11:32 - 2013-08-03 11:32 - 04429440 _____ (Piriform Ltd) C:\Users\Nomary\Downloads\ccsetup404.exe

==================== One Month Modified Files and Folders =======

2013-08-26 12:18 - 2013-08-26 12:18 - 01070979 _____ (Farbar) C:\Users\Nomary\Downloads\FRST.exe
2013-08-26 12:17 - 2013-08-26 12:16 - 00002291 _____ C:\Users\Nomary\Desktop\RKreport[0]_S_08262013_121656.txt
2013-08-26 12:17 - 2009-07-13 23:34 - 00025424 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-26 12:17 - 2009-07-13 23:34 - 00025424 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-26 12:14 - 2013-08-26 12:14 - 00002596 _____ C:\Users\Nomary\Desktop\Rkill 8-26.txt
2013-08-26 12:14 - 2013-08-26 12:00 - 00019845 _____ C:\Windows\WindowsUpdate.log
2013-08-26 12:12 - 2013-08-20 16:53 - 00002596 _____ C:\Users\Nomary\Desktop\Rkill.txt
2013-08-26 12:08 - 2013-08-26 11:57 - 00000112 _____ C:\Windows\setupact.log
2013-08-26 12:08 - 2012-03-26 20:11 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-26 12:08 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-26 12:06 - 2013-02-13 19:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-26 11:59 - 2012-03-26 20:11 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-26 11:57 - 2013-08-26 11:57 - 00000000 _____ C:\Windows\setuperr.log
2013-08-26 11:56 - 2013-08-26 11:56 - 00043104 _____ C:\Windows\PFRO.log
2013-08-26 07:28 - 2013-08-26 07:28 - 00068582 _____ C:\Users\Nomary\Downloads\OTL.Txt
2013-08-26 07:28 - 2013-08-26 07:28 - 00030962 _____ C:\Users\Nomary\Downloads\Extras.Txt
2013-08-25 21:45 - 2013-08-25 21:45 - 20597896 _____ (Microsoft Corporation) C:\Users\Nomary\Downloads\Windows-KB890830-V5.3.exe
2013-08-25 21:22 - 2013-08-25 21:20 - 128967616 _____ C:\Users\Nomary\Downloads\sbw269i1.exe
2013-08-25 16:59 - 2013-08-25 16:59 - 00006628 _____ C:\Users\Nomary\Desktop\hijackthis8-25-13.log
2013-08-25 16:47 - 2013-08-25 16:47 - 00001784 _____ C:\Users\Nomary\Desktop\RKreport[0]_D_08252013_164732.txt
2013-08-25 16:47 - 2013-08-23 07:29 - 00000000 ____D C:\Users\Nomary\Desktop\RK_Quarantine
2013-08-25 14:42 - 2013-08-25 14:42 - 00001740 _____ C:\Users\Nomary\Desktop\RKreport[0]_S_08252013_144259.txt
2013-08-25 14:32 - 2013-08-25 14:32 - 00000767 _____ C:\Users\Nomary\Desktop\JRT.txt
2013-08-25 14:26 - 2013-08-25 14:26 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 14:24 - 2013-08-25 14:24 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2013-08-25 14:24 - 2013-08-25 14:12 - 00000000 ____D C:\ProgramData\HitmanPro
2013-08-25 14:24 - 2012-09-02 17:38 - 00000000 ____D C:\Users\Nomary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2013-08-25 14:24 - 2012-09-02 17:38 - 00000000 ____D C:\Program Files\pia_manager
2013-08-25 14:12 - 2013-08-25 12:33 - 09167352 _____ (SurfRight B.V.) C:\Users\Nomary\Downloads\HitmanPro.exe
2013-08-25 14:08 - 2013-08-25 14:08 - 00021075 _____ C:\Users\Nomary\Downloads\Addition.txt
2013-08-25 14:07 - 2013-08-25 14:07 - 00000000 ____D C:\FRST
2013-08-25 13:29 - 2013-08-25 12:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-25 13:29 - 2013-08-25 12:36 - 00000000 ____D C:\Users\Nomary\Desktop\mbar
2013-08-25 12:36 - 2013-08-25 12:36 - 00377856 _____ C:\Users\Nomary\Downloads\59qiem6m.exe
2013-08-25 12:34 - 2013-08-25 12:34 - 01021434 _____ (Thisisu) C:\Users\Nomary\Downloads\JRT.exe
2013-08-25 12:34 - 2013-08-25 12:34 - 00923136 _____ C:\Users\Nomary\Downloads\RogueKiller(1).exe
2013-08-25 12:33 - 2013-08-25 12:33 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Nomary\Downloads\mbar-1.07.0.1005.exe
2013-08-25 12:09 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2013-08-25 11:54 - 2013-08-25 10:22 - 00002810 _____ C:\Users\Nomary\Desktop\unhide.txt
2013-08-25 11:12 - 2013-08-19 09:31 - 00000000 ____D C:\Windows\Minidump
2013-08-25 11:06 - 2013-08-25 11:05 - 00000000 ____D C:\AdwCleaner
2013-08-25 10:45 - 2013-08-25 10:45 - 00003280 ____N C:\bootsqm.dat
2013-08-25 10:44 - 2013-08-25 10:44 - 00000000 ____D C:\found.000
2013-08-25 10:21 - 2013-08-25 10:21 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Nomary\Downloads\unhide.exe
2013-08-25 10:20 - 2013-08-25 10:20 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Nomary\Downloads\tdsskiller(2).exe
2013-08-25 10:18 - 2013-08-25 10:17 - 00994642 _____ C:\Users\Nomary\Downloads\AdwCleaner.exe
2013-08-25 09:57 - 2013-08-25 09:57 - 02347384 _____ (ESET) C:\Users\Nomary\Downloads\esetsmartinstaller_enu(1).exe
2013-08-23 18:33 - 2010-11-10 22:14 - 00000000 ____D C:\Users\Nomary\AppData\Local\Apps\2.0
2013-08-23 09:12 - 2013-08-23 07:07 - 04745728 _____ (AVAST Software) C:\Users\Nomary\Downloads\aswMBR.exe
2013-08-23 07:50 - 2013-08-23 07:50 - 02347384 _____ (ESET) C:\Users\Nomary\Downloads\esetsmartinstaller_enu.exe
2013-08-23 07:50 - 2013-08-23 07:50 - 00000000 ____D C:\Program Files\ESET
2013-08-23 07:49 - 2013-08-23 07:49 - 00001588 _____ C:\Users\Nomary\Desktop\RKreport[0]_D_08232013_074944.txt
2013-08-23 07:48 - 2013-08-23 07:48 - 00001551 _____ C:\Users\Nomary\Desktop\RKreport[0]_S_08232013_074831.txt
2013-08-23 07:11 - 2013-08-23 07:11 - 00602112 _____ (OldTimer Tools) C:\Users\Nomary\Downloads\OTL(1).exe
2013-08-23 07:10 - 2013-08-23 07:09 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Nomary\Downloads\tdsskiller(1).exe
2013-08-23 07:02 - 2012-06-09 11:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-22 13:36 - 2013-08-22 13:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-21 17:47 - 2012-09-03 04:55 - 00029522 _____ C:\Users\Nomary\.pia_manager_crash.log
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default\AppData\Roaming\Titanium
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Titanium
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2013-08-20 21:57 - 2013-08-20 21:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2013-08-20 21:53 - 2009-07-13 23:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-20 21:01 - 2013-08-20 20:59 - 128594696 _____ C:\Users\Nomary\Downloads\hra0fpg4.exe
2013-08-20 20:06 - 2012-12-21 13:09 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-20 20:06 - 2011-06-15 19:57 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 16:57 - 2013-08-20 16:57 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-20 16:57 - 2010-02-27 13:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-20 16:56 - 2013-08-20 16:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nomary\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-20 16:53 - 2013-08-20 16:53 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Nomary\Desktop\rkill(1).exe
2013-08-20 16:28 - 2009-07-13 23:33 - 00429448 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-20 08:52 - 2013-08-20 08:52 - 00007147 _____ C:\Users\Nomary\Desktop\hijackthis.log
2013-08-20 08:47 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-08-20 08:47 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Default
2013-08-20 08:39 - 2013-08-20 08:22 - 00000000 ____D C:\Windows\erdnt
2013-08-15 09:24 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-14 20:53 - 2011-06-23 10:18 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-08-14 20:06 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-08-14 19:24 - 2013-08-03 16:18 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 19:12 - 2010-01-15 15:37 - 00744902 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-10 09:21 - 2013-08-07 12:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-08-07 18:22 - 2013-08-07 18:22 - 00503412 _____ C:\Users\Nomary\Downloads\No Pass Zone (Phase 1).pptx
2013-08-05 16:00 - 2010-01-15 21:47 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-03 20:07 - 2012-08-31 19:19 - 00000000 ____D C:\Users\Nomary\Documents\Capstone
2013-08-03 20:07 - 2011-09-03 08:40 - 00000000 ____D C:\PERRLA
2013-08-03 20:04 - 2012-07-02 18:20 - 00000000 ____D C:\Users\Nomary\Documents\Evidence Based Practice
2013-08-03 20:04 - 2011-12-28 20:43 - 00000000 ____D C:\Users\Nomary\Documents\Transitions in nursing course
2013-08-03 20:03 - 2012-04-22 19:20 - 00000000 ____D C:\Users\Nomary\Documents\Collaborative nursing
2013-08-03 16:17 - 2011-09-03 11:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-03 16:17 - 2009-07-13 21:04 - 00000499 _____ C:\Windows\win.ini
2013-08-03 11:34 - 2013-04-26 14:49 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-08-03 11:34 - 2010-01-16 12:38 - 00000000 ____D C:\Program Files\CCleaner
2013-08-03 11:32 - 2013-08-03 11:32 - 04429440 _____ (Piriform Ltd) C:\Users\Nomary\Downloads\ccsetup404.exe

Files to move or delete:
====================
C:\Users\Nomary\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Nomary\AppData\Local\Temp\jrt\erunt\ERUNT.EXE

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 16:46

==================== End Of Log ============================

12:10:29.0030 0x0404 TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
12:10:29.0468 0x0404 ============================================================
12:10:29.0468 0x0404 Current date / time: 2013/08/27 12:10:29.0468
12:10:29.0468 0x0404 SystemInfo:
12:10:29.0468 0x0404
12:10:29.0468 0x0404 OS Version: 6.1.7601 ServicePack: 1.0
12:10:29.0468 0x0404 Product type: Workstation
12:10:29.0468 0x0404 ComputerName: NOMARY-PC
12:10:29.0468 0x0404 UserName: Nomary
12:10:29.0468 0x0404 Windows directory: C:\Windows
12:10:29.0468 0x0404 System windows directory: C:\Windows
12:10:29.0468 0x0404 Processor architecture: Intel x86
12:10:29.0468 0x0404 Number of processors: 2
12:10:29.0468 0x0404 Page size: 0x1000
12:10:29.0468 0x0404 Boot type: Normal boot
12:10:29.0468 0x0404 ============================================================
12:10:30.0904 0x0404 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:10:30.0904 0x0404 ============================================================
12:10:30.0904 0x0404 \Device\Harddisk0\DR0:
12:10:30.0904 0x0404 MBR partitions:
12:10:30.0904 0x0404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0xDCE2000
12:10:30.0904 0x0404 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF4E2800, BlocksNum 0xD5CC800
12:10:30.0904 0x0404 ============================================================
12:10:30.0951 0x0404 C: <-> \Device\Harddisk0\DR0\Partition1
12:10:30.0982 0x0404 D: <-> \Device\Harddisk0\DR0\Partition2
12:10:30.0982 0x0404 ============================================================
12:10:30.0982 0x0404 Initialize success
12:10:30.0982 0x0404 ============================================================
12:10:34.0797 0x15c4 ============================================================
12:10:34.0797 0x15c4 Scan started
12:10:34.0797 0x15c4 Mode: Manual;
12:10:34.0797 0x15c4 ============================================================
12:10:37.0342 0x15c4 ================ Scan system memory ========================
12:10:37.0342 0x15c4 System memory - ok
12:10:37.0342 0x15c4 ================ Scan services =============================
12:10:37.0467 0x15c4 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:10:37.0467 0x15c4 !SASCORE - ok
12:10:37.0640 0x15c4 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:10:37.0655 0x15c4 1394ohci - ok
12:10:37.0702 0x15c4 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:10:37.0718 0x15c4 ACPI - ok
12:10:37.0733 0x15c4 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:10:37.0749 0x15c4 AcpiPmi - ok
12:10:37.0874 0x15c4 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:10:37.0874 0x15c4 AdobeARMservice - ok
12:10:37.0967 0x15c4 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:10:37.0967 0x15c4 AdobeFlashPlayerUpdateSvc - ok
12:10:38.0014 0x15c4 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:10:38.0045 0x15c4 adp94xx - ok
12:10:38.0077 0x15c4 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:10:38.0108 0x15c4 adpahci - ok
12:10:38.0139 0x15c4 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:10:38.0139 0x15c4 adpu320 - ok
12:10:38.0170 0x15c4 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:10:38.0170 0x15c4 AeLookupSvc - ok
12:10:38.0233 0x15c4 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
12:10:38.0248 0x15c4 AFD - ok
12:10:38.0279 0x15c4 [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
12:10:38.0279 0x15c4 AgereModemAudio - ok
12:10:38.0342 0x15c4 [ BCEB020D36634CADA07882E4C221E85E ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
12:10:38.0373 0x15c4 AgereSoftModem - ok
12:10:38.0420 0x15c4 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:10:38.0420 0x15c4 agp440 - ok
12:10:38.0467 0x15c4 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
12:10:38.0498 0x15c4 aic78xx - ok
12:10:38.0546 0x15c4 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:10:38.0546 0x15c4 ALG - ok
12:10:38.0592 0x15c4 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:10:38.0592 0x15c4 aliide - ok
12:10:38.0639 0x15c4 [ C43A69DF2B4BA2368376C1E2B631F2B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:10:38.0639 0x15c4 AMD External Events Utility - ok
12:10:38.0670 0x15c4 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:10:38.0686 0x15c4 amdagp - ok
12:10:38.0733 0x15c4 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:10:38.0733 0x15c4 amdide - ok
12:10:38.0764 0x15c4 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:10:38.0795 0x15c4 AmdK8 - ok
12:10:38.0842 0x15c4 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:10:38.0842 0x15c4 AmdPPM - ok
12:10:38.0889 0x15c4 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:10:38.0920 0x15c4 amdsata - ok
12:10:38.0967 0x15c4 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:10:38.0998 0x15c4 amdsbs - ok
12:10:39.0029 0x15c4 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:10:39.0029 0x15c4 amdxata - ok
12:10:39.0154 0x15c4 [ 2E2B1A491CB78C7D8C8A265C004B1F79 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:10:39.0154 0x15c4 AntiVirSchedulerService - ok
12:10:39.0232 0x15c4 [ AAE3238C2A0B2CF17851B3D06C8EA8C0 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:10:39.0232 0x15c4 AntiVirService - ok
12:10:39.0279 0x15c4 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
12:10:39.0279 0x15c4 AppID - ok
12:10:39.0294 0x15c4 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:10:39.0310 0x15c4 AppIDSvc - ok
12:10:39.0357 0x15c4 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
12:10:39.0357 0x15c4 Appinfo - ok
12:10:39.0466 0x15c4 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:10:39.0466 0x15c4 Apple Mobile Device - ok
12:10:39.0513 0x15c4 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
12:10:39.0513 0x15c4 AppMgmt - ok
12:10:39.0561 0x15c4 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
12:10:39.0561 0x15c4 arc - ok
12:10:39.0592 0x15c4 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:10:39.0592 0x15c4 arcsas - ok
12:10:39.0623 0x15c4 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:10:39.0623 0x15c4 AsyncMac - ok
12:10:39.0685 0x15c4 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:10:39.0685 0x15c4 atapi - ok
12:10:39.0748 0x15c4 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\Windows\system32\DRIVERS\athr.sys
12:10:39.0779 0x15c4 athr - ok
12:10:39.0826 0x15c4 [ E2398389648B5D44DC63CA43FDD5B3F8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
12:10:39.0857 0x15c4 AtiHdmiService - ok
12:10:39.0997 0x15c4 [ 6B70EB8E4AAF60598D61BCF8C41EACFB ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:10:40.0216 0x15c4 atikmdag - ok
12:10:40.0263 0x15c4 [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
12:10:40.0263 0x15c4 AtiPcie - ok
12:10:40.0263 0x15c4 ATTRcAppSvc - ok
12:10:40.0325 0x15c4 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:10:40.0341 0x15c4 AudioEndpointBuilder - ok
12:10:40.0356 0x15c4 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:10:40.0356 0x15c4 Audiosrv - ok
12:10:40.0450 0x15c4 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:10:40.0450 0x15c4 avgntflt - ok
12:10:40.0497 0x15c4 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:10:40.0528 0x15c4 avipbb - ok
12:10:40.0576 0x15c4 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:10:40.0607 0x15c4 avkmgr - ok
12:10:40.0669 0x15c4 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:10:40.0669 0x15c4 AxInstSV - ok
12:10:40.0716 0x15c4 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
12:10:40.0763 0x15c4 b06bdrv - ok
12:10:40.0810 0x15c4 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:10:40.0825 0x15c4 b57nd60x - ok
12:10:40.0872 0x15c4 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:10:40.0872 0x15c4 BDESVC - ok
12:10:40.0903 0x15c4 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:10:40.0903 0x15c4 Beep - ok
12:10:40.0966 0x15c4 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
12:10:40.0981 0x15c4 BFE - ok
12:10:41.0028 0x15c4 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
12:10:41.0028 0x15c4 BITS - ok
12:10:41.0059 0x15c4 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:10:41.0090 0x15c4 blbdrive - ok
12:10:41.0200 0x15c4 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:10:41.0215 0x15c4 Bonjour Service - ok
12:10:41.0262 0x15c4 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:10:41.0278 0x15c4 bowser - ok
12:10:41.0293 0x15c4 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:10:41.0309 0x15c4 BrFiltLo - ok
12:10:41.0324 0x15c4 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:10:41.0324 0x15c4 BrFiltUp - ok
12:10:41.0371 0x15c4 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:10:41.0371 0x15c4 BridgeMP - ok
12:10:41.0418 0x15c4 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
12:10:41.0434 0x15c4 Browser - ok
12:10:41.0465 0x15c4 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:10:41.0622 0x15c4 Brserid - ok
12:10:41.0637 0x15c4 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:10:41.0669 0x15c4 BrSerWdm - ok
12:10:41.0700 0x15c4 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:10:41.0700 0x15c4 BrUsbMdm - ok
12:10:41.0715 0x15c4 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:10:41.0731 0x15c4 BrUsbSer - ok
12:10:41.0747 0x15c4 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:10:41.0778 0x15c4 BTHMODEM - ok
12:10:41.0825 0x15c4 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:10:41.0825 0x15c4 bthserv - ok
12:10:41.0840 0x15c4 CAATT - ok
12:10:41.0871 0x15c4 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:10:41.0871 0x15c4 cdfs - ok
12:10:41.0934 0x15c4 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:10:41.0934 0x15c4 cdrom - ok
12:10:41.0981 0x15c4 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
12:10:41.0981 0x15c4 CertPropSvc - ok
12:10:42.0027 0x15c4 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:10:42.0043 0x15c4 circlass - ok
12:10:42.0074 0x15c4 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:10:42.0074 0x15c4 CLFS - ok
12:10:42.0137 0x15c4 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:10:42.0152 0x15c4 clr_optimization_v2.0.50727_32 - ok
12:10:42.0261 0x15c4 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:10:42.0261 0x15c4 clr_optimization_v4.0.30319_32 - ok
12:10:42.0277 0x15c4 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:10:42.0277 0x15c4 CmBatt - ok
12:10:42.0308 0x15c4 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:10:42.0308 0x15c4 cmdide - ok
12:10:42.0371 0x15c4 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
12:10:42.0371 0x15c4 CNG - ok
12:10:42.0433 0x15c4 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:10:42.0433 0x15c4 Compbatt - ok
12:10:42.0480 0x15c4 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:10:42.0480 0x15c4 CompositeBus - ok
12:10:42.0495 0x15c4 COMSysApp - ok
12:10:42.0527 0x15c4 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:10:42.0542 0x15c4 crcdisk - ok
12:10:42.0606 0x15c4 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:10:42.0606 0x15c4 CryptSvc - ok
12:10:42.0652 0x15c4 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
12:10:42.0684 0x15c4 CSC - ok
12:10:42.0730 0x15c4 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
12:10:42.0730 0x15c4 CscService - ok
12:10:42.0777 0x15c4 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:10:42.0777 0x15c4 DcomLaunch - ok
12:10:42.0824 0x15c4 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:10:42.0840 0x15c4 defragsvc - ok
12:10:42.0902 0x15c4 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:10:42.0902 0x15c4 DfsC - ok
12:10:42.0933 0x15c4 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:10:42.0933 0x15c4 Dhcp - ok
12:10:42.0980 0x15c4 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:10:42.0980 0x15c4 discache - ok
12:10:42.0996 0x15c4 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:10:42.0996 0x15c4 Disk - ok
12:10:43.0042 0x15c4 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:10:43.0042 0x15c4 Dnscache - ok
12:10:43.0089 0x15c4 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
12:10:43.0089 0x15c4 dot3svc - ok
12:10:43.0136 0x15c4 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
12:10:43.0136 0x15c4 DPS - ok
12:10:43.0183 0x15c4 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:10:43.0183 0x15c4 drmkaud - ok
12:10:43.0245 0x15c4 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:10:43.0261 0x15c4 DXGKrnl - ok
12:10:43.0308 0x15c4 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:10:43.0308 0x15c4 EapHost - ok
12:10:43.0448 0x15c4 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
12:10:43.0573 0x15c4 ebdrv - ok
12:10:43.0621 0x15c4 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
12:10:43.0621 0x15c4 EFS - ok
12:10:43.0683 0x15c4 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:10:43.0745 0x15c4 ehRecvr - ok
12:10:43.0792 0x15c4 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
12:10:43.0808 0x15c4 ehSched - ok
12:10:43.0870 0x15c4 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:10:43.0901 0x15c4 elxstor - ok
12:10:43.0917 0x15c4 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:10:43.0933 0x15c4 ErrDev - ok
12:10:43.0979 0x15c4 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:10:43.0995 0x15c4 EventSystem - ok
12:10:44.0011 0x15c4 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:10:44.0011 0x15c4 exfat - ok
12:10:44.0057 0x15c4 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:10:44.0057 0x15c4 fastfat - ok
12:10:44.0104 0x15c4 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
12:10:44.0104 0x15c4 Fax - ok
12:10:44.0135 0x15c4 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:10:44.0151 0x15c4 fdc - ok
12:10:44.0182 0x15c4 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:10:44.0182 0x15c4 fdPHost - ok
12:10:44.0198 0x15c4 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:10:44.0198 0x15c4 FDResPub - ok
12:10:44.0229 0x15c4 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:10:44.0229 0x15c4 FileInfo - ok
12:10:44.0245 0x15c4 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:10:44.0245 0x15c4 Filetrace - ok
12:10:44.0260 0x15c4 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:10:44.0291 0x15c4 flpydisk - ok
12:10:44.0338 0x15c4 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:10:44.0338 0x15c4 FltMgr - ok
12:10:44.0401 0x15c4 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
12:10:44.0416 0x15c4 FontCache - ok
12:10:44.0479 0x15c4 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:10:44.0494 0x15c4 FontCache3.0.0.0 - ok
12:10:44.0525 0x15c4 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:10:44.0525 0x15c4 FsDepends - ok
12:10:44.0572 0x15c4 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:10:44.0572 0x15c4 Fs_Rec - ok
12:10:44.0636 0x15c4 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:10:44.0636 0x15c4 fvevol - ok
12:10:44.0667 0x15c4 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:10:44.0682 0x15c4 gagp30kx - ok
12:10:44.0729 0x15c4 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:10:44.0760 0x15c4 GEARAspiWDM - ok
12:10:44.0838 0x15c4 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
12:10:44.0854 0x15c4 gpsvc - ok
12:10:44.0963 0x15c4 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:10:44.0963 0x15c4 gupdate - ok
12:10:44.0994 0x15c4 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:10:44.0994 0x15c4 gupdatem - ok
12:10:45.0026 0x15c4 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:10:45.0057 0x15c4 hcw85cir - ok
12:10:45.0135 0x15c4 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:10:45.0135 0x15c4 HdAudAddService - ok
12:10:45.0166 0x15c4 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:10:45.0182 0x15c4 HDAudBus - ok
12:10:45.0197 0x15c4 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:10:45.0228 0x15c4 HidBatt - ok
12:10:45.0260 0x15c4 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:10:45.0291 0x15c4 HidBth - ok
12:10:45.0322 0x15c4 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:10:45.0338 0x15c4 HidIr - ok
12:10:45.0353 0x15c4 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
12:10:45.0369 0x15c4 hidserv - ok
12:10:45.0431 0x15c4 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:10:45.0447 0x15c4 HidUsb - ok
12:10:45.0478 0x15c4 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:10:45.0494 0x15c4 hkmsvc - ok
12:10:45.0540 0x15c4 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:10:45.0540 0x15c4 HomeGroupListener - ok
12:10:45.0556 0x15c4 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:10:45.0572 0x15c4 HomeGroupProvider - ok
12:10:45.0603 0x15c4 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:10:45.0635 0x15c4 HpSAMD - ok
12:10:45.0697 0x15c4 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:10:45.0697 0x15c4 HTTP - ok
12:10:45.0760 0x15c4 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:10:45.0760 0x15c4 hwpolicy - ok
12:10:45.0807 0x15c4 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:10:45.0822 0x15c4 i8042prt - ok
12:10:45.0853 0x15c4 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:10:45.0916 0x15c4 iaStorV - ok
12:10:45.0994 0x15c4 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:10:46.0087 0x15c4 idsvc - ok
12:10:46.0134 0x15c4 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:10:46.0165 0x15c4 iirsp - ok
12:10:46.0228 0x15c4 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
12:10:46.0243 0x15c4 IKEEXT - ok
12:10:46.0353 0x15c4 [ F2BAA4FF548F7F0317F7638951C1CD9C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:10:46.0493 0x15c4 IntcAzAudAddService - ok
12:10:46.0540 0x15c4 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:10:46.0540 0x15c4 intelide - ok
12:10:46.0571 0x15c4 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:10:46.0602 0x15c4 intelppm - ok
12:10:46.0650 0x15c4 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:10:46.0666 0x15c4 IPBusEnum - ok
12:10:46.0666 0x15c4 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:10:46.0666 0x15c4 IpFilterDriver - ok
12:10:46.0744 0x15c4 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:10:46.0744 0x15c4 iphlpsvc - ok
12:10:46.0775 0x15c4 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:10:46.0790 0x15c4 IPMIDRV - ok
12:10:46.0806 0x15c4 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:10:46.0806 0x15c4 IPNAT - ok
12:10:46.0884 0x15c4 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:10:46.0884 0x15c4 iPod Service - ok
12:10:46.0915 0x15c4 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:10:46.0915 0x15c4 IRENUM - ok
12:10:46.0931 0x15c4 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:10:46.0931 0x15c4 isapnp - ok
12:10:46.0946 0x15c4 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:10:46.0962 0x15c4 iScsiPrt - ok
12:10:46.0993 0x15c4 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:10:46.0993 0x15c4 kbdclass - ok
12:10:47.0009 0x15c4 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:10:47.0024 0x15c4 kbdhid - ok
12:10:47.0024 0x15c4 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
12:10:47.0024 0x15c4 KeyIso - ok
12:10:47.0071 0x15c4 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:10:47.0071 0x15c4 KSecDD - ok
12:10:47.0118 0x15c4 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:10:47.0118 0x15c4 KSecPkg - ok
12:10:47.0165 0x15c4 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:10:47.0196 0x15c4 KtmRm - ok
12:10:47.0212 0x15c4 [ F7CDABA15C7E853F0A11AF6D77FCA990 ] L1E C:\Windows\system32\DRIVERS\L1E62x86.sys
12:10:47.0243 0x15c4 L1E - ok
12:10:47.0290 0x15c4 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
12:10:47.0290 0x15c4 LanmanServer - ok
12:10:47.0305 0x15c4 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:10:47.0321 0x15c4 LanmanWorkstation - ok
12:10:47.0430 0x15c4 [ 0F98B9384C37C8C29904B8AE4359A54F ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:10:47.0477 0x15c4 LBTServ - ok
12:10:47.0524 0x15c4 [ 318B3D608FBEC44B7E0C23BF759DCED5 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:10:47.0539 0x15c4 LHidFilt - ok
12:10:47.0586 0x15c4 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:10:47.0586 0x15c4 lltdio - ok
12:10:47.0633 0x15c4 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:10:47.0633 0x15c4 lltdsvc - ok
12:10:47.0648 0x15c4 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:10:47.0648 0x15c4 lmhosts - ok
12:10:47.0696 0x15c4 [ 84AF069D219DF3C43DC6792B2BBD7BED ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:10:47.0712 0x15c4 LMouFilt - ok
12:10:47.0743 0x15c4 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:10:47.0774 0x15c4 LSI_FC - ok
12:10:47.0821 0x15c4 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:10:47.0837 0x15c4 LSI_SAS - ok
12:10:47.0852 0x15c4 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:10:47.0868 0x15c4 LSI_SAS2 - ok
12:10:47.0899 0x15c4 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:10:47.0930 0x15c4 LSI_SCSI - ok
12:10:47.0961 0x15c4 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:10:47.0961 0x15c4 luafv - ok
12:10:47.0993 0x15c4 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:10:47.0993 0x15c4 Mcx2Svc - ok
12:10:48.0039 0x15c4 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:10:48.0055 0x15c4 megasas - ok
12:10:48.0102 0x15c4 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:10:48.0133 0x15c4 MegaSR - ok
12:10:48.0242 0x15c4 Microsoft SharePoint Workspace Audit Service - ok
12:10:48.0273 0x15c4 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:10:48.0273 0x15c4 MMCSS - ok
12:10:48.0305 0x15c4 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:10:48.0305 0x15c4 Modem - ok
12:10:48.0320 0x15c4 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:10:48.0320 0x15c4 monitor - ok
12:10:48.0383 0x15c4 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:10:48.0383 0x15c4 mouclass - ok
12:10:48.0398 0x15c4 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:10:48.0414 0x15c4 mouhid - ok
12:10:48.0445 0x15c4 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:10:48.0445 0x15c4 mountmgr - ok
12:10:48.0539 0x15c4 [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:10:48.0539 0x15c4 MozillaMaintenance - ok
12:10:48.0585 0x15c4 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:10:48.0585 0x15c4 mpio - ok
12:10:48.0617 0x15c4 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:10:48.0617 0x15c4 mpsdrv - ok
12:10:48.0680 0x15c4 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:10:48.0680 0x15c4 MpsSvc - ok
12:10:48.0727 0x15c4 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:10:48.0727 0x15c4 MRxDAV - ok
12:10:48.0789 0x15c4 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:10:48.0789 0x15c4 mrxsmb - ok
12:10:48.0836 0x15c4 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:10:48.0836 0x15c4 mrxsmb10 - ok
12:10:48.0852 0x15c4 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:10:48.0867 0x15c4 mrxsmb20 - ok
12:10:48.0898 0x15c4 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
12:10:48.0898 0x15c4 msahci - ok
12:10:48.0914 0x15c4 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:10:48.0914 0x15c4 msdsm - ok
12:10:48.0945 0x15c4 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:10:48.0945 0x15c4 MSDTC - ok
12:10:48.0992 0x15c4 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:10:48.0992 0x15c4 Msfs - ok
12:10:49.0008 0x15c4 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:10:49.0008 0x15c4 mshidkmdf - ok
12:10:49.0023 0x15c4 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:10:49.0039 0x15c4 msisadrv - ok
12:10:49.0070 0x15c4 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:10:49.0086 0x15c4 MSiSCSI - ok
12:10:49.0086 0x15c4 msiserver - ok
12:10:49.0117 0x15c4 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:10:49.0117 0x15c4 MSKSSRV - ok
12:10:49.0132 0x15c4 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:10:49.0132 0x15c4 MSPCLOCK - ok
12:10:49.0164 0x15c4 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:10:49.0164 0x15c4 MSPQM - ok
12:10:49.0179 0x15c4 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:10:49.0195 0x15c4 MsRPC - ok
12:10:49.0226 0x15c4 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:10:49.0226 0x15c4 mssmbios - ok
12:10:49.0257 0x15c4 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:10:49.0257 0x15c4 MSTEE - ok
12:10:49.0273 0x15c4 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:10:49.0288 0x15c4 MTConfig - ok
12:10:49.0304 0x15c4 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:10:49.0304 0x15c4 Mup - ok
12:10:49.0351 0x15c4 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
12:10:49.0351 0x15c4 napagent - ok
12:10:49.0413 0x15c4 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:10:49.0413 0x15c4 NativeWifiP - ok
12:10:49.0476 0x15c4 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:10:49.0476 0x15c4 NDIS - ok
12:10:49.0507 0x15c4 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:10:49.0507 0x15c4 NdisCap - ok
12:10:49.0538 0x15c4 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:10:49.0538 0x15c4 NdisTapi - ok
12:10:49.0585 0x15c4 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:10:49.0585 0x15c4 Ndisuio - ok
12:10:49.0632 0x15c4 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:10:49.0632 0x15c4 NdisWan - ok
12:10:49.0695 0x15c4 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:10:49.0695 0x15c4 NDProxy - ok
12:10:49.0726 0x15c4 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:10:49.0726 0x15c4 NetBIOS - ok
12:10:49.0789 0x15c4 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:10:49.0789 0x15c4 NetBT - ok
12:10:49.0804 0x15c4 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
12:10:49.0804 0x15c4 Netlogon - ok
12:10:49.0851 0x15c4 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:10:49.0851 0x15c4 Netman - ok
12:10:49.0867 0x15c4 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:10:49.0882 0x15c4 netprofm - ok
12:10:49.0913 0x15c4 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:10:49.0945 0x15c4 NetTcpPortSharing - ok
12:10:49.0991 0x15c4 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:10:50.0023 0x15c4 nfrd960 - ok
12:10:50.0069 0x15c4 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
12:10:50.0069 0x15c4 NlaSvc - ok
12:10:50.0085 0x15c4 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:10:50.0085 0x15c4 Npfs - ok
12:10:50.0116 0x15c4 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:10:50.0116 0x15c4 nsi - ok
12:10:50.0132 0x15c4 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:10:50.0132 0x15c4 nsiproxy - ok
12:10:50.0210 0x15c4 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:10:50.0241 0x15c4 Ntfs - ok
12:10:50.0272 0x15c4 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:10:50.0272 0x15c4 Null - ok
12:10:50.0319 0x15c4 [ 7F5D69A031BE0E7BDFB8126E1A212417 ] nuvotoncir C:\Windows\system32\DRIVERS\nuvotoncir.sys
12:10:50.0350 0x15c4 nuvotoncir - ok
12:10:50.0397 0x15c4 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:10:50.0444 0x15c4 nvraid - ok
12:10:50.0475 0x15c4 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:10:50.0506 0x15c4 nvstor - ok
12:10:50.0553 0x15c4 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:10:50.0584 0x15c4 nv_agp - ok
12:10:50.0615 0x15c4 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:10:50.0615 0x15c4 ohci1394 - ok
12:10:50.0662 0x15c4 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:10:50.0678 0x15c4 ose - ok
12:10:50.0882 0x15c4 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:10:51.0006 0x15c4 osppsvc - ok
12:10:51.0038 0x15c4 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:10:51.0053 0x15c4 p2pimsvc - ok
12:10:51.0069 0x15c4 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:10:51.0084 0x15c4 p2psvc - ok
12:10:51.0116 0x15c4 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:10:51.0116 0x15c4 Parport - ok
12:10:51.0162 0x15c4 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:10:51.0162 0x15c4 partmgr - ok
12:10:51.0178 0x15c4 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
12:10:51.0178 0x15c4 Parvdm - ok
12:10:51.0209 0x15c4 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:10:51.0209 0x15c4 PcaSvc - ok
12:10:51.0225 0x15c4 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
12:10:51.0240 0x15c4 pci - ok
12:10:51.0256 0x15c4 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
12:10:51.0256 0x15c4 pciide - ok
12:10:51.0303 0x15c4 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:10:51.0334 0x15c4 pcmcia - ok
12:10:51.0365 0x15c4 PCTINDIS5 - ok
12:10:51.0381 0x15c4 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:10:51.0381 0x15c4 pcw - ok
12:10:51.0412 0x15c4 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:10:51.0428 0x15c4 PEAUTH - ok
12:10:51.0474 0x15c4 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
12:10:51.0474 0x15c4 PeerDistSvc - ok
12:10:51.0584 0x15c4 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
12:10:51.0630 0x15c4 pla - ok
12:10:51.0677 0x15c4 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:10:51.0677 0x15c4 PlugPlay - ok
12:10:51.0725 0x15c4 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:10:51.0725 0x15c4 PNRPAutoReg - ok
12:10:51.0741 0x15c4 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:10:51.0756 0x15c4 PNRPsvc - ok
12:10:51.0772 0x15c4 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:10:51.0787 0x15c4 PolicyAgent - ok
12:10:51.0803 0x15c4 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
12:10:51.0819 0x15c4 Power - ok
12:10:51.0850 0x15c4 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:10:51.0850 0x15c4 PptpMiniport - ok
12:10:51.0881 0x15c4 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:10:51.0912 0x15c4 Processor - ok
12:10:51.0959 0x15c4 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
12:10:51.0975 0x15c4 ProfSvc - ok
12:10:51.0990 0x15c4 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:10:51.0990 0x15c4 ProtectedStorage - ok
12:10:52.0006 0x15c4 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:10:52.0021 0x15c4 Psched - ok
12:10:52.0084 0x15c4 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:10:52.0177 0x15c4 ql2300 - ok
12:10:52.0209 0x15c4 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:10:52.0240 0x15c4 ql40xx - ok
12:10:52.0271 0x15c4 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:10:52.0287 0x15c4 QWAVE - ok
12:10:52.0302 0x15c4 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:10:52.0302 0x15c4 QWAVEdrv - ok
12:10:52.0318 0x15c4 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:10:52.0318 0x15c4 RasAcd - ok
12:10:52.0365 0x15c4 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:10:52.0365 0x15c4 RasAgileVpn - ok
12:10:52.0380 0x15c4 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:10:52.0396 0x15c4 RasAuto - ok
12:10:52.0396 0x15c4 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:10:52.0411 0x15c4 Rasl2tp - ok
12:10:52.0458 0x15c4 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
12:10:52.0474 0x15c4 RasMan - ok
12:10:52.0489 0x15c4 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:10:52.0489 0x15c4 RasPppoe - ok
12:10:52.0521 0x15c4 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:10:52.0521 0x15c4 RasSstp - ok
12:10:52.0567 0x15c4 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:10:52.0567 0x15c4 rdbss - ok
12:10:52.0583 0x15c4 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:10:52.0583 0x15c4 rdpbus - ok
12:10:52.0630 0x15c4 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:10:52.0630 0x15c4 RDPCDD - ok
12:10:52.0661 0x15c4 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
12:10:52.0661 0x15c4 RDPDR - ok
12:10:52.0692 0x15c4 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:10:52.0692 0x15c4 RDPENCDD - ok
12:10:52.0708 0x15c4 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:10:52.0708 0x15c4 RDPREFMP - ok
12:10:52.0818 0x15c4 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:10:52.0818 0x15c4 RdpVideoMiniport - ok
12:10:52.0849 0x15c4 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:10:52.0865 0x15c4 RDPWD - ok
12:10:52.0912 0x15c4 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:10:52.0927 0x15c4 rdyboost - ok
12:10:52.0958 0x15c4 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
12:10:52.0974 0x15c4 RemoteAccess - ok
12:10:53.0005 0x15c4 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:10:53.0005 0x15c4 RemoteRegistry - ok
12:10:53.0068 0x15c4 [ 12A2FD77E334B223531F1E2918480D49 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
12:10:53.0068 0x15c4 RimVSerPort - ok
12:10:53.0099 0x15c4 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
12:10:53.0099 0x15c4 ROOTMODEM - ok
12:10:53.0130 0x15c4 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:10:53.0130 0x15c4 RpcEptMapper - ok
12:10:53.0161 0x15c4 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
12:10:53.0161 0x15c4 RpcLocator - ok
12:10:53.0192 0x15c4 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
12:10:53.0192 0x15c4 RpcSs - ok
12:10:53.0224 0x15c4 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:10:53.0224 0x15c4 rspndr - ok
12:10:53.0270 0x15c4 [ 31D45ECA63884FF5F7AECC50F7D1BAE0 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
12:10:53.0270 0x15c4 RSUSBSTOR - ok
12:10:53.0302 0x15c4 [ 87407B31EA6FF0DC4765258164B98BEA ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
12:10:53.0317 0x15c4 RTHDMIAzAudService - ok
12:10:53.0364 0x15c4 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
12:10:53.0395 0x15c4 s3cap - ok
12:10:53.0426 0x15c4 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
12:10:53.0426 0x15c4 SamSs - ok
12:10:53.0536 0x15c4 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:10:53.0536 0x15c4 SASDIFSV - ok
12:10:53.0567 0x15c4 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:10:53.0567 0x15c4 SASKUTIL - ok
12:10:53.0598 0x15c4 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:10:53.0614 0x15c4 sbp2port - ok
12:10:53.0645 0x15c4 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:10:53.0660 0x15c4 SCardSvr - ok
12:10:53.0676 0x15c4 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:10:53.0676 0x15c4 scfilter - ok
12:10:53.0738 0x15c4 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
12:10:53.0738 0x15c4 Schedule - ok
12:10:53.0755 0x15c4 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:10:53.0755 0x15c4 SCPolicySvc - ok
12:10:53.0802 0x15c4 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:10:53.0802 0x15c4 SDRSVC - ok
12:10:53.0849 0x15c4 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:10:53.0849 0x15c4 secdrv - ok
12:10:53.0895 0x15c4 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
12:10:53.0895 0x15c4 seclogon - ok
12:10:53.0911 0x15c4 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
12:10:53.0927 0x15c4 SENS - ok
12:10:53.0958 0x15c4 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:10:53.0958 0x15c4 SensrSvc - ok
12:10:53.0973 0x15c4 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:10:53.0973 0x15c4 Serenum - ok
12:10:54.0005 0x15c4 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:10:54.0051 0x15c4 Serial - ok
12:10:54.0083 0x15c4 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:10:54.0083 0x15c4 sermouse - ok
12:10:54.0129 0x15c4 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
12:10:54.0145 0x15c4 SessionEnv - ok
12:10:54.0176 0x15c4 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:10:54.0176 0x15c4 sffdisk - ok
12:10:54.0192 0x15c4 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:10:54.0192 0x15c4 sffp_mmc - ok
12:10:54.0207 0x15c4 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:10:54.0207 0x15c4 sffp_sd - ok
12:10:54.0239 0x15c4 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:10:54.0254 0x15c4 sfloppy - ok
12:10:54.0285 0x15c4 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:10:54.0301 0x15c4 SharedAccess - ok
12:10:54.0348 0x15c4 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:10:54.0348 0x15c4 ShellHWDetection - ok
12:10:54.0379 0x15c4 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:10:54.0379 0x15c4 sisagp - ok
12:10:54.0410 0x15c4 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:10:54.0426 0x15c4 SiSRaid2 - ok
12:10:54.0441 0x15c4 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:10:54.0457 0x15c4 SiSRaid4 - ok
12:10:54.0488 0x15c4 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:10:54.0488 0x15c4 Smb - ok
12:10:54.0551 0x15c4 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:10:54.0566 0x15c4 SNMPTRAP - ok
12:10:54.0582 0x15c4 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
12:10:54.0582 0x15c4 spldr - ok
12:10:54.0629 0x15c4 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
12:10:54.0644 0x15c4 Spooler - ok
12:10:54.0722 0x15c4 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
12:10:54.0753 0x15c4 sppsvc - ok
12:10:54.0801 0x15c4 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:10:54.0801 0x15c4 sppuinotify - ok
12:10:54.0848 0x15c4 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:10:54.0864 0x15c4 srv - ok
12:10:54.0879 0x15c4 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:10:54.0895 0x15c4 srv2 - ok
12:10:54.0911 0x15c4 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:10:54.0911 0x15c4 srvnet - ok
12:10:54.0942 0x15c4 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:10:54.0957 0x15c4 SSDPSRV - ok
12:10:55.0020 0x15c4 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
12:10:55.0020 0x15c4 ssmdrv - ok
12:10:55.0051 0x15c4 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:10:55.0051 0x15c4 SstpSvc - ok
12:10:55.0067 0x15c4 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:10:55.0067 0x15c4 stexstor - ok
12:10:55.0129 0x15c4 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
12:10:55.0129 0x15c4 StiSvc - ok
12:10:55.0160 0x15c4 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
12:10:55.0160 0x15c4 storflt - ok
12:10:55.0191 0x15c4 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
12:10:55.0207 0x15c4 StorSvc - ok
12:10:55.0223 0x15c4 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
12:10:55.0238 0x15c4 storvsc - ok
12:10:55.0269 0x15c4 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
12:10:55.0285 0x15c4 swenum - ok
12:10:55.0332 0x15c4 [ A184A1BAB187809B144BA32509B9E731 ] swmsflt C:\Windows\System32\drivers\swmsflt.sys
12:10:55.0332 0x15c4 swmsflt - ok
12:10:55.0394 0x15c4 [ 2F6F8B7F821C994DE3D1CAF399BF9CD3 ] SWNC8U56 C:\Windows\system32\DRIVERS\swnc8u56.sys
12:10:55.0394 0x15c4 SWNC8U56 - ok
12:10:55.0425 0x15c4 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
12:10:55.0425 0x15c4 swprv - ok
12:10:55.0472 0x15c4 [ 903A5E596A3910CEBFA33F3BD7D9C174 ] SWUMX56 C:\Windows\system32\DRIVERS\swumx56.sys
12:10:55.0472 0x15c4 SWUMX56 - ok
12:10:55.0535 0x15c4 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
12:10:55.0550 0x15c4 SysMain - ok
12:10:55.0597 0x15c4 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:10:55.0597 0x15c4 TabletInputService - ok
12:10:55.0644 0x15c4 [ 8CF6E2AE1707D82E904ECCA68CEF8B87 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
12:10:55.0644 0x15c4 tap0901 - ok
12:10:55.0691 0x15c4 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
12:10:55.0691 0x15c4 TapiSrv - ok
12:10:55.0722 0x15c4 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
12:10:55.0722 0x15c4 TBS - ok
12:10:55.0785 0x15c4 [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:10:55.0801 0x15c4 Tcpip - ok
12:10:55.0863 0x15c4 [ 4E8B9BE71B807B3BAEDB7F4243F85E3C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:10:55.0879 0x15c4 TCPIP6 - ok
12:10:55.0910 0x15c4 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:10:55.0910 0x15c4 tcpipreg - ok
12:10:55.0957 0x15c4 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:10:55.0957 0x15c4 TDPIPE - ok
12:10:56.0004 0x15c4 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:10:56.0004 0x15c4 TDTCP - ok
12:10:56.0035 0x15c4 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:10:56.0050 0x15c4 tdx - ok
12:10:56.0066 0x15c4 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:10:56.0066 0x15c4 TermDD - ok
12:10:56.0113 0x15c4 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
12:10:56.0128 0x15c4 TermService - ok
12:10:56.0160 0x15c4 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
12:10:56.0175 0x15c4 Themes - ok
12:10:56.0191 0x15c4 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
12:10:56.0191 0x15c4 THREADORDER - ok
12:10:56.0222 0x15c4 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
12:10:56.0222 0x15c4 TrkWks - ok
12:10:56.0284 0x15c4 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:10:56.0284 0x15c4 TrustedInstaller - ok
12:10:56.0331 0x15c4 [ B37B08F2E5EEB1A37E448E09BACE1101 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:10:56.0331 0x15c4 tssecsrv - ok
12:10:56.0378 0x15c4 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:10:56.0378 0x15c4 TsUsbFlt - ok
12:10:56.0440 0x15c4 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:10:56.0440 0x15c4 tunnel - ok
12:10:56.0472 0x15c4 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:10:56.0503 0x15c4 uagp35 - ok
12:10:56.0550 0x15c4 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:10:56.0565 0x15c4 udfs - ok
12:10:56.0596 0x15c4 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:10:56.0612 0x15c4 UI0Detect - ok
12:10:56.0659 0x15c4 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:10:56.0690 0x15c4 uliagpkx - ok
12:10:56.0721 0x15c4 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
12:10:56.0721 0x15c4 umbus - ok
12:10:56.0768 0x15c4 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:10:56.0768 0x15c4 UmPass - ok
12:10:56.0816 0x15c4 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
12:10:56.0816 0x15c4 UmRdpService - ok
12:10:56.0847 0x15c4 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
12:10:56.0847 0x15c4 upnphost - ok
12:10:56.0894 0x15c4 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
12:10:56.0909 0x15c4 USBAAPL - ok
12:10:56.0941 0x15c4 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:10:56.0941 0x15c4 usbccgp - ok
12:10:57.0003 0x15c4 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:10:57.0019 0x15c4 usbcir - ok
12:10:57.0050 0x15c4 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:10:57.0050 0x15c4 usbehci - ok
12:10:57.0097 0x15c4 [ 0150B06D3E73F6C27AFCB963FD931820 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
12:10:57.0128 0x15c4 usbfilter - ok
12:10:57.0175 0x15c4 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:10:57.0175 0x15c4 usbhub - ok
12:10:57.0206 0x15c4 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:10:57.0221 0x15c4 usbohci - ok
12:10:57.0253 0x15c4 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:10:57.0253 0x15c4 usbprint - ok
12:10:57.0299 0x15c4 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:10:57.0315 0x15c4 usbscan - ok
12:10:57.0346 0x15c4 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:10:57.0346 0x15c4 USBSTOR - ok
12:10:57.0377 0x15c4 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:10:57.0377 0x15c4 usbuhci - ok
12:10:57.0424 0x15c4 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:10:57.0424 0x15c4 usbvideo - ok
12:10:57.0455 0x15c4 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
12:10:57.0471 0x15c4 UxSms - ok
12:10:57.0487 0x15c4 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
12:10:57.0487 0x15c4 VaultSvc - ok
12:10:57.0518 0x15c4 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:10:57.0518 0x15c4 vdrvroot - ok
12:10:57.0565 0x15c4 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
12:10:57.0580 0x15c4 vds - ok
12:10:57.0611 0x15c4 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:10:57.0611 0x15c4 vga - ok
12:10:57.0643 0x15c4 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
12:10:57.0643 0x15c4 VgaSave - ok
12:10:57.0674 0x15c4 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:10:57.0689 0x15c4 vhdmp - ok
12:10:57.0705 0x15c4 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:10:57.0721 0x15c4 viaagp - ok
12:10:57.0752 0x15c4 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
12:10:57.0783 0x15c4 ViaC7 - ok
12:10:57.0799 0x15c4 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
12:10:57.0815 0x15c4 viaide - ok
12:10:57.0862 0x15c4 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
12:10:57.0862 0x15c4 vmbus - ok
12:10:57.0878 0x15c4 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
12:10:57.0893 0x15c4 VMBusHID - ok
12:10:57.0909 0x15c4 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:10:57.0909 0x15c4 volmgr - ok
12:10:57.0924 0x15c4 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:10:57.0940 0x15c4 volmgrx - ok
12:10:57.0956 0x15c4 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:10:57.0956 0x15c4 volsnap - ok
12:10:57.0987 0x15c4 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:10:57.0987 0x15c4 vsmraid - ok
12:10:58.0049 0x15c4 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
12:10:58.0080 0x15c4 VSS - ok
12:10:58.0096 0x15c4 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:10:58.0096 0x15c4 vwifibus - ok
12:10:58.0112 0x15c4 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:10:58.0112 0x15c4 vwififlt - ok
12:10:58.0158 0x15c4 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
12:10:58.0158 0x15c4 W32Time - ok
12:10:58.0190 0x15c4 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:10:58.0190 0x15c4 WacomPen - ok
12:10:58.0252 0x15c4 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:10:58.0252 0x15c4 WANARP - ok
12:10:58.0268 0x15c4 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:10:58.0283 0x15c4 Wanarpv6 - ok
12:10:58.0346 0x15c4 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:10:58.0455 0x15c4 WatAdminSvc - ok
12:10:58.0517 0x15c4 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
12:10:58.0564 0x15c4 wbengine - ok
12:10:58.0580 0x15c4 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:10:58.0595 0x15c4 WbioSrvc - ok
12:10:58.0642 0x15c4 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:10:58.0658 0x15c4 wcncsvc - ok
12:10:58.0658 0x15c4 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:10:58.0673 0x15c4 WcsPlugInService - ok
12:10:58.0704 0x15c4 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:10:58.0720 0x15c4 Wd - ok
12:10:58.0767 0x15c4 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:10:58.0798 0x15c4 Wdf01000 - ok
12:10:58.0830 0x15c4 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:10:58.0830 0x15c4 WdiServiceHost - ok
12:10:58.0846 0x15c4 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:10:58.0861 0x15c4 WdiSystemHost - ok
12:10:58.0908 0x15c4 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
12:10:58.0908 0x15c4 WebClient - ok
12:10:58.0924 0x15c4 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:10:58.0939 0x15c4 Wecsvc - ok
12:10:58.0955 0x15c4 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:10:58.0955 0x15c4 wercplsupport - ok
12:10:58.0986 0x15c4 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
12:10:59.0002 0x15c4 WerSvc - ok
12:10:59.0017 0x15c4 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:10:59.0017 0x15c4 WfpLwf - ok
12:10:59.0049 0x15c4 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:10:59.0049 0x15c4 WIMMount - ok
12:10:59.0127 0x15c4 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:10:59.0127 0x15c4 WinDefend - ok
12:10:59.0142 0x15c4 WinHttpAutoProxySvc - ok
12:10:59.0189 0x15c4 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:10:59.0189 0x15c4 Winmgmt - ok
12:10:59.0267 0x15c4 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
12:10:59.0298 0x15c4 WinRM - ok
12:10:59.0361 0x15c4 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:10:59.0361 0x15c4 WinUsb - ok
12:10:59.0407 0x15c4 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:10:59.0423 0x15c4 Wlansvc - ok
12:10:59.0470 0x15c4 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:10:59.0470 0x15c4 WmiAcpi - ok
12:10:59.0517 0x15c4 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:10:59.0517 0x15c4 wmiApSrv - ok
12:10:59.0626 0x15c4 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:10:59.0641 0x15c4 WMPNetworkSvc - ok
12:10:59.0657 0x15c4 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:10:59.0657 0x15c4 WPCSvc - ok
12:10:59.0688 0x15c4 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:10:59.0704 0x15c4 WPDBusEnum - ok
12:10:59.0719 0x15c4 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:10:59.0735 0x15c4 ws2ifsl - ok
12:10:59.0751 0x15c4 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
12:10:59.0751 0x15c4 wscsvc - ok
12:10:59.0766 0x15c4 WSearch - ok
12:10:59.0861 0x15c4 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:10:59.0876 0x15c4 wuauserv - ok
12:10:59.0923 0x15c4 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:10:59.0923 0x15c4 WudfPf - ok
12:10:59.0954 0x15c4 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:10:59.0954 0x15c4 WUDFRd - ok
12:11:00.0001 0x15c4 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:11:00.0017 0x15c4 wudfsvc - ok
12:11:00.0048 0x15c4 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
12:11:00.0064 0x15c4 WwanSvc - ok
12:11:00.0110 0x15c4 ================ Scan global ===============================
12:11:00.0142 0x15c4 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
12:11:00.0188 0x15c4 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
12:11:00.0204 0x15c4 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
12:11:00.0235 0x15c4 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
12:11:00.0266 0x15c4 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
12:11:00.0266 0x15c4 [Global] - ok
12:11:00.0266 0x15c4 ================ Scan MBR ==================================
12:11:00.0282 0x15c4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:11:00.0893 0x15c4 \Device\Harddisk0\DR0 - ok
12:11:00.0893 0x15c4 ================ Scan VBR ==================================
12:11:00.0893 0x15c4 [ C14BCD1594A4D5156979CA0E82636695 ] \Device\Harddisk0\DR0\Partition1
12:11:00.0893 0x15c4 \Device\Harddisk0\DR0\Partition1 - ok
12:11:00.0925 0x15c4 [ 213D3AA37077D8CF1A6ED68F3E63A44A ] \Device\Harddisk0\DR0\Partition2
12:11:00.0925 0x15c4 \Device\Harddisk0\DR0\Partition2 - ok
12:11:00.0925 0x15c4 ============================================================
12:11:00.0925 0x15c4 Scan finished
12:11:00.0925 0x15c4 ============================================================
12:11:00.0940 0x17d0 Detected object count: 0
12:11:00.0940 0x17d0 Actual detected object count: 0
12:11:29.0033 0x05a8 Deinitialize success
  • 0

#9
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi Blain,

Sorry for the delay. I accidentally missed replying here.

Let me take a more thorough look at the logs, but in the mean time can you tell me what symptoms you are experiencing?
  • 0

#10
Blain1

Blain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
it still runs slow, some programs are very slow to open if they do this seems to be a major problem RtkBtMnt.exe
  • 0

Advertisements


#11
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi,

I'm not really seeing anything in your logs. Let's try a few things to see if we can isolate the slowness. As far as RtkBtMnt.exe, I believe that is nothing to worry about, but we can clear the temp files and get rid of it.


Please be aware that this fix will delete your temporary files. If the virus has "hidden" any of your files, please do not run the fix, but stop and let me know.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [createrestorepoint][/size][/color][color=#1C2837][size=2][emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply. The log should be saved in C:\_OTL\MovedFiles and should be named with numbers describing the date and time it was run.

Let's try a clean boot if the slowness remains:


Step 1: Start MSConfig

Click Start, type msconfig in the Start Search box, and then press ENTER.
If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation.

Step 2: Configure Selective Startup options

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

Posted Image

2.Click to clear the Load Startup Items check box.
Note The Use Original Boot.ini check box is unavailable.

3.Click the Services tab.

Posted Image

4.Click to select the Hide All Microsoft Services check box.
5.Click Disable All, and then click OK.
6. When you are prompted, click Restart.

Once back in windows does the problem still occur ?
  • 0

#12
Blain1

Blain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok i think this is what you mean by stop?

It froze everything and shut down

All processes killed
========== COMMANDS ==========
Error: Unable to interpret <[createrestorepoint][/size][/color][color=#1C2837][size=2][emptytemp]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 08302013_090657

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#13
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Sorry about that, some extra words got mixed in with the fix. Please run this fix with OTL:


:Commands
[createrestorepoint]
[emptytemp]

  • 0

#14
Blain1

Blain1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok done with OTL:

Did not do the msconfig yet due to stoppage.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nomary
->Temp folder emptied: 204800 bytes
->Temporary Internet Files folder emptied: 82322 bytes
->Java cache emptied: 8390981 bytes
->FireFox cache emptied: 70201678 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 75.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08312013_084456

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#15
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
If the laptop is still slow, go ahead with the clean boot.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP