Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Chasing something...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Chasing something...

Unread postby geniusless » March 3rd, 2013, 3:10 pm

K am I doing something wrong, can't get the post to paste and submit, keeps saying to few characters as the text i am pasting dissapears???
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm
Advertisement
Register to Remove

Re: Chasing something...

Unread postby askey127 » March 3rd, 2013, 5:19 pm

The part after the CHR lines is missing.

Here's how this should work:

Double click the file on your desktop (OTL.txt or other). The file will likely open in Notepad.
In Notepad, Click Edit > Select All
then Click Edit > Copy
Now Go to the website here, double click on this topic, scroll to the bottom, and click on the Reply button.
Click inside the box once, then hold down your <Ctrl> key and hit the <V> key at the same time.
(This Ctrl-V combination is a paste command)
The box should fill with the entire log.
Click the Submit button under the box.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Chasing something...

Unread postby geniusless » March 3rd, 2013, 5:36 pm

Ya that will not work, i got the first half up but no matter what portion I try to copy paste now it dissapears when I hit submit. Above says your message contains too few characters. Also those objects appeared on desktop again, then vanished when I refreshed desktop???
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: Chasing something...

Unread postby askey127 » March 3rd, 2013, 6:11 pm

I am going to consult with some of my associates to see if we can figure out what is going on.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Chasing something...

Unread postby geniusless » March 3rd, 2013, 6:45 pm

OTL logfile created on: 3/3/2013 10:32:56 AM -Run 2 OTL by OldTimer - Version 3.2.69.0

C:\Users\Owner\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 59.90% Memory free 6.18 Gb Paging File | 5.07 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285.51 Gb Total Space | 180.96 Gb Free Space | 63.38% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 5.70 Gb Free Space | 57.04% Space Free | Partition Type: NTFS

Computer Name: PUTER | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/01 11:04:15 | 000,602,112 | ---- | M] (OldTimer Tools) --C:\Users\Owner\Desktop\OTL.exe PRC - [2013/02/20 21:23:46 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2012/12/18 11:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) --C:\Windows\explorer.exe PRC - [2007/07/02 12:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2007/06/06 15:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2007/05/22 13:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2006/09/08 14:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/20 21:23:44 | 000,459,728 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppgooglenaclpluginchrome.dll MOD - [2013/02/20 21:23:42 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll MOD - [2013/02/20 21:22:48 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll MOD - [2013/02/13 23:48:07 | 011,820,544 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll MOD - [2013/02/13 20:30:21 | 012,433,920 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll MOD - [2013/01/24 23:39:43 | 000,475,136 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\295bceb25b989b5e5db8a70cbbb42853\IAStorUtil.ni.dll MOD - [2013/01/24 23:39:43 | 000,014,336 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\781904ca0923a7ddaabf182f17663e96\IAStorCommon.ni.dll MOD - [2013/01/24 23:37:25 | 000,771,584 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll MOD - [2013/01/24 23:36:49 | 000,971,264 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll MOD - [2013/01/24 23:36:46 | 005,450,752 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013/01/24 23:36:15 | 001,593,856 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013/01/24 23:35:07 | 003,325,952 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll MOD - [2013/01/24 23:35:03 | 007,977,984 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013/01/24 23:34:55 | 011,492,352 | ---- | M] () --C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2007/10/09 19:18:12 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll

========== Services (SafeList) ==========

SRV - [2013/02/26 18:24:03 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] --C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/18 11:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe --(AdobeARMservice) SRV - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] --C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe --(ZuneWlanCfgSvc) SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe --(WMZuneComm) SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe --(ZuneNetworkSvc) SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] --C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe --(IAStorDataMgrSvc) SRV - [2010/04/21 09:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll --(WAS) SRV - [2010/04/21 09:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] --C:\Windows\System32\inetsrv\iisw3adm.dll --(W3SVC) SRV - [2009/04/14 09:59:14 | 000,703,008 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] --C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom) SRV - [2009/04/10 22:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] --C:\Windows\System32\inetsrv\apphostsvc.dll --(AppHostSvc) SRV - [2008/02/26 13:10:56 | 000,648,456 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] --C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy) SRV - [2008/02/15 22:34:18 | 000,333,064 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] --C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] --C:\Program Files\Windows Defender\MpSvc.dll --(WinDefend) SRV - [2007/05/31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] --C:\Windows\WindowsMobile\wcescomm.dll --(WcesComm) SRV - [2007/05/31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] --C:\Windows\WindowsMobile\rapimgr.dll --(RapiMgr) SRV - [2007/05/06 17:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Disabled | Stopped] --C:\Windows\System32\stacsv.exe -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] --system32\DRIVERS\xaudio.sys -- (XAudio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys --(NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys --(NwlnkFlt) DRV - File not found [Kernel | Auto | Stopped] --system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys --(IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HSXHWAZL.sys --(HSXHWAZL) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV - File not found [Kernel | Disabled | Stopped] --C:\Windows\system32\drivers\blbdrive.sys --(blbdrive) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys --(BCM42RLY) DRV - File not found [Kernel | System | Stopped] --C:\Windows\system32\drivers\AntiLog32.sys --(AntiLog32) DRV - [2013/02/22 13:27:30 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] --C:\Windows\System32\drivers\gfibto.sys --(gfibto) DRV - [2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] --C:\Windows\System32\drivers\aswSnx.sys --(aswSnx) DRV - [2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] --C:\Windows\System32\drivers\aswSP.sys --(aswSP) DRV - [2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] --C:\Windows\System32\drivers\aswTdi.sys --(aswTdi) DRV - [2012/10/30 15:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] --C:\Windows\System32\drivers\aswRdr.sys --(AswRdr) DRV - [2012/10/30 15:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys --(aswFsBlk) DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys --(cpudrv) DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] --C:\Windows\System32\drivers\winusb.sys --(WinUSB) DRV - [2009/04/02 15:00:12 | 000,052,752 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] --C:\Windows\System32\drivers\tmactmon.sys --(tmactmon) DRV - [2009/04/02 15:00:08 | 000,052,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] --C:\Windows\System32\drivers\tmevtmgr.sys --(tmevtmgr) DRV - [2009/04/02 15:00:00 | 000,142,864 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] --C:\Windows\System32\drivers\tmcomm.sys --(tmcomm) DRV - [2008/11/26 18:42:42 | 000,205,328 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] --C:\Windows\System32\drivers\tmxpflt.sys --(tmxpflt) DRV - [2008/11/26 18:42:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] --C:\Windows\System32\drivers\tmpreflt.sys --(tmpreflt) DRV - [2008/11/26 18:39:56 | 001,195,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] --C:\Windows\System32\drivers\vsapint.sys --(vsapint) DRV - [2008/02/15 22:34:18 | 000,065,936 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] --C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi) DRV - [2007/06/25 17:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] --C:\Windows\System32\drivers\Apfiltr.sys --(ApfiltrService) DRV - [2007/05/06 17:12:02 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys --(STHDA) DRV - [2007/03/20 01:00:00 | 000,234,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] --C:\Windows\System32\drivers\OEM02Dev.sys --(OEM02Dev) DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] --C:\Windows\System32\drivers\OEM02Vfx.sys --(OEM02Vfx) DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] --C:\Windows\System32\drivers\rimmptsk.sys --(rimmptsk) DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] --C:\Windows\System32\drivers\rimsptsk.sys --(rimsptsk) DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] --C:\Windows\System32\drivers\rixdptsk.sys --(rismxdp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q= {searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q= {searchTerms}&rls=com.microsoft:{language}: {referrer:source?}&ie={inputEncoding}&oe= {outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" = http://isearch.fantastigames.com/web? src=ieb&gct=ds&appid=107&systemid=465&q= {searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2465} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q= {searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4B26DEFC-8C40-42C7-8309-AE629A7B3854}: "URL" = http://www.google.com/search?q= {searchTerms}&rls=com.microsoft:{language}&ie= {inputEncoding}&oe={outputEncoding}&startIndex= {startIndex?}&startPage={startPage} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2465}: "URL" = http://isearch.fantastigames.com/web? src=ieb&gct=ds&appid=107&systemid=465&q= {searchTerms} IE -HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF -HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF -HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF -HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF -HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF -HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF -HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}& {google:RLZ}{google:acceptedSuggestion} {google:originalQueryForSuggestion} {google:assistedQueryStats} {google:searchFieldtrialParameter} {google:searchClient}{google:sourceId} {google:instantExtendedEnabledParameter}ie= {inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search? {google:searchFieldtrialParameter}client=chrome&q= {searchTerms}&{google:cursorPosition}sugkey= {google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.97\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: YouTube = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Google Search = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: Gmail = \Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/10/08 15:11:06 | 000,000,761 | ---- | M]) -C:\Windows\System32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1

O1 - Hosts: ::1

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) -{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object) O17 -HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 184.16.33.54 O17 -HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03F3AC55-7682-499F-BBAB-B01BF71466CF}: DhcpNameServer = 192.168.1.1 184.16.33.54 O17 -HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F0A8F20-B48E-4425-A7C7-C6C1438FC199}: DhcpNameServer = 192.168.1.1 184.16.33.54 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit -(C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O30 - LSA: Authentication Packages - (ows\s) -File not found O30 - LSA: Security Packages - (X2嘀 蘁 獭ㅶた搮 汬) - File not found O30 - LSA: Security Packages - (>뻯 ẵ ẵ&) - File not found O30 - LSA: Security Packages - (��) - File not found O30 - LSA: Security Packages - () - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders -Created Within 30 Days ==========

[2013/03/02 11:16:11 | 000,000,000 | ---D | C] --C:\_OTL [2013/03/02 11:16:11 | 000,000,000 | ---D | C] --\_OTL [2013/03/01 11:04:13 | 000,602,112 | ---- | C] (OldTimer Tools) --C:\Users\Owner\Desktop\OTL.exe [2013/02/28 19:47:03 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com [2013/02/26 18:09:42 | 000,000,000 | ---D | C] --C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013/02/26 18:09:39 | 000,000,000 | ---D | C] --C:\Program Files\Origin [2013/02/25 22:35:21 | 000,000,000 | ---D | C] --C:\Windows\System32\x64 [2013/02/25 22:20:13 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll [2013/02/25 10:09:07 | 000,000,000 | ---D | C] --C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc [2013/02/22 13:28:23 | 000,000,000 | ---D | C] --C:\Users\Owner\AppData\Roaming\LavasoftStatistics [2013/02/22 13:27:30 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe [2013/02/22 13:27:30 | 000,013,560 | ---- | C] (GFI Software) --C:\Windows\System32\drivers\gfibto.sys [2013/02/20 21:17:36 | 000,361,032 | ---- | C] (AVAST Software) --C:\Windows\System32\drivers\aswSP.sys [2013/02/20 21:17:36 | 000,021,256 | ---- | C] (AVAST Software) --C:\Windows\System32\drivers\aswFsBlk.sys [2013/02/20 21:17:36 | 000,000,000 | ---D | C] --C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013/02/20 21:17:35 | 000,738,504 | ---- | C] (AVAST Software) --C:\Windows\System32\drivers\aswSnx.sys [2013/02/20 21:17:35 | 000,054,232 | ---- | C] (AVAST Software) --C:\Windows\System32\drivers\aswTdi.sys [2013/02/20 21:17:35 | 000,035,928 | ---- | C] (AVAST Software) --C:\Windows\System32\drivers\aswRdr.sys [2013/02/20 21:17:33 | 000,058,680 | ---- | C] (AVAST Software) --C:\Windows\System32\drivers\aswMonFlt.sys [2013/02/20 21:16:44 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013/02/20 21:16:43 | 000,227,648 | ---- | C] (AVAST Software) --C:\Windows\System32\aswBoot.exe [2013/02/20 21:16:18 | 000,000,000 | ---D | C] --C:\ProgramData\AVAST Software [2013/02/20 21:16:18 | 000,000,000 | ---D | C] --C:\Program Files\AVAST Software [2013/02/20 19:24:18 | 000,000,000 | ---D | C] --C:\Program Files\Enigma Software Group [2013/02/20 19:23:21 | 000,000,000 | ---D | C] --C:\Program Files\Common Files\Wise Installation Wizard [2013/02/19 11:13:54 | 000,000,000 | ---D | C] --C:\Program Files\AntiLogger [2013/02/14 13:38:47 | 000,000,000 | ---D | C] --C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2013/02/14 13:38:46 | 000,000,000 | ---D | C] --C:\Program Files\Lavalys [2013/02/14 10:48:10 | 000,000,000 | ---D | C] --C:\Program Files\SystemRequirementsLab [2013/02/14 10:48:09 | 000,000,000 | ---D | C] --C:\Users\Owner\AppData\Roaming\SystemRequirementsLab [2013/02/14 10:48:02 | 000,000,000 | ---D | C] --C:\Windows\Sun [2013/02/14 10:47:44 | 000,000,000 | ---D | C] --C:\ProgramData\Sun [2013/02/14 10:45:37 | 000,000,000 | ---D | C] --C:\ProgramData\McAfee [2013/02/14 01:26:17 | 000,000,000 | R--D | C] --C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center [2013/02/14 01:23:35 | 000,000,000 | ---D | C] --C:\Program Files\Dell Support Center [2013/02/14 01:22:18 | 000,000,000 | ---D | C] --C:\temp [2013/02/14 01:22:18 | 000,000,000 | ---D | C] --\temp [2013/02/14 01:10:25 | 000,000,000 | ---D | C] --C:\Windows\Driver Cache [2013/02/14 01:10:25 | 000,000,000 | ---D | C] --C:\Program Files\AVerMedia [2013/02/13 23:03:54 | 000,000,000 | ---D | C] --C:\Users\Owner\Documents\Battlefield 1942 [2013/02/13 21:45:36 | 000,000,000 | ---D | C] --C:\Users\Owner\AppData\Roaming\WinRAR [2013/02/13 21:45:36 | 000,000,000 | ---D | C] --C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013/02/13 21:45:36 | 000,000,000 | ---D | C] --C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013/02/13 21:45:32 | 000,000,000 | ---D | C] --C:\Program Files\WinRAR [2013/02/13 21:45:09 | 000,000,000 | ---D | C] --C:\Users\Owner\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q [2013/02/13 21:24:40 | 000,000,000 | ---D | C] --C:\Users\Owner\AppData\Roaming\Origin [2013/02/13 21:23:55 | 000,000,000 | ---D | C] --C:\ProgramData\Origin [2013/02/13 21:23:54 | 000,000,000 | ---D | C] --C:\ProgramData\Electronic Arts [2013/02/12 15:51:50 | 000,000,000 | ---D | C] --C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/02/12 14:18:24 | 000,000,000 | ---D | C] --C:\Program Files\FGIcon [2013/02/12 14:18:04 | 000,000,000 | ---D | C] --C:\ProgramData\Tarma Installer [2 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/03 10:40:00 | 000,000,420 | -H-- | M] () --C:\Windows\tasks\User_Feed_Synchronization-{9DE2A930-5BF7-466C-A033-6CDC69CE178C}.job [2013/03/03 10:23:00 | 000,000,830 | ---- | M] () --C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/03 10:21:00 | 000,000,884 | ---- | M] () --C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/03 09:28:08 | 000,003,792 | -H-- | M] () --C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/03 09:28:08 | 000,003,792 | -H-- | M] () --C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/03 09:21:00 | 000,000,880 | ---- | M] () --C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/02 11:28:03 | 000,067,584 | --S- | M] () --C:\Windows\bootstat.dat [2013/03/02 11:02:41 | 000,001,894 | ---- | M] () --C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/03/01 11:04:15 | 000,602,112 | ---- | M] (OldTimer Tools) --C:\Users\Owner\Desktop\OTL.exe [2013/02/28 19:47:11 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com [2013/02/26 18:09:43 | 000,000,778 | ---- | M] () --C:\Users\Public\Desktop\Origin.lnk [2013/02/25 23:27:32 | 000,000,359 | ---- | M] () --C:\Users\Owner\Desktop\Downloads.lnk [2013/02/25 16:14:39 | 000,269,944 | ---- | M] () --C:\Windows\System32\FNTCACHE.DAT [2013/02/25 10:23:41 | 000,000,250 | ---- | M] () --C:\WirelessDiagLog.csv [2013/02/24 12:03:26 | 000,001,973 | ---- | M] () --C:\Users\Public\Desktop\Google Chrome.lnk [2013/02/22 13:27:30 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe [2013/02/22 13:27:30 | 000,013,560 | ---- | M] (GFI Software) --C:\Windows\System32\drivers\gfibto.sys [2013/02/21 18:24:27 | 000,000,258 | RHS- | M] () --C:\ProgramData\ntuser.pol [2013/02/21 17:17:16 | 000,000,000 | RHS- | M] () --C:\MSDOS.SYS [2013/02/21 17:17:16 | 000,000,000 | RHS- | M] () --C:\IO.SYS [2013/02/21 14:20:58 | 000,001,831 | ---- | M] () --C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/02/21 14:20:57 | 000,002,577 | ---- | M] () --C:\Windows\System32\config.nt [2013/02/14 11:31:28 | 000,000,297 | ---- | M] () --C:\Users\Owner\Desktop\puter.lnk [2013/02/14 10:55:03 | 000,196,608 | ---- | M] () --C:\Windows\SPInstall.etl [2013/02/14 01:20:18 | 003,892,272 | ---- | M] () --C:\Users\Owner\Desktop\run this with battery in.exe [2013/02/13 20:58:30 | 000,657,684 | ---- | M] () --C:\Windows\System32\perfh009.dat [2013/02/13 20:58:30 | 000,122,714 | ---- | M] () --C:\Windows\System32\perfc009.dat [2013/02/11 21:23:40 | 000,023,125 | ---- | M] () --C:\Windows\hpqins15.dat [2 C:\Users\Owner\Documents\*.tmp files -> C:\Users\Owner\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/02 11:02:28 | 000,001,894 | ---- | C] () --C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013/03/02 11:02:26 | 000,001,804 | ---- | C] () --C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/02/26 18:09:43 | 000,000,778 | ---- | C] () --C:\Users\Public\Desktop\Origin.lnk [2013/02/25 23:27:32 | 000,000,359 | ---- | C] () --C:\Users\Owner\Desktop\Downloads.lnk [2013/02/25 10:29:53 | 000,744,740 | ---- | C] () --C:\Windows\System32\oem21.inf [2013/02/21 17:17:16 | 000,000,000 | RHS- | C] () --C:\MSDOS.SYS [2013/02/21 17:17:16 | 000,000,000 | RHS- | C] () --\MSDOS.SYS [2013/02/21 17:17:16 | 000,000,000 | RHS- | C] () --C:\IO.SYS [2013/02/21 17:17:16 | 000,000,000 | RHS- | C] () --\IO.SYS [2013/02/20 21:17:37 | 000,001,831 | ---- | C] () --C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013/02/14 11:31:28 | 000,000,297 | ---- | C] () --C:\Users\Owner\Desktop\puter.lnk [2013/02/14 10:29:27 | 000,196,608 | ---- | C] () --C:\Windows\SPInstall.etl [2013/02/14 01:20:18 | 003,892,272 | ---- | C] () --C:\Users\Owner\Desktop\run this with battery in.exe [2013/02/11 21:22:43 | 000,023,125 | ---- | C] () --C:\Windows\hpqins15.dat [2010/11/27 11:06:02 | 000,013,030 | ---- | C] () --\PDOXUSRS.NET [2008/10/12 22:18:10 | 000,000,164 | ---- | C] () --\install.dat [2008/07/30 22:58:27 | 000,000,250 | ---- | C] () --\WirelessDiagLog.csv [2008/04/18 01:45:26 | 000,000,258 | RHS- | C] () --C:\ProgramData\ntuser.pol [2008/04/18 00:22:52 | 000,024,227 | ---- | C] () --C:\Users\Owner\AppData\Roaming\UserTile.png [2008/04/17 16:39:05 | 000,000,240 | ---- | C] () --C:\Users\Owner\Window Switcher.lnk [2008/04/15 16:57:51 | 000,008,192 | R-S- | C] () --\BOOTSECT.BAK [2008/03/04 16:55:40 | 000,004,622 | RH-- | C] () --\dell.sdr [2008/03/04 15:19:18 | 000,021,469 | ---- | C] () --\newkey [2008/03/04 15:19:18 | 000,021,469 | ---- | C] () --\newfile.enc [2008/02/03 15:06:57 | 000,333,257 | RHS- | C] () --\bootmgr [2006/11/02 02:23:09 | 000,000,024 | ---- | C] () --\autoexec.bat [2006/11/01 22:25:08 | 000,000,010 | ---- | C] () --\config.sys

========== ZeroAccess Check ==========

[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () --C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll --[2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll --[2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both

========== LOP Check ==========

[2013/02/13 21:45:09 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q [2009/02/13 22:52:58 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\Amazon [2010/11/27 11:01:42 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\GetRightToGo [2009/01/30 01:58:35 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\iWin [2013/02/13 22:06:09 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\Origin [2009/01/11 01:56:21 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\ParetoLogic [2008/06/08 01:29:02 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\PeerNetworking [2013/02/14 10:48:09 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\SystemRequirementsLab [2012/09/26 21:01:40 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\TuneUp Software [2008/05/27 23:59:21 | 000,000,000 | ---D | M] --C:\Users\Owner\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: Chasing something...

Unread postby geniusless » March 3rd, 2013, 6:49 pm

Ok tried to paste it in my Gmail to send it to myself and try opening on phone and doing it there, but gmail pretty much went into a "working" state for an extended period of time. So i did an Incognito window, sent it to myself on hotmail, opened and pasted to you via phone browswer...
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: Chasing something...

Unread postby askey127 » March 4th, 2013, 7:53 pm

geniusless,
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (32-bit)
Download Mirror #2 (32-bit)

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :regfind
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\lsa /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

If you can or cannot run it, and if you can or cannot post the log, let me know. If it's a problem, try to copy and paste the last 15-20 lines or so, anyway.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Chasing something...

Unread postby geniusless » March 5th, 2013, 3:58 am

SystemLook 30.07.11 by jpshortstuff
Log created at 23:56 on 04/03/2013 by Owner
Administrator - Elevation successful

========== regfind ==========

Searching for "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\lsa /s"
No data found.

-= EOF =-
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: Chasing something...

Unread postby geniusless » March 5th, 2013, 4:05 am

TDSSKiller came up clean.

23:59:59.0537 2720 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:00:00.0010 2720 ============================================================
00:00:00.0010 2720 Current date / time: 2013/03/05 00:00:00.0010
00:00:00.0010 2720 SystemInfo:
00:00:00.0010 2720
00:00:00.0010 2720 OS Version: 6.0.6002 ServicePack: 2.0
00:00:00.0010 2720 Product type: Workstation
00:00:00.0010 2720 ComputerName: PUTER
00:00:00.0010 2720 UserName: Owner
00:00:00.0010 2720 Windows directory: C:\Windows
00:00:00.0010 2720 System windows directory: C:\Windows
00:00:00.0010 2720 Processor architecture: Intel x86
00:00:00.0011 2720 Number of processors: 2
00:00:00.0011 2720 Page size: 0x1000
00:00:00.0011 2720 Boot type: Normal boot
00:00:00.0011 2720 ============================================================
00:00:00.0536 2720 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:00:00.0536 2720 ============================================================
00:00:00.0536 2720 \Device\Harddisk0\DR0:
00:00:00.0536 2720 MBR partitions:
00:00:00.0536 2720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1400000
00:00:00.0536 2720 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1427800, BlocksNum 0x23B067F8
00:00:00.0567 2720 ============================================================
00:00:00.0676 2720 C: <-> \Device\Harddisk0\DR0\Partition2
00:00:00.0754 2720 D: <-> \Device\Harddisk0\DR0\Partition1
00:00:00.0754 2720 ============================================================
00:00:00.0754 2720 Initialize success
00:00:00.0754 2720 ============================================================
00:03:43.0780 5472 ============================================================
00:03:43.0780 5472 Scan started
00:03:43.0780 5472 Mode: Manual;
00:03:43.0780 5472 ============================================================
00:03:44.0607 5472 ================ Scan system memory ========================
00:03:44.0607 5472 System memory - ok
00:03:44.0607 5472 ================ Scan services =============================
00:03:44.0903 5472 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
00:03:44.0903 5472 ACPI - ok
00:03:45.0028 5472 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:03:45.0028 5472 AdobeARMservice - ok
00:03:45.0137 5472 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:03:45.0137 5472 AdobeFlashPlayerUpdateSvc - ok
00:03:45.0200 5472 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
00:03:45.0215 5472 adp94xx - ok
00:03:45.0246 5472 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
00:03:45.0262 5472 adpahci - ok
00:03:45.0278 5472 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
00:03:45.0278 5472 adpu160m - ok
00:03:45.0309 5472 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
00:03:45.0309 5472 adpu320 - ok
00:03:45.0340 5472 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:03:45.0340 5472 AeLookupSvc - ok
00:03:45.0402 5472 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
00:03:45.0418 5472 AFD - ok
00:03:45.0434 5472 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:03:45.0434 5472 agp440 - ok
00:03:45.0449 5472 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
00:03:45.0465 5472 aic78xx - ok
00:03:45.0496 5472 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
00:03:45.0496 5472 ALG - ok
00:03:45.0543 5472 [ 3A99CB23A2D326FD532618705D6E3048 ] aliide C:\Windows\system32\drivers\aliide.sys
00:03:45.0543 5472 aliide - ok
00:03:45.0574 5472 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
00:03:45.0574 5472 amdagp - ok
00:03:45.0574 5472 [ 4333C133DBD71C7D7FE4FB1B83F9EE3E ] amdide C:\Windows\system32\drivers\amdide.sys
00:03:45.0590 5472 amdide - ok
00:03:45.0605 5472 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
00:03:45.0605 5472 AmdK7 - ok
00:03:45.0621 5472 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
00:03:45.0621 5472 AmdK8 - ok
00:03:45.0652 5472 AntiLog32 - ok
00:03:45.0730 5472 [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
00:03:45.0730 5472 ApfiltrService - ok
00:03:45.0824 5472 [ DFAE18C675D71FD06D57DC69D2913975 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
00:03:45.0824 5472 AppHostSvc - ok
00:03:45.0855 5472 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
00:03:45.0855 5472 Appinfo - ok
00:03:45.0886 5472 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
00:03:45.0886 5472 arc - ok
00:03:45.0902 5472 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
00:03:45.0917 5472 arcsas - ok
00:03:45.0995 5472 [ 5B3562D243AE2BB76858867DCA43038D ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
00:03:45.0995 5472 aswFsBlk - ok
00:03:46.0026 5472 [ 1A4EABEE6A4809EDA17F7593E211B402 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
00:03:46.0026 5472 aswMonFlt - ok
00:03:46.0042 5472 [ 18DFC0A71F2C7AA13B2F18316AE208BB ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
00:03:46.0042 5472 AswRdr - ok
00:03:46.0073 5472 [ F9647D0C5871245F60AD743B0A10D1F1 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
00:03:46.0073 5472 aswRvrt - ok
00:03:46.0104 5472 [ 2A8E206C73D6C0AA795DF8299808AB26 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
00:03:46.0104 5472 aswSnx - ok
00:03:46.0136 5472 [ F0D5770AE7F46387AE17FF9EBB287AAC ] aswSP C:\Windows\system32\drivers\aswSP.sys
00:03:46.0151 5472 aswSP - ok
00:03:46.0167 5472 [ C75DDAE1FDD93A6C9A53DE175DC51225 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
00:03:46.0167 5472 aswTdi - ok
00:03:46.0182 5472 [ 1DCB866DDD43751164AFC01EC2C086CB ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
00:03:46.0182 5472 aswVmm - ok
00:03:46.0229 5472 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:03:46.0229 5472 AsyncMac - ok
00:03:46.0260 5472 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
00:03:46.0260 5472 atapi - ok
00:03:46.0307 5472 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:03:46.0323 5472 AudioEndpointBuilder - ok
00:03:46.0323 5472 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
00:03:46.0338 5472 Audiosrv - ok
00:03:46.0416 5472 [ AEF6E1DE647339C4990586D1DE427BBB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
00:03:46.0416 5472 avast! Antivirus - ok
00:03:46.0463 5472 [ 32795E299C3ABA589A5E04C83D531CDF ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
00:03:46.0463 5472 b57nd60x - ok
00:03:46.0479 5472 BCM42RLY - ok
00:03:46.0541 5472 [ 6AAE1042C0A572B24D2A4D6088F03392 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
00:03:46.0572 5472 BCM43XX - ok
00:03:46.0619 5472 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
00:03:46.0619 5472 Beep - ok
00:03:46.0682 5472 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
00:03:46.0682 5472 BFE - ok
00:03:46.0775 5472 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
00:03:46.0791 5472 BITS - ok
00:03:46.0791 5472 blbdrive - ok
00:03:46.0838 5472 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:03:46.0838 5472 bowser - ok
00:03:46.0884 5472 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
00:03:46.0900 5472 BrFiltLo - ok
00:03:46.0900 5472 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
00:03:46.0900 5472 BrFiltUp - ok
00:03:46.0947 5472 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
00:03:46.0947 5472 Browser - ok
00:03:46.0962 5472 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
00:03:46.0978 5472 Brserid - ok
00:03:46.0994 5472 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
00:03:46.0994 5472 BrSerWdm - ok
00:03:47.0025 5472 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
00:03:47.0025 5472 BrUsbMdm - ok
00:03:47.0056 5472 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
00:03:47.0056 5472 BrUsbSer - ok
00:03:47.0072 5472 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
00:03:47.0072 5472 BTHMODEM - ok
00:03:47.0118 5472 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:03:47.0118 5472 cdfs - ok
00:03:47.0150 5472 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:03:47.0150 5472 cdrom - ok
00:03:47.0228 5472 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
00:03:47.0228 5472 CertPropSvc - ok
00:03:47.0243 5472 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
00:03:47.0243 5472 circlass - ok
00:03:47.0274 5472 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
00:03:47.0290 5472 CLFS - ok
00:03:47.0352 5472 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:03:47.0352 5472 clr_optimization_v2.0.50727_32 - ok
00:03:47.0415 5472 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:03:47.0430 5472 clr_optimization_v4.0.30319_32 - ok
00:03:47.0477 5472 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:03:47.0477 5472 CmBatt - ok
00:03:47.0508 5472 [ DFB94A6FC3A26972B0461AB5F1D8272B ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:03:47.0508 5472 cmdide - ok
00:03:47.0540 5472 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:03:47.0555 5472 Compbatt - ok
00:03:47.0555 5472 COMSysApp - ok
00:03:47.0602 5472 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
00:03:47.0602 5472 cpudrv - ok
00:03:47.0602 5472 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
00:03:47.0602 5472 crcdisk - ok
00:03:47.0618 5472 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
00:03:47.0618 5472 Crusoe - ok
00:03:47.0680 5472 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:03:47.0680 5472 CryptSvc - ok
00:03:47.0727 5472 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:03:47.0742 5472 DcomLaunch - ok
00:03:47.0789 5472 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:03:47.0789 5472 DfsC - ok
00:03:47.0914 5472 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
00:03:47.0961 5472 DFSR - ok
00:03:48.0023 5472 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
00:03:48.0023 5472 Dhcp - ok
00:03:48.0070 5472 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
00:03:48.0070 5472 disk - ok
00:03:48.0101 5472 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:03:48.0117 5472 Dnscache - ok
00:03:48.0148 5472 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:03:48.0148 5472 dot3svc - ok
00:03:48.0226 5472 [ 57B2D433A08B95E4F1B53A919937F3E5 ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
00:03:48.0242 5472 Dot4 - ok
00:03:48.0288 5472 [ D93FA484BB62FBE7E5EF335C5415D3CF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:03:48.0288 5472 Dot4Print - ok
00:03:48.0304 5472 [ 599742C4260FB3E8EDB3BE148B8CE856 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
00:03:48.0304 5472 dot4usb - ok
00:03:48.0351 5472 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
00:03:48.0366 5472 DPS - ok
00:03:48.0398 5472 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:03:48.0398 5472 drmkaud - ok
00:03:48.0460 5472 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:03:48.0476 5472 DXGKrnl - ok
00:03:48.0507 5472 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
00:03:48.0507 5472 E1G60 - ok
00:03:48.0554 5472 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
00:03:48.0554 5472 EapHost - ok
00:03:48.0600 5472 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
00:03:48.0616 5472 Ecache - ok
00:03:48.0678 5472 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:03:48.0678 5472 ehRecvr - ok
00:03:48.0725 5472 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
00:03:48.0725 5472 ehSched - ok
00:03:48.0741 5472 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
00:03:48.0741 5472 ehstart - ok
00:03:48.0772 5472 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
00:03:48.0788 5472 elxstor - ok
00:03:48.0834 5472 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
00:03:48.0834 5472 EMDMgmt - ok
00:03:48.0897 5472 esgiguard - ok
00:03:48.0944 5472 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
00:03:48.0959 5472 EventSystem - ok
00:03:49.0006 5472 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
00:03:49.0006 5472 exfat - ok
00:03:49.0037 5472 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:03:49.0053 5472 fastfat - ok
00:03:49.0068 5472 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:03:49.0068 5472 fdc - ok
00:03:49.0100 5472 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
00:03:49.0100 5472 fdPHost - ok
00:03:49.0146 5472 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
00:03:49.0146 5472 FDResPub - ok
00:03:49.0178 5472 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:03:49.0178 5472 FileInfo - ok
00:03:49.0193 5472 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:03:49.0209 5472 Filetrace - ok
00:03:49.0224 5472 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:03:49.0224 5472 flpydisk - ok
00:03:49.0302 5472 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:03:49.0302 5472 FltMgr - ok
00:03:49.0396 5472 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
00:03:49.0412 5472 FontCache - ok
00:03:49.0490 5472 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:03:49.0490 5472 FontCache3.0.0.0 - ok
00:03:49.0521 5472 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:03:49.0536 5472 Fs_Rec - ok
00:03:49.0552 5472 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
00:03:49.0552 5472 gagp30kx - ok
00:03:49.0583 5472 [ 483924F92E55A5F9423201EC635E2CED ] gfibto C:\Windows\system32\drivers\gfibto.sys
00:03:49.0583 5472 gfibto - ok
00:03:49.0630 5472 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
00:03:49.0646 5472 gpsvc - ok
00:03:49.0755 5472 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
00:03:49.0755 5472 gupdate - ok
00:03:49.0786 5472 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:03:49.0786 5472 gupdatem - ok
00:03:49.0833 5472 [ 1BF044E23206FDDC16891A32922D571B ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:03:49.0833 5472 gusvc - ok
00:03:49.0895 5472 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:03:49.0895 5472 HdAudAddService - ok
00:03:49.0942 5472 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:03:49.0958 5472 HDAudBus - ok
00:03:49.0973 5472 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
00:03:49.0989 5472 HidBth - ok
00:03:50.0004 5472 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
00:03:50.0004 5472 HidIr - ok
00:03:50.0051 5472 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
00:03:50.0051 5472 hidserv - ok
00:03:50.0082 5472 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:03:50.0082 5472 HidUsb - ok
00:03:50.0129 5472 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:03:50.0129 5472 hkmsvc - ok
00:03:50.0145 5472 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
00:03:50.0145 5472 HpCISSs - ok
00:03:50.0238 5472 [ 38D6B51F04DEF7FB248FA56E4C47407E ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
00:03:50.0238 5472 hpqcxs08 - ok
00:03:50.0270 5472 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
00:03:50.0270 5472 HSFHWAZL - ok
00:03:50.0316 5472 [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
00:03:50.0332 5472 HSF_DPV - ok
00:03:50.0363 5472 HSXHWAZL - ok
00:03:50.0410 5472 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:03:50.0410 5472 HTTP - ok
00:03:50.0426 5472 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
00:03:50.0441 5472 i2omp - ok
00:03:50.0488 5472 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
00:03:50.0504 5472 i8042prt - ok
00:03:50.0550 5472 [ F4037A3FEDB92DD97C95F320766EA5C9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:03:50.0566 5472 iaStor - ok
00:03:50.0613 5472 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
00:03:50.0628 5472 IAStorDataMgrSvc - ok
00:03:50.0644 5472 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
00:03:50.0644 5472 iaStorV - ok
00:03:50.0722 5472 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:03:50.0738 5472 idsvc - ok
00:03:50.0831 5472 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
00:03:50.0862 5472 igfx - ok
00:03:50.0878 5472 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
00:03:50.0878 5472 iirsp - ok
00:03:50.0925 5472 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
00:03:50.0925 5472 IKEEXT - ok
00:03:50.0972 5472 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
00:03:50.0972 5472 intelide - ok
00:03:51.0003 5472 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:03:51.0003 5472 intelppm - ok
00:03:51.0034 5472 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:03:51.0034 5472 IPBusEnum - ok
00:03:51.0096 5472 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:03:51.0096 5472 IpFilterDriver - ok
00:03:51.0128 5472 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:03:51.0143 5472 iphlpsvc - ok
00:03:51.0143 5472 IpInIp - ok
00:03:51.0159 5472 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
00:03:51.0174 5472 IPMIDRV - ok
00:03:51.0206 5472 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
00:03:51.0206 5472 IPNAT - ok
00:03:51.0237 5472 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:03:51.0237 5472 IRENUM - ok
00:03:51.0252 5472 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:03:51.0252 5472 isapnp - ok
00:03:51.0299 5472 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
00:03:51.0299 5472 iScsiPrt - ok
00:03:51.0315 5472 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
00:03:51.0315 5472 iteatapi - ok
00:03:51.0346 5472 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
00:03:51.0346 5472 iteraid - ok
00:03:51.0377 5472 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:03:51.0377 5472 kbdclass - ok
00:03:51.0408 5472 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
00:03:51.0408 5472 kbdhid - ok
00:03:51.0455 5472 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
00:03:51.0455 5472 KeyIso - ok
00:03:51.0502 5472 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:03:51.0518 5472 KSecDD - ok
00:03:51.0564 5472 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
00:03:51.0564 5472 KtmRm - ok
00:03:51.0611 5472 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
00:03:51.0611 5472 LanmanServer - ok
00:03:51.0658 5472 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:03:51.0658 5472 LanmanWorkstation - ok
00:03:51.0689 5472 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:03:51.0689 5472 lltdio - ok
00:03:51.0705 5472 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:03:51.0720 5472 lltdsvc - ok
00:03:51.0752 5472 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:03:51.0767 5472 lmhosts - ok
00:03:51.0783 5472 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
00:03:51.0783 5472 LSI_FC - ok
00:03:51.0814 5472 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
00:03:51.0814 5472 LSI_SAS - ok
00:03:51.0845 5472 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
00:03:51.0861 5472 LSI_SCSI - ok
00:03:51.0892 5472 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
00:03:51.0892 5472 luafv - ok
00:03:51.0923 5472 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:03:51.0939 5472 Mcx2Svc - ok
00:03:51.0939 5472 mdmxsdk - ok
00:03:51.0970 5472 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
00:03:51.0970 5472 megasas - ok
00:03:52.0001 5472 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
00:03:52.0001 5472 MMCSS - ok
00:03:52.0032 5472 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
00:03:52.0032 5472 Modem - ok
00:03:52.0079 5472 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:03:52.0079 5472 monitor - ok
00:03:52.0110 5472 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:03:52.0110 5472 mouclass - ok
00:03:52.0157 5472 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:03:52.0157 5472 mouhid - ok
00:03:52.0173 5472 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
00:03:52.0173 5472 MountMgr - ok
00:03:52.0204 5472 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
00:03:52.0204 5472 mpio - ok
00:03:52.0235 5472 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:03:52.0235 5472 mpsdrv - ok
00:03:52.0298 5472 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
00:03:52.0313 5472 MpsSvc - ok
00:03:52.0329 5472 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
00:03:52.0329 5472 Mraid35x - ok
00:03:52.0360 5472 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:03:52.0360 5472 MRxDAV - ok
00:03:52.0407 5472 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:03:52.0407 5472 mrxsmb - ok
00:03:52.0422 5472 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:03:52.0438 5472 mrxsmb10 - ok
00:03:52.0438 5472 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:03:52.0454 5472 mrxsmb20 - ok
00:03:52.0485 5472 [ F0EC3A4E0693A34B148723B4DA31668C ] msahci C:\Windows\system32\drivers\msahci.sys
00:03:52.0485 5472 msahci - ok
00:03:52.0500 5472 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:03:52.0516 5472 msdsm - ok
00:03:52.0532 5472 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
00:03:52.0532 5472 MSDTC - ok
00:03:52.0563 5472 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:03:52.0563 5472 Msfs - ok
00:03:52.0594 5472 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:03:52.0594 5472 msisadrv - ok
00:03:52.0625 5472 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:03:52.0641 5472 MSiSCSI - ok
00:03:52.0641 5472 msiserver - ok
00:03:52.0672 5472 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:03:52.0672 5472 MSKSSRV - ok
00:03:52.0703 5472 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:03:52.0703 5472 MSPCLOCK - ok
00:03:52.0719 5472 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:03:52.0734 5472 MSPQM - ok
00:03:52.0781 5472 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:03:52.0781 5472 MsRPC - ok
00:03:52.0797 5472 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
00:03:52.0797 5472 mssmbios - ok
00:03:52.0828 5472 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:03:52.0828 5472 MSTEE - ok
00:03:52.0844 5472 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
00:03:52.0844 5472 Mup - ok
00:03:52.0875 5472 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
00:03:52.0890 5472 napagent - ok
00:03:52.0937 5472 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:03:52.0937 5472 NativeWifiP - ok
00:03:52.0984 5472 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:03:53.0000 5472 NDIS - ok
00:03:53.0015 5472 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:03:53.0031 5472 NdisTapi - ok
00:03:53.0046 5472 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:03:53.0046 5472 Ndisuio - ok
00:03:53.0078 5472 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:03:53.0093 5472 NdisWan - ok
00:03:53.0109 5472 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:03:53.0109 5472 NDProxy - ok
00:03:53.0156 5472 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:03:53.0156 5472 Net Driver HPZ12 - ok
00:03:53.0171 5472 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:03:53.0171 5472 NetBIOS - ok
00:03:53.0218 5472 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
00:03:53.0218 5472 netbt - ok
00:03:53.0234 5472 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
00:03:53.0234 5472 Netlogon - ok
00:03:53.0265 5472 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
00:03:53.0265 5472 Netman - ok
00:03:53.0312 5472 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
00:03:53.0327 5472 netprofm - ok
00:03:53.0358 5472 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:03:53.0358 5472 NetTcpPortSharing - ok
00:03:53.0390 5472 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
00:03:53.0390 5472 nfrd960 - ok
00:03:53.0405 5472 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:03:53.0421 5472 NlaSvc - ok
00:03:53.0452 5472 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:03:53.0452 5472 Npfs - ok
00:03:53.0483 5472 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
00:03:53.0499 5472 nsi - ok
00:03:53.0499 5472 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:03:53.0499 5472 nsiproxy - ok
00:03:53.0561 5472 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:03:53.0592 5472 Ntfs - ok
00:03:53.0608 5472 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
00:03:53.0608 5472 ntrigdigi - ok
00:03:53.0624 5472 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
00:03:53.0624 5472 Null - ok
00:03:53.0655 5472 [ 6F785DB62A6D8F3FAFD3E5695277E849 ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:03:53.0655 5472 nvraid - ok
00:03:53.0670 5472 [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:03:53.0670 5472 nvstor - ok
00:03:53.0702 5472 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:03:53.0702 5472 nv_agp - ok
00:03:53.0702 5472 NwlnkFlt - ok
00:03:53.0717 5472 NwlnkFwd - ok
00:03:53.0826 5472 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:03:53.0842 5472 odserv - ok
00:03:53.0873 5472 [ 4DB21D44FE49614E3A85E5C07EF09397 ] OEM02Dev C:\Windows\system32\DRIVERS\OEM02Dev.sys
00:03:53.0873 5472 OEM02Dev - ok
00:03:53.0920 5472 [ 86326062A90494BDD79CE383511D7D69 ] OEM02Vfx C:\Windows\system32\DRIVERS\OEM02Vfx.sys
00:03:53.0920 5472 OEM02Vfx - ok
00:03:53.0967 5472 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
00:03:53.0967 5472 ohci1394 - ok
00:03:54.0014 5472 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:03:54.0014 5472 ose - ok
00:03:54.0076 5472 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
00:03:54.0092 5472 p2pimsvc - ok
00:03:54.0107 5472 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
00:03:54.0123 5472 p2psvc - ok
00:03:54.0138 5472 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
00:03:54.0138 5472 Parport - ok
00:03:54.0185 5472 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:03:54.0185 5472 partmgr - ok
00:03:54.0201 5472 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
00:03:54.0201 5472 Parvdm - ok
00:03:54.0248 5472 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
00:03:54.0248 5472 PcaSvc - ok
00:03:54.0279 5472 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
00:03:54.0279 5472 pci - ok
00:03:54.0310 5472 [ 20B869152448F80AC49CF10264E91F5E ] pciide C:\Windows\system32\drivers\pciide.sys
00:03:54.0310 5472 pciide - ok
00:03:54.0326 5472 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
00:03:54.0341 5472 pcmcia - ok
00:03:54.0388 5472 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:03:54.0404 5472 PEAUTH - ok
00:03:54.0497 5472 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
00:03:54.0528 5472 pla - ok
00:03:54.0575 5472 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:03:54.0591 5472 PlugPlay - ok
00:03:54.0638 5472 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:03:54.0638 5472 Pml Driver HPZ12 - ok
00:03:54.0669 5472 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
00:03:54.0684 5472 PNRPAutoReg - ok
00:03:54.0700 5472 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
00:03:54.0700 5472 PNRPsvc - ok
00:03:54.0747 5472 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:03:54.0762 5472 PolicyAgent - ok
00:03:54.0809 5472 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:03:54.0809 5472 PptpMiniport - ok
00:03:54.0840 5472 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
00:03:54.0840 5472 Processor - ok
00:03:54.0887 5472 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
00:03:54.0887 5472 ProfSvc - ok
00:03:54.0903 5472 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
00:03:54.0903 5472 ProtectedStorage - ok
00:03:54.0934 5472 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
00:03:54.0950 5472 PSched - ok
00:03:54.0996 5472 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
00:03:55.0012 5472 ql2300 - ok
00:03:55.0028 5472 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
00:03:55.0043 5472 ql40xx - ok
00:03:55.0074 5472 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
00:03:55.0074 5472 QWAVE - ok
00:03:55.0106 5472 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:03:55.0106 5472 QWAVEdrv - ok
00:03:55.0168 5472 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
00:03:55.0184 5472 RapiMgr - ok
00:03:55.0215 5472 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:03:55.0215 5472 RasAcd - ok
00:03:55.0246 5472 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
00:03:55.0246 5472 RasAuto - ok
00:03:55.0293 5472 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:03:55.0293 5472 Rasl2tp - ok
00:03:55.0340 5472 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
00:03:55.0340 5472 RasMan - ok
00:03:55.0371 5472 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:03:55.0371 5472 RasPppoe - ok
00:03:55.0418 5472 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:03:55.0418 5472 RasSstp - ok
00:03:55.0464 5472 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:03:55.0464 5472 rdbss - ok
00:03:55.0496 5472 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:03:55.0496 5472 RDPCDD - ok
00:03:55.0527 5472 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
00:03:55.0527 5472 rdpdr - ok
00:03:55.0542 5472 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:03:55.0558 5472 RDPENCDD - ok
00:03:55.0605 5472 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:03:55.0605 5472 RDPWD - ok
00:03:55.0652 5472 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:03:55.0652 5472 RemoteAccess - ok
00:03:55.0683 5472 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:03:55.0698 5472 RemoteRegistry - ok
00:03:55.0730 5472 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
00:03:55.0730 5472 rimmptsk - ok
00:03:55.0761 5472 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
00:03:55.0761 5472 rimsptsk - ok
00:03:55.0792 5472 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
00:03:55.0792 5472 rismxdp - ok
00:03:55.0823 5472 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
00:03:55.0823 5472 RpcLocator - ok
00:03:55.0854 5472 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
00:03:55.0870 5472 RpcSs - ok
00:03:55.0901 5472 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:03:55.0901 5472 rspndr - ok
00:03:55.0901 5472 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
00:03:55.0917 5472 SamSs - ok
00:03:55.0932 5472 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:03:55.0932 5472 sbp2port - ok
00:03:55.0995 5472 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:03:55.0995 5472 SCardSvr - ok
00:03:56.0042 5472 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
00:03:56.0057 5472 Schedule - ok
00:03:56.0073 5472 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
00:03:56.0073 5472 SCPolicySvc - ok
00:03:56.0104 5472 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
00:03:56.0104 5472 sdbus - ok
00:03:56.0151 5472 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:03:56.0151 5472 SDRSVC - ok
00:03:56.0166 5472 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:03:56.0166 5472 secdrv - ok
00:03:56.0213 5472 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
00:03:56.0213 5472 seclogon - ok
00:03:56.0244 5472 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
00:03:56.0260 5472 SENS - ok
00:03:56.0276 5472 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
00:03:56.0276 5472 Serenum - ok
00:03:56.0307 5472 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
00:03:56.0307 5472 Serial - ok
00:03:56.0338 5472 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
00:03:56.0338 5472 sermouse - ok
00:03:56.0385 5472 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
00:03:56.0400 5472 SessionEnv - ok
00:03:56.0478 5472 [ D2011B82D023FD65A4495FAD90B71F35 ] SfCtlCom C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
00:03:56.0478 5472 SfCtlCom - ok
00:03:56.0525 5472 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
00:03:56.0525 5472 sffdisk - ok
00:03:56.0525 5472 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:03:56.0541 5472 sffp_mmc - ok
00:03:56.0556 5472 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
00:03:56.0556 5472 sffp_sd - ok
00:03:56.0572 5472 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
00:03:56.0572 5472 sfloppy - ok
00:03:56.0619 5472 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:03:56.0634 5472 SharedAccess - ok
00:03:56.0666 5472 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:03:56.0681 5472 ShellHWDetection - ok
00:03:56.0697 5472 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
00:03:56.0712 5472 sisagp - ok
00:03:56.0728 5472 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
00:03:56.0728 5472 SiSRaid2 - ok
00:03:56.0744 5472 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
00:03:56.0744 5472 SiSRaid4 - ok
00:03:56.0915 5472 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
00:03:56.0993 5472 slsvc - ok
00:03:57.0040 5472 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
00:03:57.0040 5472 SLUINotify - ok
00:03:57.0087 5472 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:03:57.0087 5472 Smb - ok
00:03:57.0134 5472 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:03:57.0149 5472 SNMPTRAP - ok
00:03:57.0180 5472 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
00:03:57.0180 5472 spldr - ok
00:03:57.0227 5472 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
00:03:57.0227 5472 Spooler - ok
00:03:57.0274 5472 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
00:03:57.0274 5472 srv - ok
00:03:57.0321 5472 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:03:57.0321 5472 srv2 - ok
00:03:57.0352 5472 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:03:57.0368 5472 srvnet - ok
00:03:57.0383 5472 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:03:57.0399 5472 SSDPSRV - ok
00:03:57.0430 5472 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:03:57.0446 5472 SstpSvc - ok
00:03:57.0477 5472 [ B218068EBA6F46F102B4218BDB81BE0B ] STacSV C:\Windows\system32\STacSV.exe
00:03:57.0492 5472 STacSV - ok
00:03:57.0539 5472 [ 167909A1C36AA3E8F2582962F0CCC748 ] STHDA C:\Windows\system32\drivers\stwrt.sys
00:03:57.0555 5472 STHDA - ok
00:03:57.0602 5472 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
00:03:57.0617 5472 stisvc - ok
00:03:57.0633 5472 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
00:03:57.0648 5472 swenum - ok
00:03:57.0695 5472 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
00:03:57.0711 5472 swprv - ok
00:03:57.0742 5472 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
00:03:57.0742 5472 Symc8xx - ok
00:03:57.0758 5472 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
00:03:57.0773 5472 Sym_hi - ok
00:03:57.0789 5472 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
00:03:57.0789 5472 Sym_u3 - ok
00:03:57.0836 5472 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
00:03:57.0851 5472 SysMain - ok
00:03:57.0882 5472 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:03:57.0898 5472 TabletInputService - ok
00:03:57.0976 5472 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:03:57.0976 5472 TapiSrv - ok
00:03:58.0023 5472 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
00:03:58.0023 5472 TBS - ok
00:03:58.0085 5472 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:03:58.0101 5472 Tcpip - ok
00:03:58.0132 5472 [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
00:03:58.0132 5472 Tcpip6 - ok
00:03:58.0163 5472 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:03:58.0179 5472 tcpipreg - ok
00:03:58.0210 5472 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:03:58.0210 5472 TDPIPE - ok
00:03:58.0241 5472 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:03:58.0241 5472 TDTCP - ok
00:03:58.0272 5472 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:03:58.0272 5472 tdx - ok
00:03:58.0288 5472 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
00:03:58.0304 5472 TermDD - ok
00:03:58.0397 5472 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
00:03:58.0413 5472 TermService - ok
00:03:58.0444 5472 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
00:03:58.0444 5472 Themes - ok
00:03:58.0475 5472 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
00:03:58.0475 5472 THREADORDER - ok
00:03:58.0538 5472 [ 01725DECC55E65258297F4D703E14C58 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
00:03:58.0538 5472 tmactmon - ok
00:03:58.0600 5472 [ 86F5745E7BB6BB34E597B4428066956D ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
00:03:58.0600 5472 TMBMServer - ok
00:03:58.0616 5472 [ 1F6BB0D481B6907587350009CF958ED6 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
00:03:58.0631 5472 tmcomm - ok
00:03:58.0647 5472 [ 141A25DCEEC66C5286EEDC4FAAE8BB11 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
00:03:58.0647 5472 tmevtmgr - ok
00:03:58.0678 5472 [ 0C89809F1DF614BD42093A446B222A32 ] tmpreflt C:\Windows\system32\DRIVERS\tmpreflt.sys
00:03:58.0694 5472 tmpreflt - ok
00:03:58.0725 5472 [ 2EB707EFF38045789E4A7A16C09BC36A ] tmproxy C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
00:03:58.0740 5472 tmproxy - ok
00:03:58.0772 5472 [ C9B16B4F9F063B527CDDBB76FB946DFD ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
00:03:58.0772 5472 tmtdi - ok
00:03:58.0787 5472 [ 3D473E97FF805DAB903AA66F08286C90 ] tmxpflt C:\Windows\system32\DRIVERS\tmxpflt.sys
00:03:58.0787 5472 tmxpflt - ok
00:03:58.0818 5472 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
00:03:58.0834 5472 TrkWks - ok
00:03:58.0896 5472 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:03:58.0896 5472 TrustedInstaller - ok
00:03:58.0928 5472 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:03:58.0928 5472 tssecsrv - ok
00:03:58.0990 5472 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
00:03:58.0990 5472 tunmp - ok
00:03:59.0006 5472 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:03:59.0006 5472 tunnel - ok
00:03:59.0037 5472 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
00:03:59.0037 5472 uagp35 - ok
00:03:59.0084 5472 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:03:59.0084 5472 udfs - ok
00:03:59.0130 5472 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:03:59.0130 5472 UI0Detect - ok
00:03:59.0146 5472 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:03:59.0162 5472 uliagpkx - ok
00:03:59.0177 5472 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
00:03:59.0177 5472 uliahci - ok
00:03:59.0208 5472 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
00:03:59.0208 5472 UlSata - ok
00:03:59.0224 5472 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
00:03:59.0240 5472 ulsata2 - ok
00:03:59.0271 5472 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
00:03:59.0271 5472 umbus - ok
00:03:59.0302 5472 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
00:03:59.0318 5472 upnphost - ok
00:03:59.0380 5472 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
00:03:59.0396 5472 usbaudio - ok
00:03:59.0427 5472 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:03:59.0427 5472 usbccgp - ok
00:03:59.0442 5472 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:03:59.0442 5472 usbcir - ok
00:03:59.0489 5472 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:03:59.0489 5472 usbehci - ok
00:03:59.0505 5472 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:03:59.0520 5472 usbhub - ok
00:03:59.0536 5472 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:03:59.0536 5472 usbohci - ok
00:03:59.0567 5472 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:03:59.0567 5472 usbprint - ok
00:03:59.0598 5472 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:03:59.0598 5472 usbscan - ok
00:03:59.0614 5472 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:03:59.0614 5472 USBSTOR - ok
00:03:59.0661 5472 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
00:03:59.0661 5472 usbuhci - ok
00:03:59.0708 5472 [ 0A6B81F01BC86399482E27E6FDA7B33B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
00:03:59.0708 5472 usbvideo - ok
00:03:59.0754 5472 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
00:03:59.0754 5472 usb_rndisx - ok
00:03:59.0786 5472 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
00:03:59.0786 5472 UxSms - ok
00:03:59.0832 5472 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
00:03:59.0848 5472 vds - ok
00:03:59.0879 5472 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:03:59.0879 5472 vga - ok
00:03:59.0910 5472 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
00:03:59.0910 5472 VgaSave - ok
00:03:59.0942 5472 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
00:03:59.0942 5472 viaagp - ok
00:03:59.0957 5472 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
00:03:59.0957 5472 ViaC7 - ok
00:03:59.0988 5472 [ 58C8D5AC5C3EEF40E7E704A5CED7987D ] viaide C:\Windows\system32\drivers\viaide.sys
00:03:59.0988 5472 viaide - ok
00:04:00.0020 5472 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:04:00.0020 5472 volmgr - ok
00:04:00.0051 5472 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:04:00.0066 5472 volmgrx - ok
00:04:00.0098 5472 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:04:00.0098 5472 volsnap - ok
00:04:00.0176 5472 [ 50E1EA1DD3EA74919D7A1C5D6C9C0B56 ] vsapint C:\Windows\system32\DRIVERS\vsapint.sys
00:04:00.0191 5472 vsapint - ok
00:04:00.0207 5472 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
00:04:00.0207 5472 vsmraid - ok
00:04:00.0269 5472 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
00:04:00.0300 5472 VSS - ok
00:04:00.0347 5472 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
00:04:00.0347 5472 W32Time - ok
00:04:00.0534 5472 [ 9CA92191C8F18E8B491A5B28E63C07B7 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
00:04:00.0534 5472 W3SVC - ok
00:04:00.0566 5472 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
00:04:00.0566 5472 WacomPen - ok
00:04:00.0597 5472 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
00:04:00.0597 5472 Wanarp - ok
00:04:00.0612 5472 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:04:00.0612 5472 Wanarpv6 - ok
00:04:00.0628 5472 [ 9CA92191C8F18E8B491A5B28E63C07B7 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
00:04:00.0628 5472 WAS - ok
00:04:00.0675 5472 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
00:04:00.0675 5472 WcesComm - ok
00:04:00.0722 5472 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:04:00.0737 5472 wcncsvc - ok
00:04:00.0768 5472 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:04:00.0784 5472 WcsPlugInService - ok
00:04:00.0784 5472 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
00:04:00.0800 5472 Wd - ok
00:04:00.0846 5472 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:04:00.0846 5472 Wdf01000 - ok
00:04:00.0893 5472 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:04:00.0893 5472 WdiServiceHost - ok
00:04:00.0893 5472 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:04:00.0909 5472 WdiSystemHost - ok
00:04:00.0940 5472 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
00:04:00.0956 5472 WebClient - ok
00:04:00.0987 5472 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:04:01.0002 5472 Wecsvc - ok
00:04:01.0034 5472 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:04:01.0034 5472 wercplsupport - ok
00:04:01.0080 5472 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
00:04:01.0080 5472 WerSvc - ok
00:04:01.0112 5472 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
00:04:01.0127 5472 winachsf - ok
00:04:01.0190 5472 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
00:04:01.0205 5472 WinDefend - ok
00:04:01.0205 5472 WinHttpAutoProxySvc - ok
00:04:01.0268 5472 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:04:01.0268 5472 Winmgmt - ok
00:04:01.0330 5472 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
00:04:01.0361 5472 WinRM - ok
00:04:01.0424 5472 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
00:04:01.0424 5472 WinUSB - ok
00:04:01.0470 5472 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
00:04:01.0486 5472 Wlansvc - ok
00:04:01.0548 5472 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
00:04:01.0564 5472 WLSetupSvc - ok
00:04:01.0564 5472 wltrysvc - ok
00:04:01.0595 5472 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
00:04:01.0595 5472 WmiAcpi - ok
00:04:01.0642 5472 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:04:01.0642 5472 wmiApSrv - ok
00:04:01.0736 5472 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
00:04:01.0751 5472 WMPNetworkSvc - ok
00:04:01.0814 5472 [ 017695393AFFFED8DE58ABD1B085BE6D ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
00:04:01.0814 5472 WMZuneComm - ok
00:04:01.0845 5472 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:04:01.0845 5472 WPCSvc - ok
00:04:01.0907 5472 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:04:01.0907 5472 WPDBusEnum - ok
00:04:01.0970 5472 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
00:04:01.0985 5472 WpdUsb - ok
00:04:02.0094 5472 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:04:02.0110 5472 WPFFontCache_v0400 - ok
00:04:02.0141 5472 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:04:02.0141 5472 ws2ifsl - ok
00:04:02.0172 5472 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
00:04:02.0188 5472 wscsvc - ok
00:04:02.0188 5472 WSearch - ok
00:04:02.0282 5472 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
00:04:02.0328 5472 wuauserv - ok
00:04:02.0360 5472 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:04:02.0375 5472 WudfPf - ok
00:04:02.0438 5472 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:04:02.0438 5472 WUDFRd - ok
00:04:02.0469 5472 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:04:02.0484 5472 wudfsvc - ok
00:04:02.0484 5472 XAudio - ok
00:04:02.0531 5472 [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
00:04:02.0547 5472 XAudioService - ok
00:04:02.0718 5472 [ 1076DF9ADE4E13EA3BF39D2165AEB903 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
00:04:02.0890 5472 ZuneNetworkSvc - ok
00:04:02.0937 5472 [ DE1CDB333A402B279F04D627122FA08E ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
00:04:02.0952 5472 ZuneWlanCfgSvc - ok
00:04:02.0984 5472 ================ Scan global ===============================
00:04:03.0030 5472 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
00:04:03.0062 5472 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
00:04:03.0093 5472 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
00:04:03.0124 5472 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
00:04:03.0140 5472 [Global] - ok
00:04:03.0140 5472 ================ Scan MBR ==================================
00:04:03.0155 5472 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
00:04:03.0545 5472 \Device\Harddisk0\DR0 - ok
00:04:03.0545 5472 ================ Scan VBR ==================================
00:04:03.0576 5472 [ A4F7204DF51B7752C39B23E91E48E01D ] \Device\Harddisk0\DR0\Partition1
00:04:03.0576 5472 \Device\Harddisk0\DR0\Partition1 - ok
00:04:03.0592 5472 [ EE83C5C80663FAF461656B4CE6EA12D3 ] \Device\Harddisk0\DR0\Partition2
00:04:03.0592 5472 \Device\Harddisk0\DR0\Partition2 - ok
00:04:03.0592 5472 ============================================================
00:04:03.0592 5472 Scan finished
00:04:03.0592 5472 ============================================================
00:04:03.0608 3888 Detected object count: 0
00:04:03.0608 3888 Actual detected object count: 0
00:04:35.0026 5776 Deinitialize success
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: Chasing something...

Unread postby askey127 » March 5th, 2013, 8:16 pm

Download MbrScan from here: http://eric71.geekstogo.com/tools/MbrScan.exe
Suggest saving it to your desktop
Right click the icon and "Run as administrator" (Just double-click it in Windows XP)
When it comes up hit Scan only once. Wait for it to fill in some numbers in the grid.
Click "Report" and in a few minutes it will pop up a text report and save it as filename "MBRScan.log" in the same folder as MBRScan.exe
Please post the contents of the report, named MBRScan.log, in your reply.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Chasing something...

Unread postby geniusless » March 5th, 2013, 10:23 pm

Code: Select all
MBRScan v1.1.1

OS             : Windows Vista Service Pack 2 (32 bit)
PROCESSOR      : x86 Family 6 Model 15 Stepping 13, GenuineIntel
BOOT           : Normal Boot
DATE           : 2013/03/05 (ISO 8601) at 18:22:11
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __SAMSUNG HM320JI (2SS0)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	298.1 Go  [Fixed] ==> Vista MBR Code .

MBR_MD5   : 3D85A0B020B9058FF75132F8D150E582
MBR_SHA1  : 157B526569CC3E1905CF32CDFE5DBB176EA29CC9

Device\Harddisk0\Partition1	78.41 Mo  	0xDE Dell Utility 
Device\Harddisk0\Partition2	10.00 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition3	285.5 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition4	2.50 Go  	0xDD 0xDD 
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
ADDRESS : 0x8BE0D000
SIZE    : 1.00 Mo

SystemStartOptions : /NOEXECUTE=OPTOUT

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 10 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1E FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 0F 85 0C 00 80 7E 00 80 0F 84 8A 00 B2 80   N......~......².
0x000000B0   EB 82 55 32 E4 8A 56 00 CD 13 5D EB 9C 81 3E FE   ë.U2ä.V.Í.]ë..>þ
0x000000C0   7D 55 AA 75 6E FF 76 00 E8 8A 00 0F 85 15 00 B0   }Uªun.v.è......°
0x000000D0   D1 E6 64 E8 7F 00 B0 DF E6 60 E8 78 00 B0 FF E6   Ñædè..°ßæ`èx.°.æ
0x000000E0   64 E8 71 00 B8 00 BB CD 1A 66 23 C0 75 3B 66 81   dèq.¸.»Í.f#Àu;f.
0x000000F0   FB 54 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07   ûTCPAu2.ù..r,fh.
0x00000100   BB 00 00 66 68 00 02 00 00 66 68 08 00 00 00 66   »..fh....fh....f
0x00000110   53 66 53 66 55 66 68 00 00 00 00 66 68 00 7C 00   SfSfUfh....fh.|.
0x00000120   00 66 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00   .fah...Í.Z2öê.|.
0x00000130   00 CD 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07   .Í..·.ë..¶.ë..µ.
0x00000140   32 E4 05 00 07 8B F0 AC 3C 00 74 FC BB 07 00 B4   2ä....ð¬<.tü»..´
0x00000150   0E CD 10 EB F2 2B C9 E4 64 EB 00 24 02 E0 F8 24   .Í.ëò+Éädë.$.àø$
0x00000160   02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 74   .ÃInvalid partit
0x00000170   69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 20   ion table.Error 
0x00000180   6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E   loading operatin
0x00000190   67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E 67   g system.Missing
0x000001A0   20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65    operating syste
0x000001B0   6D 00 00 00 00 62 7A 99 00 00 00 18 00 00 00 01   m....bz.........
0x000001C0   01 00 DE FE 3F 09 3F 00 00 00 4B 73 02 00 00 12   ..Þþ?.?...Ks....
0x000001D0   09 0A 07 FE FF FF 00 78 02 00 00 00 40 01 80 FE   ...þ...x....@..þ
0x000001E0   FF FF 07 FE FF FF 00 78 42 01 F8 67 B0 23 00 FE   ...þ...xB.øg°#.þ
0x000001F0   FF FF 0F FE FF FF 00 E0 F2 24 00 00 50 00 55 AA   ...þ...àò$..P.Uª
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: Chasing something...

Unread postby askey127 » March 6th, 2013, 5:24 pm

geniusless,
-----------------------------------------------------------
Download MGA Diagnostic Tool to your Desktop.
  • Double click MGADiag.exe to launch the programme.
  • Click Continue and let the scan run.
  • When finished it will have created a log.
  • Click Copy.
  • Next open Notepad.
    • Click Start > Run type Notepad click OK.
    • This will open an empty Notepad file.
    • Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
    • Save the file to your Desktop.
  • Close MGA Diagnostic Tool.
  • Copy/Paste the Notepad log you just made in your next reply please.
--------------------------------------------------------
WVCheck
Please go to WVCheck.exe. Save it to your Desktop.
  • Double click WVCheck.exe, to run the process.
  • Read the comments on the screen... then press Enter.
    The scan can take a while, depending on the size of your hard drive.
  • Once the program is done, Notepad will open with the scan report. Save the report to your Desktop.
  • Please copy and paste the contents of the Notepad scan report in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Chasing something...

Unread postby geniusless » March 6th, 2013, 7:00 pm

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {378E53B5-355F-4871-9DE9-272934C2AA83}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.130104-1437
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{378E53B5-355F-4871-9DE9-272934C2AA83}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-2910388343-3669961354-4034591298</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1420 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A06</Version><SMBIOSVersion major="2" minor="4"/><Date>20080114000000.000000+000</Date></BIOS><HWID>EB333507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>M08 </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>5D39581FC324F1C</Val><Hash>kVowkRetYJbmO2Mh90KDVr61ha4=</Hash><Pid>81602-910-1585475-68752</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500204-02-1033-6000.0000-1062008
Installation ID: 000230452655290524691806032231837872533070832002890881
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: B9HD2
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: PAAAAAEABgABAAIAAQABAAAAAwABAAEAJJS+zSKfGtPqTSSWUmauf0aDnF1SvOCj8vTm95xdOLKsViqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL M08
FACP DELL M08
HPET DELL M08
BOOT DELL M08
MCFG DELL M08
SLIC DELL M08
SSDT PmRef CpuPm
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: Chasing something...

Unread postby geniusless » March 6th, 2013, 7:09 pm

Windows Validation Check
Version: 1.9.12.5
Log Created On: 1501_06-03-2013
-----------------------

Windows Information
-----------------------
Windows Version: Windows Vista Service Pack 2
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2013-03-06 16:46:39
Last Success Time for Update Download: 2013-02-26 06:12:25
Last Success Time for Update Installation: 2013-02-26 06:35:36


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 12288 bytes
Creation; 4/6/2009 2:58:7
Modification; 10/4/2009 23:28:24
MD5; da887f28054d78ee8637bebb924a2db5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6000.16386_none_4c10a7ebfcbfa7c3\slwga.dll
Size: 12288 bytes
Creation; 2/11/2006 1:44:14
Modification; 2/11/2006 2:46:13
MD5; b39f1844ad6c656f64acd32caee72caa
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_4e4769e7f9aab897\slwga.dll
Size: 12288 bytes
Creation; 14/9/2008 20:25:3
Modification; 18/1/2008 23:36:30
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6002.18005_none_5032e2f3f6cc83e3\slwga.dll
Size: 12288 bytes
Creation; 4/6/2009 2:58:7
Modification; 10/4/2009 23:28:24
MD5; da887f28054d78ee8637bebb924a2db5
Matched: slwga.dll
-----------------------
D:\Windows\System32\slwga.dll
Size: 12288 bytes
Creation; 18/1/2008 21:41:48
Modification; 18/1/2008 23:36:30
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------
D:\Windows\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_4e4769e7f9aab897\slwga.dll
Size: 12288 bytes
Creation; 19/1/2008 0:53:9
Modification; 19/1/2008 0:53:9
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 75510147b94598407666f4802797c75a


-------- End of File, program close at 1507_06-03-2013 --------
geniusless
Regular Member
 
Posts: 42
Joined: February 28th, 2013, 11:24 pm

Re: Chasing something...

Unread postby askey127 » March 6th, 2013, 9:19 pm

geniusless,
---------------------------------------------
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :reg
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\lsa /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 92 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware