Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My laptop is infected... part of a group of pc's infected


  • Please log in to reply
32 replies to this topic

#1 Weaver1

Weaver1

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 PM

Posted 05 June 2013 - 03:45 PM

Posted about my main box and my vista spare part box.. this is to figure out whats up with one of three laptops that were all on a router together... This laptop crashed after getting the infection I recovered via the harddrive acer setup. No optical drive onstalled this is one of two acer netbooks we use in our family. Thoiught i reinstalled everything i believe a rootkit of some sort has ahold of this laptop...settings change on there own cpu usage is about 50% when just sitting idle from user stand point.

 

 

Please let me know what logs to provide.. Thanks again to all that have helped thus far and continue to be a great support.

 

 

btw: this laptop is an acer aspire one with win xp..



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 PM

Posted 08 June 2013 - 09:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

  • Please download ComboFix from one of these locations:
    Link 1
    Link 2
    IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    RcAuto1.gif
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
    Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

    Do not mouse click ComboFix's window while it's running. That may cause it to stall

    Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
    ===

    Third party programs if not up to date can be the cause of infiltration an infection.

    Please run this security check for my review.

    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • ===

    Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

    Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.

    1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
    2: DDS.pif
    3: DDS.COM

    Double click on the DDS icon, allow it to run.
    A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    Notepad will open with the results.
    Follow the instructions that pop up for posting the results.[/list]Please note: You may have to disable any script protection running if the scan fails to run.

    dds_scr.gif

    Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
    ===

    Please paste the logs in your next reply, DO NOT ATTACH THEM
    Let me know what problem persists.


#3 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 PM

Posted 08 June 2013 - 12:02 PM

dds log

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by OfficeNB at 9:19:29 on 2013-06-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.707 [GMT -7:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=0xph0613k685l04h4wu55w47m2u196
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=0xph0613k685l04h4wu55w47m2u196
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2010-7-22 61552]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [2013-6-5 3221120]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-7-22 1691480]
S4 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-7-22 260640]
S4 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-7-22 243232]
.
=============== Created Last 30 ================
.
2013-06-08 15:18:57 -------- d-sha-r- C:\cmdcons
2013-06-08 15:17:48 98816 ----a-w- c:\windows\sed.exe
2013-06-08 15:17:48 256000 ----a-w- c:\windows\PEV.exe
2013-06-08 15:17:48 208896 ----a-w- c:\windows\MBR.exe
2013-06-08 15:14:26 -------- d-----w- C:\43d678dac5c5159b0082bf7f
2013-06-06 20:31:19 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-06-06 20:28:46 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-06-06 20:28:46 3072 ------w- c:\windows\system32\iacenc.dll
2013-06-06 20:28:40 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2013-06-06 19:52:23 -------- d-----w- c:\windows\system32\PreInstall
2013-06-05 20:38:38 -------- d-sh--w- c:\documents and settings\officenb\PrivacIE
2013-06-05 20:35:47 -------- d-----w- c:\documents and settings\officenb\local settings\application data\WMTools Downloaded Files
2013-06-05 20:35:18 -------- d-----w- c:\windows\system32\SoftwareDistribution
2013-06-05 20:28:39 -------- d-----w- c:\windows\pss
2013-06-05 20:02:54 -------- d-----w- c:\windows\SxsCaPendDel
2013-06-05 16:26:13 -------- d-----w- c:\documents and settings\all users\OEM_E471269A730D
2013-06-05 16:07:23 -------- d-----w- c:\program files\Acer Crystal Eye webcam
2013-06-05 16:04:25 16928 ----a-w- c:\windows\system32\spmsgXP_2k3.dll
2013-06-05 16:04:18 -------- d-----w- c:\program files\Synaptics
2013-06-05 16:04:10 242992 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-06-05 16:04:09 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2013-06-05 16:04:09 173352 ----a-w- c:\windows\system32\SynCOM.dll
2013-06-05 16:04:09 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-06-05 16:04:09 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2013-06-05 16:04:08 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-06-05 15:56:05 -------- d-----w- c:\windows\system32\Atheros_L1e
2013-06-05 15:49:19 743424 -c--a-w- c:\windows\system32\dllcache\iedvtool.dll
.
==================== Find3M ====================
.
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 9:20:07.95 ===============

#4 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 PM

Posted 08 June 2013 - 12:03 PM

DDS attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 6/5/2013 9:24:28 AM
System Uptime: 6/8/2013 8:47:12 AM (1 hours ago)
.
Motherboard: Acer | | JE02_PT
Processor: Intel® Atom™ CPU N450 @ 1.66GHz | CPU | 1662/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 124.537 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® WiFi Link 1000 BGN
Device ID: PCI\VEN_8086&DEV_0083&SUBSYS_13058086&REV_00\4&20975680&0&00E1
Manufacturer: Intel Corporation
Name: Intel® WiFi Link 1000 BGN
PNP Device ID: PCI\VEN_8086&DEV_0083&SUBSYS_13058086&REV_00\4&20975680&0&00E1
Service: NETw5x32
.
==== System Restore Points ===================
.
RP1: 6/5/2013 9:24:32 AM - System Checkpoint
RP2: 6/5/2013 12:31:05 PM - Removed Acrobat.com
RP3: 6/5/2013 12:31:42 PM - Removed eBay Worldwide
RP4: 6/5/2013 12:32:15 PM - Configured eSobi v2
RP5: 6/5/2013 12:48:00 PM - Removed Microsoft .NET Framework 1.1
RP6: 6/5/2013 12:49:32 PM - Removed Adobe Reader 9.1 MUI.
RP7: 6/5/2013 12:50:55 PM - Removed Norton Online Backup
RP8: 6/5/2013 12:57:20 PM - Removed Windows Live Sync
RP9: 6/5/2013 12:57:44 PM - Removed Windows Live Upload Tool
RP10: 6/5/2013 12:58:37 PM - Removed Windows Live Sign-in Assistant
RP11: 6/5/2013 1:00:31 PM - Removed MyWinLocker Suite
RP12: 6/5/2013 1:23:55 PM - Removed Microsoft Office Suite Activation Assistant.
RP13: 6/6/2013 12:51:56 PM - Software Distribution Service 3.0
RP14: 6/8/2013 7:56:34 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
1.3M WebCam
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acer Crystal Eye webcam
Acer eRecovery Management
Acer Updater
Acer VCM
Adobe AIR
Adobe Flash Player 10 ActiveX
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Compatibility Pack for the 2007 Office system
ENE USB Card Reader Driver
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB969084)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813347)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982665)
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Word 2007 (KB974631)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
.
==== Event Viewer Messages From Past Week ========
.
6/5/2013 1:23:30 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================

#5 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 PM

Posted 08 June 2013 - 12:05 PM

ADWcleaner:

# AdwCleaner v2.302 - Logfile created 06/08/2013 at 08:03:05
# Updated 06/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : OfficeNB - ACER-D37F251F21
# Boot Mode : Normal
# Running from : C:\Documents and Settings\OfficeNB\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Partner

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [733 octets] - [08/06/2013 08:03:05]

########## EOF - C:\AdwCleaner[S1].txt - [792 octets] ##########

#6 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 PM

Posted 08 June 2013 - 12:06 PM

combofix log:

ComboFix 13-06-08.01 - OfficeNB 06/08/2013 8:22.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.718 [GMT -7:00]
Running from: c:\documents and settings\OfficeNB\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Services.reg
c:\windows\system32\config\systemprofile\Local Settings\Temp\googletoolbarinstaller_full_signed_6.2.1910.1554.exe
c:\windows\system32\config\systemprofile\Local Settings\Temp\kt_setup_1.2.4229.1140.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-05-08 to 2013-06-08 )))))))))))))))))))))))))))))))
.
.
2013-06-08 15:14 . 2013-06-08 15:14 -------- d-----w- C:\43d678dac5c5159b0082bf7f
2013-06-06 20:31 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-06-06 20:28 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-06-06 20:28 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-06-06 20:28 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2013-06-05 20:02 . 2013-06-05 20:27 -------- d-----w- c:\windows\SxsCaPendDel
2013-06-05 16:29 . 2013-06-05 16:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-06-05 16:26 . 2013-06-05 16:26 -------- d-----w- c:\documents and settings\All Users\OEM_E471269A730D
2013-06-05 16:24 . 2013-06-05 20:38 -------- d-----w- c:\documents and settings\OfficeNB
2013-06-05 16:24 . 2010-07-22 07:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-06-05 16:23 . 2010-07-22 07:27 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2013-06-05 16:07 . 2013-06-05 16:07 -------- d-----w- c:\program files\Acer Crystal Eye webcam
2013-06-05 16:04 . 2008-11-08 01:55 16928 ----a-w- c:\windows\system32\spmsgXP_2k3.dll
2013-06-05 16:04 . 2013-06-05 16:04 -------- d-----w- c:\program files\Synaptics
2013-06-05 16:04 . 2010-02-05 08:49 242992 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-06-05 16:04 . 2010-02-05 08:46 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-06-05 16:04 . 2010-02-05 08:46 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2013-06-05 16:04 . 2010-02-05 08:46 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2013-06-05 16:04 . 2010-02-05 08:46 173352 ----a-w- c:\windows\system32\SynCOM.dll
2013-06-05 16:04 . 2009-08-07 02:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-06-05 15:56 . 2013-06-05 15:56 -------- d-----w- c:\windows\system32\Atheros_L1e
2013-06-05 15:49 . 2010-05-06 10:41 743424 -c--a-w- c:\windows\system32\dllcache\iedvtool.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 01:31 . 2010-07-22 07:37 1876352 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S6000Mnt]
S6000Rmv.dll [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2009-12-11 05:59 59936 ----a-w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-06-17 03:32 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-10-13 17:25 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-06-17 03:33 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-06-17 03:32 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-12 21:53 19521056 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-02-05 08:46 1692968 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Updater Service"=2 (0x2)
"RS_Service"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"idsvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [7/22/2010 12:38 AM 61552]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [6/5/2013 8:53 AM 3221120]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/22/2010 1:30 AM 1691480]
S4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [7/22/2010 2:12 AM 260640]
S4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [7/22/2010 1:56 AM 243232]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=0xph0613k685l04h4wu55w47m2u196
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=0xph0613k685l04h4wu55w47m2u196
.
.
------- File Associations -------
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-08 08:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-06-08 08:40:12
ComboFix-quarantined-files.txt 2013-06-08 15:40
.
Pre-Run: 133,379,211,264 bytes free
Post-Run: 133,711,147,008 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 95BCE220029392E4AFF90EFB89B049A8
390BC326F8DC9CA4922C5FB5BE1BFE42

Edited by Weaver1, 08 June 2013 - 12:08 PM.


#7 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 PM

Posted 08 June 2013 - 12:10 PM

here are the quaratine files ...figured you might wanna see these after a few runs.. Hope that helps I am trying to be proactive with out stepping on toes...Thanks again for all the work


2013-06-08 15:30:09 . 2013-06-08 16:01:19 6,627 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-06-08 15:22:24 . 2013-06-08 15:53:20 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-06-08 15:17:36 . 2013-06-08 15:50:05 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2013-06-05 16:24:20 . 2009-08-03 17:21:06 10,849,392 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temp\googletoolbarinstaller_full_signed_6.2.1910.1554.exe.vir
2013-06-05 16:24:20 . 2009-06-29 18:43:26 1,773,552 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\Local Settings\Temp\kt_setup_1.2.4229.1140.exe.vir
2010-07-22 07:38:02 . 2008-11-27 04:38:04 7,254 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Services.reg.vir

#8 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 PM

Posted 08 June 2013 - 12:12 PM

Security Check log:

Results of screen317's Security Check version 0.99.64
Windows XP Service Pack 3 x86
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 10 Flash Player out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 PM

Posted 08 June 2013 - 12:45 PM

Looking good. Any remaining issues with this computer?

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

#10 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 PM

Posted 11 June 2013 - 09:14 AM

hello again, 

 

I ran root unhooker and here is a log: Let me know what you think...

 

RkUnhooker report generator v0.7
==============================================
Rootkit Unhooker kernel version: 3.7.300.505
==============================================
Windows Major Version: 5
Windows Minor Version: 1
Windows Build Number: 2600
==============================================
>Drivers
Driver: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xA99B2000
Size: 6082560 bytes

Driver: C:\WINDOWS\System32\igxpdx32.DLL
Address: 0xBF2E9000
Size: 3837952 bytes

Driver: C:\WINDOWS\System32\Drivers\S6000KNT.sys
Address: 0xA69B2000
Size: 3215360 bytes

Driver: C:\WINDOWS\System32\igxpdv32.DLL
Address: 0xBF059000
Size: 2686976 bytes

Driver: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000
Size: 2154496 bytes

Driver: PnpManager
Address: 0x804D7000
Size: 2154496 bytes

Driver: RAW
Address: 0x804D7000
Size: 2154496 bytes

Driver: WMIxWDM
Address: 0x804D7000
Size: 2154496 bytes

Driver: Win32k
Address: 0xBF800000
Size: 1880064 bytes

Driver: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000
Size: 1880064 bytes

Driver: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Address: 0xF5D47000
Size: 1757184 bytes

Driver: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA68D8000
Size: 892928 bytes

Driver: iaStor.sys
Address: 0xF73B9000
Size: 892928 bytes

Driver: Ntfs.sys
Address: 0xF72E3000
Size: 577536 bytes

Driver: C:\WINDOWS\System32\Drivers\wdf01000.sys
Address: 0xF5C2A000
Size: 462848 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA6CC3000
Size: 458752 bytes

Driver: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF4034000
Size: 385024 bytes

Driver: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA6DCE000
Size: 364544 bytes

Driver: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBF692000
Size: 290816 bytes

Driver: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Address: 0xF5C9B000
Size: 237568 bytes

Driver: C:\WINDOWS\System32\igxpgd32.dll
Address: 0xBF024000
Size: 217088 bytes

Driver: ACPI.sys
Address: 0xF74C3000
Size: 188416 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA61A5000
Size: 184320 bytes

Driver: NDIS.sys
Address: 0xF72B6000
Size: 184320 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA6D33000
Size: 176128 bytes

Driver: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xF5D0B000
Size: 163840 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA6DA6000
Size: 163840 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA6D80000
Size: 155648 bytes

Driver: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xA998E000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF5CD5000
Size: 147456 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF5BDF000
Size: 143360 bytes

Driver: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA6D5E000
Size: 139264 bytes

Driver: ACPI_HAL
Address: 0x806E5000
Size: 134400 bytes

Driver: C:\WINDOWS\system32\hal.dll
Address: 0x806E5000
Size: 134400 bytes

Driver: fltMgr.sys
Address: 0xF7399000
Size: 131072 bytes

Driver: ftdisk.sys
Address: 0xF7493000
Size: 126976 bytes

Driver: Mup.sys
Address: 0xF729C000
Size: 106496 bytes

Driver: KSecDD.sys
Address: 0xF7370000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF5C13000
Size: 94208 bytes

Driver: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA60C8000
Size: 86016 bytes

Driver: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF5D33000
Size: 81920 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA6E27000
Size: 77824 bytes

Driver: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000
Size: 73728 bytes

Driver: C:\WINDOWS\System32\igxprd32.dll
Address: 0xBF012000
Size: 73728 bytes

Driver: C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
Address: 0xF5CF9000
Size: 73728 bytes

Driver: sr.sys
Address: 0xF7387000
Size: 73728 bytes

Driver: pci.sys
Address: 0xF74B2000
Size: 69632 bytes

Driver: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF5C02000
Size: 69632 bytes

Driver: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF2CC4000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF5173000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF2CD4000
Size: 61440 bytes

Driver: C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS
Address: 0xF76B2000
Size: 57344 bytes

Driver: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7632000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF76A2000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF76C2000
Size: 53248 bytes

Driver: VolSnap.sys
Address: 0xF7612000
Size: 53248 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF76E2000
Size: 49152 bytes

Driver: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF5163000
Size: 45056 bytes

Driver: MountMgr.sys
Address: 0xF7602000
Size: 45056 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF76D2000
Size: 45056 bytes

Driver: isapnp.sys
Address: 0xF75F2000
Size: 40960 bytes

Driver: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF2CF4000
Size: 40960 bytes

Driver: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7702000
Size: 40960 bytes

Driver: disk.sys
Address: 0xF7622000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xF7692000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF76F2000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF5183000
Size: 36864 bytes

Driver: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF2CB4000
Size: 36864 bytes

Driver: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF796A000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF79F2000
Size: 32768 bytes

Driver: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF79FA000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF788A000
Size: 24576 bytes

Driver: rkhdrv40.sys
Address: 0xF7872000
Size: 24576 bytes

Driver: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF79EA000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF795A000
Size: 24576 bytes

Driver: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7962000
Size: 20480 bytes

Driver: PartMgr.sys
Address: 0xF787A000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF789A000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF78A2000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7892000
Size: 20480 bytes

Driver: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7972000
Size: 20480 bytes

Driver: C:\WINDOWS\system32\DRIVERS\BATTC.SYS
Address: 0xF7A0A000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Address: 0xF725C000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7AC2000
Size: 16384 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xF3ED0000
Size: 16384 bytes

Driver: ACPIEC.sys
Address: 0xF7A0E000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7A02000
Size: 12288 bytes

Driver: compbatt.sys
Address: 0xF7A06000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA73C7000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xA7EFF000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7254000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xA7EFB000
Size: 12288 bytes

Driver: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Address: 0xF7258000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xA79C1000
Size: 12288 bytes

Driver: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF37A7000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7B14000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7AF2000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF37A5000
Size: 8192 bytes

Driver: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF37A3000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7B18000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7B16000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7AF4000
Size: 8192 bytes

Driver: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7D18000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xA6FC5000
Size: 4096 bytes

Driver: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7CEF000
Size: 4096 bytes

Driver: C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Address: 0xF7BBA000
Size: 4096 bytes

==============================================
>Stealth
==============================================
>Files
==============================================
>Hooks

[1412]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]



#11 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 PM

Posted 11 June 2013 - 11:57 AM

I ran combofix again to see if it has anything new....log below ..thanks again for the help

 

 

 

ComboFix 13-06-08.02 - OfficeNB 06/11/2013   9:41.11.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1013.587 [GMT -7:00]
Running from: c:\documents and settings\OfficeNB\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\w32apiw.dll
c:\windows\wiadebug.log . . . . Failed to delete
c:\windows\wiaservc.log . . . . Failed to delete
c:\windows\WindowsUpdate.log . . . . Failed to delete
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-11 to 2013-06-11  )))))))))))))))))))))))))))))))
.
.
2013-06-11 15:56 . 2013-06-11 15:56 -------- d-----w- C:\TDSSKiller_Quarantine
2013-06-11 15:43 . 2008-04-14 12:00 152576 -c--a-w- c:\windows\system32\dllcache\bnts.dll
2013-06-11 15:42 . 2013-06-11 15:42 -------- d-----w- c:\program files\NKProds
2013-06-11 14:44 . 2013-06-11 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-11 14:44 . 2013-06-11 14:44 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-06-11 14:44 . 2013-06-11 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-06-11 14:16 . 2013-06-11 14:16 -------- dc-h--w- c:\windows\ie8
2013-06-11 14:11 . 2013-06-11 14:12 -------- d-----w- C:\cfba5575b45022fa0795cfc9099769f4
2013-06-11 14:11 . 2008-04-14 12:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-06-11 14:11 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-06-11 14:10 . 2008-04-14 12:00 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-06-11 14:10 . 2008-04-14 12:00 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2013-06-11 14:06 . 2013-06-11 14:06 -------- d-----w- C:\857a88d809fc7fb75919f46499b0
2013-06-09 06:30 . 2013-06-09 06:30 -------- d-----w- C:\f9826523ac7362c4c54a
2013-06-09 06:14 . 2013-06-09 06:17 -------- d-----w- c:\program files\Google
2013-06-08 15:14 . 2013-06-08 15:14 -------- d-----w- C:\43d678dac5c5159b0082bf7f
2013-06-06 20:28 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2013-06-06 20:28 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2013-06-05 20:02 . 2013-06-05 20:27 -------- d-----w- c:\windows\SxsCaPendDel
2013-06-05 16:29 . 2013-06-05 16:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-06-05 16:26 . 2013-06-05 16:26 -------- d-----w- c:\documents and settings\All Users\OEM_E471269A730D
2013-06-05 16:24 . 2013-06-08 17:13 -------- d-----w- c:\documents and settings\OfficeNB
2013-06-05 16:24 . 2010-07-22 07:27 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2013-06-05 16:23 . 2010-07-22 07:27 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2013-06-05 16:07 . 2013-06-05 16:07 -------- d-----w- c:\program files\Acer Crystal Eye webcam
2013-06-05 16:04 . 2008-11-08 01:55 16928 ----a-w- c:\windows\system32\spmsgXP_2k3.dll
2013-06-05 16:04 . 2013-06-05 16:04 -------- d-----w- c:\program files\Synaptics
2013-06-05 16:04 . 2010-02-05 08:49 242992 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-06-05 16:04 . 2010-02-05 08:46 161064 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-06-05 16:04 . 2010-02-05 08:46 120104 ----a-w- c:\windows\system32\SynTPCo4.dll
2013-06-05 16:04 . 2010-02-05 08:46 210216 ----a-w- c:\windows\system32\SynCtrl.dll
2013-06-05 16:04 . 2010-02-05 08:46 173352 ----a-w- c:\windows\system32\SynCOM.dll
2013-06-05 16:04 . 2009-08-07 02:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-06-05 15:56 . 2013-06-05 15:56 -------- d-----w- c:\windows\system32\Atheros_L1e
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-16 21:18 . 2010-07-22 07:37 668672 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 21:18 . 2010-07-22 07:37 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-16 21:18 . 2010-07-22 07:26 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-04-13 00:53 . 2010-07-22 07:37 369664 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2010-07-22 07:37 1876352 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S6000Mnt]
S6000Rmv.dll  [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2009-12-11 05:59 59936 ----a-w- c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-06-17 03:32 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-10-13 17:25 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-06-17 03:33 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 12:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 12:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-06-17 03:32 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-12 21:53 19521056 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-02-05 08:46 1692968 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Updater Service"=2 (0x2)
"RS_Service"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"idsvc"=3 (0x3)
"IAANTMON"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [7/22/2010 12:38 AM 61552]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [6/5/2013 8:53 AM 3221120]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/22/2010 1:30 AM 1691480]
S3 FYDJG;FYDJG;c:\docume~1\OfficeNB\LOCALS~1\Temp\FYDJG.exe --> c:\docume~1\OfficeNB\LOCALS~1\Temp\FYDJG.exe [?]
S3 LXX;LXX;c:\docume~1\OfficeNB\LOCALS~1\Temp\LXX.exe --> c:\docume~1\OfficeNB\LOCALS~1\Temp\LXX.exe [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [6/11/2013 7:44 AM 35144]
S3 MPU;MPU;c:\docume~1\OfficeNB\LOCALS~1\Temp\MPU.exe --> c:\docume~1\OfficeNB\LOCALS~1\Temp\MPU.exe [?]
S3 OWWVHE;OWWVHE;c:\docume~1\OfficeNB\LOCALS~1\Temp\OWWVHE.exe --> c:\docume~1\OfficeNB\LOCALS~1\Temp\OWWVHE.exe [?]
S3 VHFQLNNSW;VHFQLNNSW;c:\docume~1\OfficeNB\LOCALS~1\Temp\VHFQLNNSW.exe --> c:\docume~1\OfficeNB\LOCALS~1\Temp\VHFQLNNSW.exe [?]
S4 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [7/22/2010 2:12 AM 260640]
S4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [7/22/2010 1:56 AM 243232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-09 06:17 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-09 06:16]
.
2013-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-09 06:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=0xph0613k685l04h4wu55w47m2u196
uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=0xph0613k685l04h4wu55w47m2u196
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-11 09:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1304)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-06-11  09:50:05 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-11 16:50
ComboFix2.txt  2013-06-11 16:08
ComboFix3.txt  2013-06-11 15:20
ComboFix4.txt  2013-06-11 14:26
ComboFix5.txt  2013-06-11 16:40
.
Pre-Run: 132,610,252,800 bytes free
Post-Run: 132,616,572,928 bytes free
.
- - End Of File - - E60F351A21D71335F969646F475D47F6
390BC326F8DC9CA4922C5FB5BE1BFE42


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 PM

Posted 11 June 2013 - 12:50 PM

Read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application.
    tdss1.png
  • Click Change parameters
    settings20121003115955.png
  • Check the boxes next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
    tdss3.png
  • Click on the Start Scan button to begin the scan and wait for it to finish.
    NOTE: Do not use the computer during the scan!
  • During the scan it will look similar to the image below:
    tdss4.jpg
  • When it finishes, you will either see a report that no threats were found like below:
    tdss5.jpg
    If no threats are found at this point, just click the Report selection on the top right of the form to generate a log. A log file report will pop which you can just close since the report file is already saved.
  • If any infection or suspected items are found, you will see a window similar to below:
    tdss7.jpg
    • If you have files that are shown to fail signature check do not take any action on these. Make sure you select Skip. I will tell you what to do with these later. They may not be issues at all.
    • If Suspicious objects are detected, the default action will be Skip. Leave the default set to Skip.
    • If Malicious objects are detected, they will show in the Scan results. TDSSKiller automatically selects an action (Cure or Delete) for malicious objects
    • Make sure that Cure is selected. Important! - If Cure is not available, please choose Skip instead. Do not choose Delete unless instructed to do so.
  • Click Continue to apply selected actions.
  • A reboot may be required to complete disinfection. A window like the below will appear:
    tdss6.jpg
    Reboot immediately if TDSSKiller states that one is needed.
  • Whether an infection is found or not, a log file should have already been created on your C: drive (or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run.
  • Paste the log to your next reply, DO NOT ATTACH IT.
Please let me know what problem persists.

#13 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 PM

Posted 11 June 2013 - 02:43 PM

12:41:34.0328 3404  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:41:35.0078 3404  ============================================================
12:41:35.0078 3404  Current date / time: 2013/06/11 12:41:35.0078
12:41:35.0078 3404  SystemInfo:
12:41:35.0078 3404  
12:41:35.0078 3404  OS Version: 5.1.2600 ServicePack: 3.0
12:41:35.0078 3404  Product type: Workstation
12:41:35.0078 3404  ComputerName: ACER-D37F251F21
12:41:35.0078 3404  UserName: OfficeNB
12:41:35.0078 3404  Windows directory: C:\WINDOWS
12:41:35.0078 3404  System windows directory: C:\WINDOWS
12:41:35.0078 3404  Processor architecture: Intel x86
12:41:35.0078 3404  Number of processors: 2
12:41:35.0078 3404  Page size: 0x1000
12:41:35.0078 3404  Boot type: Normal boot
12:41:35.0078 3404  ============================================================
12:41:35.0875 3404  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:41:35.0875 3404  ============================================================
12:41:35.0875 3404  \Device\Harddisk0\DR0:
12:41:35.0875 3404  MBR partitions:
12:41:35.0875 3404  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1600800, BlocksNum 0x11418800
12:41:35.0875 3404  ============================================================
12:41:35.0921 3404  C: <-> \Device\Harddisk0\DR0\Partition1
12:41:35.0921 3404  ============================================================
12:41:35.0921 3404  Initialize success
12:41:35.0921 3404  ============================================================
12:41:43.0140 1576  ============================================================
12:41:43.0140 1576  Scan started
12:41:43.0140 1576  Mode: Manual; SigCheck; TDLFS; 
12:41:43.0140 1576  ============================================================
12:41:43.0343 1576  ================ Scan system memory ========================
12:41:43.0359 1576  System memory - ok
12:41:43.0359 1576  ================ Scan services =============================
12:41:43.0656 1576  Abiosdsk - ok
12:41:43.0687 1576  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:41:45.0234 1576  abp480n5 - ok
12:41:45.0281 1576  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:41:45.0500 1576  ACPI - ok
12:41:45.0515 1576  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:41:45.0703 1576  ACPIEC - ok
12:41:45.0734 1576  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:41:45.0937 1576  adpu160m - ok
12:41:46.0046 1576  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
12:41:46.0250 1576  aec - ok
12:41:46.0296 1576  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
12:41:46.0343 1576  AFD - ok
12:41:46.0359 1576  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
12:41:46.0562 1576  agp440 - ok
12:41:46.0656 1576  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:41:46.0859 1576  agpCPQ - ok
12:41:46.0875 1576  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:41:46.0953 1576  Aha154x - ok
12:41:46.0968 1576  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:41:47.0171 1576  aic78u2 - ok
12:41:47.0187 1576  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:41:47.0375 1576  aic78xx - ok
12:41:47.0406 1576  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
12:41:47.0593 1576  Alerter - ok
12:41:47.0625 1576  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
12:41:47.0703 1576  ALG - ok
12:41:47.0734 1576  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
12:41:47.0906 1576  AliIde - ok
12:41:47.0953 1576  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:41:48.0156 1576  alim1541 - ok
12:41:48.0312 1576  [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt         C:\WINDOWS\system32\drivers\Ambfilt.sys
12:41:48.0484 1576  Ambfilt - ok
12:41:48.0515 1576  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:41:48.0718 1576  amdagp - ok
12:41:48.0812 1576  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
12:41:48.0921 1576  amsint - ok
12:41:48.0937 1576  AppMgmt - ok
12:41:48.0953 1576  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
12:41:49.0187 1576  asc - ok
12:41:49.0250 1576  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:41:49.0343 1576  asc3350p - ok
12:41:49.0359 1576  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:41:49.0546 1576  asc3550 - ok
12:41:49.0718 1576  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:41:49.0734 1576  aspnet_state - ok
12:41:49.0765 1576  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:41:49.0984 1576  AsyncMac - ok
12:41:50.0062 1576  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
12:41:50.0281 1576  atapi - ok
12:41:50.0296 1576  Atdisk - ok
12:41:50.0312 1576  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:41:50.0546 1576  Atmarpc - ok
12:41:50.0640 1576  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
12:41:50.0843 1576  AudioSrv - ok
12:41:50.0875 1576  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
12:41:51.0078 1576  audstub - ok
12:41:51.0156 1576  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
12:41:51.0375 1576  Beep - ok
12:41:51.0484 1576  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
12:41:51.0703 1576  BITS - ok
12:41:51.0734 1576  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
12:41:51.0781 1576  Browser - ok
12:41:51.0875 1576  catchme - ok
12:41:51.0906 1576  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:41:52.0156 1576  cbidf - ok
12:41:52.0171 1576  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
12:41:52.0359 1576  cbidf2k - ok
12:41:52.0406 1576  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:41:52.0609 1576  CCDECODE - ok
12:41:52.0703 1576  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:41:52.0796 1576  cd20xrnt - ok
12:41:52.0828 1576  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
12:41:53.0015 1576  Cdaudio - ok
12:41:53.0046 1576  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
12:41:53.0250 1576  Cdfs - ok
12:41:53.0343 1576  [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom           C:\WINDOWS\system32\drivers\Cdrom.sys
12:41:53.0421 1576  Cdrom - ok
12:41:53.0421 1576  Changer - ok
12:41:53.0468 1576  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
12:41:53.0671 1576  CiSvc - ok
12:41:53.0765 1576  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
12:41:54.0031 1576  ClipSrv - ok
12:41:54.0093 1576  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:41:54.0125 1576  clr_optimization_v2.0.50727_32 - ok
12:41:54.0140 1576  [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:41:54.0328 1576  CmBatt - ok
12:41:54.0375 1576  [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:41:54.0562 1576  CmdIde - ok
12:41:54.0671 1576  [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:41:54.0875 1576  Compbatt - ok
12:41:54.0890 1576  COMSysApp - ok
12:41:54.0921 1576  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:41:55.0140 1576  Cpqarray - ok
12:41:55.0171 1576  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
12:41:55.0375 1576  CryptSvc - ok
12:41:55.0468 1576  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:41:55.0671 1576  dac2w2k - ok
12:41:55.0765 1576  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:41:55.0968 1576  dac960nt - ok
12:41:56.0078 1576  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
12:41:56.0171 1576  DcomLaunch - ok
12:41:56.0203 1576  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
12:41:56.0406 1576  Dhcp - ok
12:41:56.0437 1576  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
12:41:56.0718 1576  Disk - ok
12:41:56.0718 1576  dmadmin - ok
12:41:56.0796 1576  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
12:41:57.0046 1576  dmboot - ok
12:41:57.0078 1576  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
12:41:57.0281 1576  dmio - ok
12:41:57.0390 1576  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
12:41:57.0593 1576  dmload - ok
12:41:57.0703 1576  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
12:41:57.0890 1576  dmserver - ok
12:41:57.0937 1576  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
12:41:58.0187 1576  DMusic - ok
12:41:58.0250 1576  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
12:41:58.0296 1576  Dnscache - ok
12:41:58.0328 1576  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
12:41:58.0531 1576  Dot3svc - ok
12:41:58.0546 1576  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:41:58.0765 1576  dpti2o - ok
12:41:58.0796 1576  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
12:41:58.0984 1576  drmkaud - ok
12:41:59.0015 1576  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
12:41:59.0218 1576  EapHost - ok
12:41:59.0328 1576  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
12:41:59.0531 1576  ERSvc - ok
12:41:59.0625 1576  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
12:41:59.0656 1576  Eventlog - ok
12:41:59.0671 1576  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\system32\es.dll
12:41:59.0734 1576  EventSystem - ok
12:41:59.0781 1576  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
12:42:00.0015 1576  Fastfat - ok
12:42:00.0093 1576  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:42:00.0156 1576  FastUserSwitchingCompatibility - ok
12:42:00.0187 1576  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
12:42:00.0406 1576  Fdc - ok
12:42:00.0515 1576  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
12:42:00.0718 1576  Fips - ok
12:42:00.0781 1576  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
12:42:01.0015 1576  Flpydisk - ok
12:42:01.0078 1576  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:42:01.0296 1576  FltMgr - ok
12:42:01.0421 1576  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:42:01.0437 1576  FontCache3.0.0.0 - ok
12:42:01.0453 1576  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:42:01.0656 1576  Fs_Rec - ok
12:42:01.0671 1576  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:42:01.0859 1576  Ftdisk - ok
12:42:01.0859 1576  FYDJG - ok
12:42:01.0921 1576  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:42:02.0125 1576  Gpc - ok
12:42:02.0281 1576  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:42:02.0296 1576  gupdate - ok
12:42:02.0312 1576  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:42:02.0343 1576  gupdatem - ok
12:42:02.0375 1576  [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:42:02.0578 1576  HDAudBus - ok
12:42:02.0656 1576  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:42:02.0875 1576  helpsvc - ok
12:42:02.0906 1576  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
12:42:03.0109 1576  HidServ - ok
12:42:03.0218 1576  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:42:03.0406 1576  HidUsb - ok
12:42:03.0531 1576  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
12:42:03.0750 1576  hkmsvc - ok
12:42:03.0796 1576  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
12:42:04.0015 1576  hpn - ok
12:42:04.0125 1576  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
12:42:04.0187 1576  HTTP - ok
12:42:04.0234 1576  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
12:42:04.0437 1576  HTTPFilter - ok
12:42:04.0531 1576  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
12:42:04.0781 1576  i2omgmt - ok
12:42:04.0828 1576  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:42:05.0031 1576  i2omp - ok
12:42:05.0140 1576  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:42:05.0328 1576  i8042prt - ok
12:42:05.0406 1576  [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:42:05.0453 1576  IAANTMON - ok
12:42:05.0546 1576  [ 601C76224D741FE70AFC4298C0A04213 ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
12:42:05.0734 1576  ialm - ok
12:42:05.0796 1576  [ 0BAA4115DFFFD6A6D809A89D65E1281A ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
12:42:05.0828 1576  iaStor - ok
12:42:05.0921 1576  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:42:06.0015 1576  idsvc - ok
12:42:06.0062 1576  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\drivers\Imapi.sys
12:42:06.0281 1576  Imapi - ok
12:42:06.0375 1576  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
12:42:06.0593 1576  ImapiService - ok
12:42:06.0687 1576  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:42:06.0906 1576  ini910u - ok
12:42:07.0125 1576  [ F574D00AB0319D8AB38FFF0739C8659B ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:42:07.0562 1576  IntcAzAudAddService - ok
12:42:07.0593 1576  [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
12:42:07.0859 1576  IntelIde - ok
12:42:07.0890 1576  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:42:08.0078 1576  intelppm - ok
12:42:08.0187 1576  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:42:08.0406 1576  Ip6Fw - ok
12:42:08.0500 1576  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:42:08.0687 1576  IpFilterDriver - ok
12:42:08.0796 1576  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:42:09.0031 1576  IpInIp - ok
12:42:09.0093 1576  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:42:09.0343 1576  IpNat - ok
12:42:09.0390 1576  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:42:09.0656 1576  IPSec - ok
12:42:09.0687 1576  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
12:42:09.0796 1576  IRENUM - ok
12:42:09.0828 1576  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:42:10.0062 1576  isapnp - ok
12:42:10.0125 1576  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:42:10.0343 1576  Kbdclass - ok
12:42:10.0421 1576  [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:42:10.0609 1576  kbdhid - ok
12:42:10.0640 1576  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
12:42:10.0843 1576  kmixer - ok
12:42:10.0859 1576  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
12:42:10.0937 1576  KSecDD - ok
12:42:10.0984 1576  [ A717D07DB8AFC53ED8BAA530B0CC84B4 ] L1c             C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
12:42:11.0015 1576  L1c - ok
12:42:11.0078 1576  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:42:11.0156 1576  lanmanworkstation - ok
12:42:11.0156 1576  lbrtfdc - ok
12:42:11.0218 1576  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
12:42:11.0437 1576  LmHosts - ok
12:42:11.0437 1576  LXX - ok
12:42:11.0531 1576  [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon   C:\WINDOWS\system32\drivers\mbamchameleon.sys
12:42:11.0562 1576  mbamchameleon - ok
12:42:11.0609 1576  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
12:42:11.0859 1576  Messenger - ok
12:42:11.0890 1576  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
12:42:12.0093 1576  mnmdd - ok
12:42:12.0203 1576  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
12:42:12.0406 1576  mnmsrvc - ok
12:42:12.0515 1576  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
12:42:12.0718 1576  Modem - ok
12:42:12.0843 1576  [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt         C:\WINDOWS\system32\drivers\Monfilt.sys
12:42:12.0984 1576  Monfilt - ok
12:42:13.0015 1576  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:42:13.0218 1576  Mouclass - ok
12:42:13.0312 1576  [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:42:13.0546 1576  mouhid - ok
12:42:13.0640 1576  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
12:42:13.0875 1576  MountMgr - ok
12:42:13.0875 1576  MPU - ok
12:42:13.0906 1576  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:42:14.0140 1576  mraid35x - ok
12:42:14.0187 1576  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:42:14.0375 1576  MRxDAV - ok
12:42:14.0453 1576  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:42:14.0531 1576  MRxSmb - ok
12:42:14.0562 1576  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
12:42:14.0750 1576  MSDTC - ok
12:42:14.0781 1576  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
12:42:14.0984 1576  Msfs - ok
12:42:15.0000 1576  MSIServer - ok
12:42:15.0093 1576  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:42:15.0281 1576  MSKSSRV - ok
12:42:15.0312 1576  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:42:15.0500 1576  MSPCLOCK - ok
12:42:15.0500 1576  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
12:42:15.0703 1576  MSPQM - ok
12:42:15.0734 1576  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:42:15.0921 1576  mssmbios - ok
12:42:15.0953 1576  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
12:42:16.0156 1576  MSTEE - ok
12:42:16.0265 1576  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
12:42:16.0312 1576  Mup - ok
12:42:16.0328 1576  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:42:16.0531 1576  NABTSFEC - ok
12:42:16.0562 1576  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
12:42:16.0781 1576  napagent - ok
12:42:16.0828 1576  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
12:42:17.0046 1576  NDIS - ok
12:42:17.0140 1576  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:42:17.0328 1576  NdisIP - ok
12:42:17.0375 1576  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:42:17.0406 1576  NdisTapi - ok
12:42:17.0437 1576  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:42:17.0625 1576  Ndisuio - ok
12:42:17.0640 1576  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:42:17.0828 1576  NdisWan - ok
12:42:17.0859 1576  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
12:42:17.0906 1576  NDProxy - ok
12:42:17.0937 1576  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
12:42:18.0125 1576  NetBIOS - ok
12:42:18.0156 1576  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
12:42:18.0359 1576  NetBT - ok
12:42:18.0468 1576  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
12:42:18.0671 1576  NetDDE - ok
12:42:18.0734 1576  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
12:42:18.0937 1576  NetDDEdsdm - ok
12:42:19.0046 1576  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
12:42:19.0250 1576  Netlogon - ok
12:42:19.0343 1576  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
12:42:19.0593 1576  Netman - ok
12:42:19.0656 1576  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:42:19.0703 1576  NetTcpPortSharing - ok
12:42:19.0984 1576  [ 3BDC90D9B12B685944F2B0896AF5413C ] NETw5x32        C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
12:42:20.0640 1576  NETw5x32 - ok
12:42:20.0703 1576  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
12:42:20.0765 1576  Nla - ok
12:42:20.0812 1576  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
12:42:21.0078 1576  Npfs - ok
12:42:21.0140 1576  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
12:42:21.0390 1576  Ntfs - ok
12:42:21.0468 1576  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
12:42:21.0656 1576  NtLmSsp - ok
12:42:21.0750 1576  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
12:42:21.0984 1576  NtmsSvc - ok
12:42:22.0031 1576  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
12:42:22.0250 1576  Null - ok
12:42:22.0328 1576  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:42:22.0562 1576  NwlnkFlt - ok
12:42:22.0625 1576  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:42:22.0859 1576  NwlnkFwd - ok
12:42:22.0968 1576  [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:42:23.0031 1576  odserv - ok
12:42:23.0062 1576  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:42:23.0109 1576  ose - ok
12:42:23.0109 1576  OWWVHE - ok
12:42:23.0156 1576  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
12:42:23.0421 1576  Parport - ok
12:42:23.0484 1576  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
12:42:23.0750 1576  PartMgr - ok
12:42:23.0796 1576  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
12:42:24.0015 1576  ParVdm - ok
12:42:24.0062 1576  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
12:42:24.0281 1576  PCI - ok
12:42:24.0296 1576  PCIDump - ok
12:42:24.0359 1576  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
12:42:24.0562 1576  PCIIde - ok
12:42:24.0656 1576  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
12:42:24.0859 1576  Pcmcia - ok
12:42:24.0875 1576  PDCOMP - ok
12:42:24.0875 1576  PDFRAME - ok
12:42:24.0890 1576  PDRELI - ok
12:42:24.0906 1576  PDRFRAME - ok
12:42:24.0937 1576  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
12:42:25.0140 1576  perc2 - ok
12:42:25.0171 1576  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:42:25.0359 1576  perc2hib - ok
12:42:25.0468 1576  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
12:42:25.0500 1576  PlugPlay - ok
12:42:25.0500 1576  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
12:42:25.0687 1576  PolicyAgent - ok
12:42:25.0796 1576  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:42:26.0000 1576  PptpMiniport - ok
12:42:26.0062 1576  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:42:26.0250 1576  ProtectedStorage - ok
12:42:26.0265 1576  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
12:42:26.0500 1576  PSched - ok
12:42:26.0546 1576  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:42:26.0734 1576  Ptilink - ok
12:42:26.0781 1576  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:42:26.0984 1576  ql1080 - ok
12:42:27.0062 1576  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:42:27.0265 1576  Ql10wnt - ok
12:42:27.0281 1576  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:42:27.0484 1576  ql12160 - ok
12:42:27.0578 1576  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:42:27.0765 1576  ql1240 - ok
12:42:27.0781 1576  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:42:27.0968 1576  ql1280 - ok
12:42:28.0000 1576  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:42:28.0187 1576  RasAcd - ok
12:42:28.0218 1576  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
12:42:28.0421 1576  RasAuto - ok
12:42:28.0531 1576  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:42:28.0718 1576  Rasl2tp - ok
12:42:28.0750 1576  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
12:42:28.0953 1576  RasMan - ok
12:42:29.0015 1576  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:42:29.0218 1576  RasPppoe - ok
12:42:29.0265 1576  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
12:42:29.0453 1576  Raspti - ok
12:42:29.0484 1576  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:42:29.0687 1576  Rdbss - ok
12:42:29.0781 1576  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:42:29.0984 1576  RDPCDD - ok
12:42:30.0078 1576  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:42:30.0281 1576  rdpdr - ok
12:42:30.0406 1576  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
12:42:30.0484 1576  RDPWD - ok
12:42:30.0531 1576  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
12:42:30.0750 1576  RDSessMgr - ok
12:42:30.0781 1576  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
12:42:31.0000 1576  RemoteAccess - ok
12:42:31.0078 1576  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\system32\locator.exe
12:42:31.0265 1576  RpcLocator - ok
12:42:31.0296 1576  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
12:42:31.0343 1576  RpcSs - ok
12:42:31.0375 1576  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\system32\rsvp.exe
12:42:31.0578 1576  RSVP - ok
12:42:31.0718 1576  [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A ] RS_Service      C:\Program Files\Acer\Acer VCM\RS_Service.exe
12:42:31.0765 1576  RS_Service - ok
12:42:31.0890 1576  [ EFA699F02DF6C4C58EA0BD81BA1A23BD ] S6000KNT        C:\WINDOWS\system32\Drivers\S6000KNT.sys
12:42:32.0109 1576  S6000KNT - ok
12:42:32.0156 1576  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
12:42:32.0453 1576  SamSs - ok
12:42:32.0500 1576  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
12:42:32.0703 1576  SCardSvr - ok
12:42:32.0812 1576  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
12:42:33.0015 1576  Schedule - ok
12:42:33.0046 1576  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:42:33.0125 1576  Secdrv - ok
12:42:33.0140 1576  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
12:42:33.0343 1576  seclogon - ok
12:42:33.0437 1576  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
12:42:33.0640 1576  SENS - ok
12:42:33.0765 1576  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
12:42:33.0953 1576  Serial - ok
12:42:34.0062 1576  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
12:42:34.0265 1576  Sfloppy - ok
12:42:34.0390 1576  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
12:42:34.0593 1576  SharedAccess - ok
12:42:34.0609 1576  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:42:34.0640 1576  ShellHWDetection - ok
12:42:34.0656 1576  Simbad - ok
12:42:34.0703 1576  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:42:34.0906 1576  sisagp - ok
12:42:34.0921 1576  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:42:35.0109 1576  SLIP - ok
12:42:35.0140 1576  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:42:35.0218 1576  Sparrow - ok
12:42:35.0234 1576  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
12:42:35.0437 1576  splitter - ok
12:42:35.0468 1576  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
12:42:35.0515 1576  Spooler - ok
12:42:35.0546 1576  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
12:42:35.0640 1576  sr - ok
12:42:35.0687 1576  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
12:42:35.0765 1576  srservice - ok
12:42:35.0781 1576  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
12:42:35.0859 1576  SSDPSRV - ok
12:42:35.0890 1576  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
12:42:36.0140 1576  stisvc - ok
12:42:36.0218 1576  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:42:36.0421 1576  streamip - ok
12:42:36.0531 1576  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
12:42:36.0718 1576  swenum - ok
12:42:36.0750 1576  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
12:42:36.0937 1576  swmidi - ok
12:42:36.0953 1576  SwPrv - ok
12:42:37.0046 1576  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
12:42:37.0234 1576  symc810 - ok
12:42:37.0234 1576  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:42:37.0437 1576  symc8xx - ok
12:42:37.0453 1576  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:42:37.0640 1576  sym_hi - ok
12:42:37.0656 1576  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:42:37.0859 1576  sym_u3 - ok
12:42:37.0890 1576  [ 5CDD124913E91C7F79B4D5CAE1C7C4DE ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:42:37.0921 1576  SynTP - ok
12:42:37.0953 1576  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
12:42:38.0140 1576  sysaudio - ok
12:42:38.0187 1576  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
12:42:38.0390 1576  SysmonLog - ok
12:42:38.0515 1576  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
12:42:38.0703 1576  TapiSrv - ok
12:42:38.0812 1576  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:42:38.0859 1576  Tcpip - ok
12:42:38.0890 1576  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
12:42:39.0109 1576  TDPIPE - ok
12:42:39.0187 1576  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
12:42:39.0375 1576  TDTCP - ok
12:42:39.0406 1576  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
12:42:39.0593 1576  TermDD - ok
12:42:39.0640 1576  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
12:42:39.0843 1576  TermService - ok
12:42:39.0875 1576  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
12:42:39.0906 1576  Themes - ok
12:42:39.0921 1576  [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
12:42:40.0125 1576  TosIde - ok
12:42:40.0140 1576  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
12:42:40.0328 1576  TrkWks - ok
12:42:40.0375 1576  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
12:42:40.0578 1576  Udfs - ok
12:42:40.0656 1576  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
12:42:40.0750 1576  ultra - ok
12:42:40.0781 1576  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
12:42:41.0000 1576  Update - ok
12:42:41.0062 1576  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
12:42:41.0093 1576  Updater Service - ok
12:42:41.0140 1576  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
12:42:41.0250 1576  upnphost - ok
12:42:41.0265 1576  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
12:42:41.0484 1576  UPS - ok
12:42:41.0562 1576  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:42:41.0765 1576  usbccgp - ok
12:42:41.0812 1576  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:42:42.0015 1576  usbehci - ok
12:42:42.0109 1576  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:42:42.0296 1576  usbhub - ok
12:42:42.0343 1576  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:42:42.0531 1576  USBSTOR - ok
12:42:42.0546 1576  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:42:42.0750 1576  usbuhci - ok
12:42:42.0781 1576  [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
12:42:42.0984 1576  usbvideo - ok
12:42:43.0015 1576  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
12:42:43.0203 1576  VgaSave - ok
12:42:43.0218 1576  VHFQLNNSW - ok
12:42:43.0312 1576  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:42:43.0515 1576  viaagp - ok
12:42:43.0609 1576  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
12:42:43.0812 1576  ViaIde - ok
12:42:43.0843 1576  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
12:42:44.0078 1576  VolSnap - ok
12:42:44.0156 1576  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
12:42:44.0265 1576  VSS - ok
12:42:44.0296 1576  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
12:42:44.0546 1576  W32Time - ok
12:42:44.0609 1576  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:42:44.0828 1576  Wanarp - ok
12:42:44.0875 1576  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
12:42:44.0921 1576  Wdf01000 - ok
12:42:44.0937 1576  WDICA - ok
12:42:44.0984 1576  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
12:42:45.0187 1576  wdmaud - ok
12:42:45.0218 1576  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
12:42:45.0421 1576  WebClient - ok
12:42:45.0484 1576  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
12:42:45.0687 1576  winmgmt - ok
12:42:45.0796 1576  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
12:42:45.0890 1576  WmdmPmSN - ok
12:42:45.0906 1576  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:42:46.0109 1576  WmiAcpi - ok
12:42:46.0218 1576  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:42:46.0515 1576  WmiApSrv - ok
12:42:46.0609 1576  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
12:42:46.0750 1576  WMPNetworkSvc - ok
12:42:46.0781 1576  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:42:46.0984 1576  WS2IFSL - ok
12:42:47.0015 1576  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
12:42:47.0250 1576  wscsvc - ok
12:42:47.0312 1576  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:42:47.0500 1576  WSTCODEC - ok
12:42:47.0531 1576  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
12:42:47.0734 1576  wuauserv - ok
12:42:47.0765 1576  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:42:47.0859 1576  WudfPf - ok
12:42:47.0859 1576  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:42:47.0921 1576  WudfRd - ok
12:42:47.0937 1576  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
12:42:47.0968 1576  WudfSvc - ok
12:42:48.0015 1576  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
12:42:48.0265 1576  WZCSVC - ok
12:42:48.0343 1576  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
12:42:48.0546 1576  xmlprov - ok
12:42:48.0562 1576  ================ Scan global ===============================
12:42:48.0671 1576  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
12:42:48.0703 1576  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:42:48.0734 1576  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
12:42:48.0765 1576  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
12:42:48.0765 1576  [Global] - ok
12:42:48.0765 1576  ================ Scan MBR ==================================
12:42:48.0796 1576  [ 390BC326F8DC9CA4922C5FB5BE1BFE42 ] \Device\Harddisk0\DR0
12:42:49.0718 1576  \Device\Harddisk0\DR0 - ok
12:42:49.0718 1576  ================ Scan VBR ==================================
12:42:49.0734 1576  [ B77B96B659944D7C092BA789EFCF8A3E ] \Device\Harddisk0\DR0\Partition1
12:42:49.0734 1576  \Device\Harddisk0\DR0\Partition1 - ok
12:42:49.0734 1576  ============================================================
12:42:49.0734 1576  Scan finished
12:42:49.0734 1576  ============================================================
12:42:49.0859 3636  Detected object count: 0
12:42:49.0859 3636  Actual detected object count: 0


#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:11 PM

Posted 12 June 2013 - 07:35 AM

Looking good. Any remaining issues?

#15 Weaver1

Weaver1
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:11 PM

Posted 12 June 2013 - 10:55 AM

Thanks for all the help looks like we killed a bunch of files, however one remaining issue I spotted is I am locked from making changes to reg via regedit






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users