TechSpot

Computer infected by virus

Solved
By meadow
Oct 26, 2012
  1. My computer was infected by virus.
    I followed 5-steps 1. Ran window security essentials to scan the computer, 2. Downloaded and ran MBAM. 3. downloaded GMER. when I ran it, get "load error", then pc restarted. It took much longer time to up, after just a few second, it restarted again, again. I tried to started computer in safe mode, but my userid and password don't work.I managed to squeeze in another time of MBAM, it didn't make difference.

    -----------------------------------------------------------------------------
    here is log of mbam:
    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.09.29.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    userid :: computername[administrator]

    10/26/2012 1:10:17 PM
    mbam-log-2012-10-26 (13-10-17).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 241822
    Time elapsed: 11 minute(s), 10 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 6
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)
    ------------------------------------------------------------

    Please help!
  2. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Are you saying that the computer is in restart loop?
  3. meadow

    meadow TS Rookie Topic Starter Posts: 83

    Yes, it restarted by itself once it is up for three times today. And it took long time to get to logon screen. Now I am not sure it will ever get to logon screen now, it has been hanged on blue "DELL" screen for over 20 minutes. I have to shut it down by push the power button.
    By the way, the error I got when I ran GMER is "Load Drive ("C:\Docum~1\userID\local~1\Temp\kwdyqkob.sys"), error 0xC000010E:cannot create a statble subkey under a volatile parent key".
  4. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    I'm not sure if I understand. Is the computer bootable or not?
  5. meadow

    meadow TS Rookie Topic Starter Posts: 83

    It is not bootable. Can you do something about it?
  6. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Let's try to boot your computer using the Ultimate Boot CD for Windows (UBCD4win).

    Please print this guide for future reference!

    You will need a blank CD, a clean computer and a flash drive.

    Please follow the steps below and let me know if you were successful. If you were unable to create the UBCD4win, please tell me what error messages you got and/or what steps you got hung up on.

    :step1:

    1. Download and Run Ultimate Boot CD for Windows
    • Save it to your Desktop.
    • Double-Click on the UBCD4Win.EXE that you just downloaded to your desktop.
    • Follow all of the instructions/prompts that come up.
      NOTES:
      • Do not install to a folder with spaces in it's name.
      • Your Anti-Virus may report viruses or trojans when you extract UBCD4Win, these are "False-Positives." Read HERE for information regarding the files that normally trigger AV software.
    2. Insert your XP CD with SP1/SP2/SP3 into a CD Rom drive
    • Double-Click on UBCD4WinBuilder.exe located in your C:\ubcd4win folder.
    • Click "I agree" to the Builders License.
    • Click NO to Search for Windows Installation Files
    • Make the following selections from the Main Screen that pops up:
      • Builder
        • Source:(path to Windows installation files)
          • Enter the path to the drive where your XP CD is located.
          • You can click on the "..." button on the right to navigate to the path as well.
        • Custom: (include files and folders from this directory)
          • No information is necessary, leave blank.
        • Output: (C:\ubcd4win\BartPE)
          • Keep the default BartPE
      • Media output
        • Choose Create ISO image
        • Do not choose Burn to CD/DVD


        Please note: If your XP install disc is SP1 then please .....
        1. Disable- DComLaunch Service
        2. Enable- LargeIDE Fix

          This can be done by pressing the "Plugin" button and checking or unchecking the appropriate selections

        Also note: If you have a Dell XP install disc you will need to follow the instructions here
        http://www.ubcd4win.com/faq.htm#dell

      3. Click on the "Build" button
      • You will see the Windows EULA message. Click on I Agree
      • You will now see the Build Screen. Let it run it's course
      • When the Build is finished you can click close, then exit


      4. Burn your ISO file to CD
      • Please see HERE on how to burn an ISO to CD.

    ==========

    :step2:

    Next, from your clean computer:

    Download Farbar Recovery Scan Tool
    and save it to your flash drive.

    Now plug your flashdrive back into your sick computer and follow the next instructions:

    ==========

    :step3:

    1. Restart Your sick Computer Using the UBCD4Win Disc That You Have Created
    • Insert the UBCD4Win disc in to one of your CD/DVD drives.
    • Restart your computer.
      • The computer should choose to boot from the UBCD4Win CD automatically. If it doesn't and you are asked if you want to boot from CD, then choose that option.
    • In the window that pops up select Launch The Ultimate Boot CD For Windows and press Enter.
      • It may take a little longer for the Desktop to appear than it does when you start your computer normally. Just let the process run itself until the desktop appears.
    • Once the desktop appears, you will receive a message asking: Do you want to start Network support?
      • Click on Yes if you want to use the PE environment to get online post your log and reply by way of an Ethernet connection.
    • You should now have a desktop that looks like this:
      [​IMG]

    ==========

    :step4:

    • Single click My computer from your UBCD4W desktop to navigate to the Farbar Recovery Scan Tool you saved to your flash drive.
    • Double click on it to begin running the tool.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your next reply.
  7. meadow

    meadow TS Rookie Topic Starter Posts: 83

    At step 1: 1. download and run UBCD for window, while tring to download UBCD4win.exe, I got error message "Setup:CoCreateInstance failed, code 0x80040154, class not registered". I continued and download the UBCD4win to my c:\UBCD4Win folder.
    at step1:2, (question: what is XP CD with SP1/SP2/SP3 ?)
    I double-clicked UBCD4WinBuilder.exe on C:\UBCD4Win, clicked "I agree", click "No" to search for window installation files,
    then on the main screen, under Builder- source path to windows installation files, I enter d: that is where my cd rom drive is, Custom and Output, I did what you suggested...
    under Media output, I did what you suggested too.
    at step 1:3, I clicked on "build" button, a eror message window pop up "Invalid Source Path cannot find file (D:\j386\setupldr.bin)"

    I cannot go any further.
    I only have 2 disc come with my clean DELL computer, one marked with Restore Disk: D-series, the other disk has only one file D610XPSP3.tib, I tried both cd for step1:3, none of them worked.
    where did I do wrong?
    Thank you so much for your help.
  8. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    You will need a USB flash drive.

    Download GETxPUD.exe to the desktop of your clean computer
    • Run GETxPUD.exe
    • A new folder will appear on the desktop.
    • Open the GETxPUD folder and click on the get&burn.bat
    • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
    • Click on Start and follow the prompts to burn the image to a CD.
    • Next download rst.sh to your USB flash drive
    • Remove the USB & CD and insert it in the sick computer
    • Boot the Sick computer with the CD you just burned
    • The computer must be set to boot from the CD
    • Gently tap F12 and choose to boot from the CD
    • Follow the prompts
    • A Welcome to xPUD screen will appear
    • Press File
    • Expand mnt
    • sda1,2...usually corresponds to your HDD
    • sdb1 is likely your USB
    • Click on the folder that represents your USB drive (sdb1 ?)
    • Confirm that you see rst.sh that you downloaded there
    • Press Tool at the top
    • Choose Open Terminal
    • Type bash rst.sh
    • Press Enter
    • After it has finished a report will be located on your USB drive named enum.log
    • Remove the USB drive and insert it back in your working computer and navigate to enum.log

      Please note - all text entries are case sensitive
    Copy and paste the enum.log for my review
  9. meadow

    meadow TS Rookie Topic Starter Posts: 83

    Here is enum.log

    31.8M Oct 26 19:28 /mnt/sda1/WINDOWS/system32/config/software
    6.0M Oct 29 20:16 /mnt/sda1/WINDOWS/system32/config/system

    31.5M Sep 23 00:57 /sda1/~/RP757/~SOFTWARE
    31.5M Sep 23 05:57 /sda1/~/RP758/~SOFTWARE
    31.5M Sep 23 13:47 /sda1/~/RP759/~SOFTWARE
    31.5M Sep 24 00:57 /sda1/~/RP760/~SOFTWARE
    31.5M Sep 24 11:57 /sda1/~/RP761/~SOFTWARE
    31.5M Sep 24 13:47 /sda1/~/RP762/~SOFTWARE
    31.5M Sep 24 23:57 /sda1/~/RP763/~SOFTWARE
    31.5M Sep 25 10:57 /sda1/~/RP764/~SOFTWARE
    31.5M Sep 26 00:57 /sda1/~/RP766/~SOFTWARE
    31.5M Sep 26 11:45 /sda1/~/RP767/~SOFTWARE
    31.5M Sep 26 13:47 /sda1/~/RP768/~SOFTWARE
    31.5M Sep 26 23:57 /sda1/~/RP769/~SOFTWARE
    31.5M Sep 27 10:57 /sda1/~/RP770/~SOFTWARE
    31.5M Sep 27 13:47 /sda1/~/RP771/~SOFTWARE
    31.5M Sep 27 23:57 /sda1/~/RP772/~SOFTWARE
    31.5M Sep 28 10:57 /sda1/~/RP773/~SOFTWARE
    31.5M Sep 28 13:47 /sda1/~/RP774/~SOFTWARE
    31.5M Sep 28 23:57 /sda1/~/RP775/~SOFTWARE
    31.5M Sep 29 10:45 /sda1/~/RP776/~SOFTWARE
    31.5M Sep 29 13:47 /sda1/~/RP777/~SOFTWARE
    31.5M Sep 30 00:45 /sda1/~/RP778/~SOFTWARE
    31.5M Sep 30 05:57 /sda1/~/RP779/~SOFTWARE
    31.5M Sep 30 13:47 /sda1/~/RP780/~SOFTWARE
    31.5M Oct 1 00:57 /sda1/~/RP781/~SOFTWARE
    31.5M Oct 1 11:57 /sda1/~/RP782/~SOFTWARE
    31.5M Oct 1 13:47 /sda1/~/RP783/~SOFTWARE
    31.5M Oct 2 00:57 /sda1/~/RP784/~SOFTWARE
    31.5M Oct 2 11:57 /sda1/~/RP785/~SOFTWARE
    31.5M Oct 3 00:57 /sda1/~/RP787/~SOFTWARE
    31.5M Oct 3 11:57 /sda1/~/RP788/~SOFTWARE
    31.5M Oct 3 13:47 /sda1/~/RP789/~SOFTWARE
    31.5M Oct 3 23:57 /sda1/~/RP790/~SOFTWARE
    31.5M Oct 4 10:45 /sda1/~/RP791/~SOFTWARE
    31.5M Oct 4 13:47 /sda1/~/RP792/~SOFTWARE
    31.5M Oct 4 23:57 /sda1/~/RP793/~SOFTWARE
    31.5M Oct 5 10:57 /sda1/~/RP794/~SOFTWARE
    31.5M Oct 5 20:58 /sda1/~/RP795/~SOFTWARE
    31.5M Oct 6 07:45 /sda1/~/RP796/~SOFTWARE
    31.5M Oct 6 17:57 /sda1/~/RP797/~SOFTWARE
    31.5M Oct 7 04:57 /sda1/~/RP798/~SOFTWARE
    31.5M Oct 7 15:57 /sda1/~/RP799/~SOFTWARE
    31.5M Oct 8 02:45 /sda1/~/RP800/~SOFTWARE
    31.5M Oct 8 12:57 /sda1/~/RP801/~SOFTWARE
    31.5M Oct 8 23:57 /sda1/~/RP802/~SOFTWARE
    31.5M Oct 9 10:57 /sda1/~/RP803/~SOFTWARE
    31.5M Oct 9 21:22 /sda1/~/RP804/~SOFTWARE
    31.5M Oct 10 07:45 /sda1/~/RP805/~SOFTWARE
    31.5M Oct 10 18:28 /sda1/~/RP806/~SOFTWARE
    31.5M Oct 11 14:57 /sda1/~/RP808/~SOFTWARE
    31.5M Oct 12 01:57 /sda1/~/RP809/~SOFTWARE
    31.5M Oct 12 12:45 /sda1/~/RP810/~SOFTWARE
    31.6M Oct 12 22:57 /sda1/~/RP811/~SOFTWARE
    31.6M Oct 13 09:57 /sda1/~/RP812/~SOFTWARE
    31.6M Oct 13 20:57 /sda1/~/RP813/~SOFTWARE
    31.6M Oct 14 07:57 /sda1/~/RP814/~SOFTWARE
    31.6M Oct 14 18:57 /sda1/~/RP815/~SOFTWARE
    31.6M Oct 15 05:45 /sda1/~/RP816/~SOFTWARE
    31.6M Oct 15 15:54 /sda1/~/RP817/~SOFTWARE
    31.6M Oct 16 02:57 /sda1/~/RP818/~SOFTWARE
    31.6M Oct 16 14:37 /sda1/~/RP819/~SOFTWARE
    31.6M Oct 17 00:57 /sda1/~/RP820/~SOFTWARE
    31.6M Oct 17 10:57 /sda1/~/RP821/~SOFTWARE
    31.6M Oct 17 21:57 /sda1/~/RP822/~SOFTWARE
    31.6M Oct 18 08:45 /sda1/~/RP823/~SOFTWARE
    31.6M Oct 19 06:08 /sda1/~/RP824/~SOFTWARE
    31.6M Oct 20 07:07 /sda1/~/RP825/~SOFTWARE
    31.6M Oct 20 18:07 /sda1/~/RP826/~SOFTWARE
    31.6M Oct 21 05:07 /sda1/~/RP827/~SOFTWARE
    31.6M Oct 21 16:07 /sda1/~/RP828/~SOFTWARE
    31.6M Oct 22 03:07 /sda1/~/RP829/~SOFTWARE
    31.5M Sep 25 13:47 /sda1/~/RP765/~SOFTWARE
    31.5M Oct 2 13:52 /sda1/~/RP786/~SOFTWARE
    31.5M Oct 11 04:45 /sda1/~/RP807/~SOFTWARE
    5.8M Sep 23 00:57 /sda1/~/RP757/~SYSTEM
    5.8M Sep 23 05:57 /sda1/~/RP758/~SYSTEM
    5.8M Sep 23 13:47 /sda1/~/RP759/~SYSTEM
    5.8M Sep 24 00:57 /sda1/~/RP760/~SYSTEM
    5.8M Sep 24 11:57 /sda1/~/RP761/~SYSTEM
    5.8M Sep 24 13:47 /sda1/~/RP762/~SYSTEM
    5.8M Sep 24 23:57 /sda1/~/RP763/~SYSTEM
    5.8M Sep 25 10:57 /sda1/~/RP764/~SYSTEM
    5.8M Sep 26 00:57 /sda1/~/RP766/~SYSTEM
    5.8M Sep 26 11:45 /sda1/~/RP767/~SYSTEM
    5.8M Sep 26 13:47 /sda1/~/RP768/~SYSTEM
    5.8M Sep 26 23:57 /sda1/~/RP769/~SYSTEM
    5.8M Sep 27 10:57 /sda1/~/RP770/~SYSTEM
    5.8M Sep 27 13:47 /sda1/~/RP771/~SYSTEM
    5.8M Sep 27 23:57 /sda1/~/RP772/~SYSTEM
    5.8M Sep 28 10:57 /sda1/~/RP773/~SYSTEM
    5.8M Sep 28 13:47 /sda1/~/RP774/~SYSTEM
    5.8M Sep 28 23:57 /sda1/~/RP775/~SYSTEM
    5.8M Sep 29 10:45 /sda1/~/RP776/~SYSTEM
    5.8M Sep 29 13:47 /sda1/~/RP777/~SYSTEM
    5.8M Sep 30 00:45 /sda1/~/RP778/~SYSTEM
    5.8M Sep 30 05:57 /sda1/~/RP779/~SYSTEM
    5.8M Sep 30 13:47 /sda1/~/RP780/~SYSTEM
    5.8M Oct 1 00:57 /sda1/~/RP781/~SYSTEM
    5.8M Oct 1 11:57 /sda1/~/RP782/~SYSTEM
    5.8M Oct 1 13:47 /sda1/~/RP783/~SYSTEM
    5.8M Oct 2 00:57 /sda1/~/RP784/~SYSTEM
    5.8M Oct 2 11:57 /sda1/~/RP785/~SYSTEM
    5.8M Oct 3 00:57 /sda1/~/RP787/~SYSTEM
    5.8M Oct 3 11:57 /sda1/~/RP788/~SYSTEM
    5.8M Oct 3 13:47 /sda1/~/RP789/~SYSTEM
    5.8M Oct 3 23:57 /sda1/~/RP790/~SYSTEM
    5.8M Oct 4 10:45 /sda1/~/RP791/~SYSTEM
    5.8M Oct 4 13:47 /sda1/~/RP792/~SYSTEM
    5.8M Oct 4 23:57 /sda1/~/RP793/~SYSTEM
    5.8M Oct 5 10:57 /sda1/~/RP794/~SYSTEM
    5.8M Oct 5 20:58 /sda1/~/RP795/~SYSTEM
    5.8M Oct 6 07:45 /sda1/~/RP796/~SYSTEM
    5.8M Oct 6 17:57 /sda1/~/RP797/~SYSTEM
    5.8M Oct 7 04:57 /sda1/~/RP798/~SYSTEM
    5.8M Oct 7 15:57 /sda1/~/RP799/~SYSTEM
    5.8M Oct 8 02:45 /sda1/~/RP800/~SYSTEM
    5.8M Oct 8 12:57 /sda1/~/RP801/~SYSTEM
    5.8M Oct 8 23:57 /sda1/~/RP802/~SYSTEM
    5.8M Oct 9 10:57 /sda1/~/RP803/~SYSTEM
    5.8M Oct 9 21:22 /sda1/~/RP804/~SYSTEM
    5.8M Oct 10 07:45 /sda1/~/RP805/~SYSTEM
    5.8M Oct 10 18:28 /sda1/~/RP806/~SYSTEM
    5.8M Oct 11 14:57 /sda1/~/RP808/~SYSTEM
    5.8M Oct 12 01:57 /sda1/~/RP809/~SYSTEM
    5.8M Oct 12 12:45 /sda1/~/RP810/~SYSTEM
    5.8M Oct 12 22:57 /sda1/~/RP811/~SYSTEM
    5.8M Oct 13 09:57 /sda1/~/RP812/~SYSTEM
    5.8M Oct 13 20:57 /sda1/~/RP813/~SYSTEM
    5.8M Oct 14 07:57 /sda1/~/RP814/~SYSTEM
    5.8M Oct 14 18:57 /sda1/~/RP815/~SYSTEM
    5.8M Oct 15 05:45 /sda1/~/RP816/~SYSTEM
    5.8M Oct 15 15:54 /sda1/~/RP817/~SYSTEM
    5.8M Oct 16 02:57 /sda1/~/RP818/~SYSTEM
    5.8M Oct 16 14:37 /sda1/~/RP819/~SYSTEM
    5.8M Oct 17 00:57 /sda1/~/RP820/~SYSTEM
    5.8M Oct 17 10:57 /sda1/~/RP821/~SYSTEM
    5.8M Oct 17 21:57 /sda1/~/RP822/~SYSTEM
    5.8M Oct 18 08:45 /sda1/~/RP823/~SYSTEM
    5.9M Oct 19 06:08 /sda1/~/RP824/~SYSTEM
    5.9M Oct 20 07:07 /sda1/~/RP825/~SYSTEM
    5.9M Oct 20 18:07 /sda1/~/RP826/~SYSTEM
    5.9M Oct 21 05:07 /sda1/~/RP827/~SYSTEM
    5.9M Oct 21 16:07 /sda1/~/RP828/~SYSTEM
    5.9M Oct 22 03:07 /sda1/~/RP829/~SYSTEM
    5.8M Sep 25 13:47 /sda1/~/RP765/~SYSTEM
    5.8M Oct 2 13:52 /sda1/~/RP786/~SYSTEM
    5.8M Oct 11 04:45 /sda1/~/RP807/~SYSTEM
    Thank you.
  10. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Please open the terminal again from your USB device and type:

    bash rst.sh -r

    Press Enter

    Type 764 and press Enter.

    When done restart your computer normally and see if you can successfully log on now.

    See if you can boot normally.
  11. meadow

    meadow TS Rookie Topic Starter Posts: 83

    I did as you instruced, and it seems didn't produce log file.
    I tried to boot pc up normally, it took little while after enter the userid and passwd, then desktop show up and pc restarted right way.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    See if same thing happens in safe mode.
  13. meadow

    meadow TS Rookie Topic Starter Posts: 83

    I can boot up the computer in safe mode.
    Now should I go back to do the 5 steps or else?
    Thanks.
  14. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Good :)
    Run this from safe mode.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  15. meadow

    meadow TS Rookie Topic Starter Posts: 83

    I have been running Combofix, after Autoscan ran for over 25 minutes, the windowXP logo show up ( screen saver, I believe) and I cannot get rid of it. Ctrl+Alt+Del wouldn't work. So I don't know if it is still scanning or something? till now it is another 25 min. pasted.
    Continue to wait or shut down the computer?
  16. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Give it some more time.
  17. meadow

    meadow TS Rookie Topic Starter Posts: 83

    It is over 3 hours. WindowXP logo still float around on the screen. what should I do?
  18. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Restart manually to safe mode and try again.
  19. meadow

    meadow TS Rookie Topic Starter Posts: 83

    I restarted, and it is over one hour now, it is still scanning.
    And I noticed the clock is not running.
  20. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    For x86 (x32) bit systems please download Listparts to your Desktop.
    For x64 bit systems please download Listparts64 to your Desktop.
    Double click on downloaded file to start the program.

    Click on Scan button.

    Scan result will open in Notepad (Result.txt).
    Post it in your next reply.
  21. meadow

    meadow TS Rookie Topic Starter Posts: 83

    Here is the log file Result.txt:
    ListParts by Farbar Version: 30-10-2012
    Ran by username (administrator) on 02-11-2012 at 11:00:55
    Windows XP (X86)
    Running From: C:\Documents and Settings\username\Desktop
    Language: 0409
    ************************************************************
    ========================= Memory info ======================
    Percentage of memory in use: 15%
    Total physical RAM: 2013.52 MB
    Available physical RAM: 1701.75 MB
    Total Pagefile: 3908.09 MB
    Available Pagefile: 3647.36 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2003.05 MB
    ======================= Partitions =========================
    1 Drive c: (drive name) (Fixed) (Total:149 GB) (Free:132.66 GB) NTFS ==>[Drive with boot components (Windows XP)]
    3 Drive e: (LEXAR MEDIA) (Removable) (Total:0.24 GB) (Free:0.12 GB) FAT
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 149 GB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 149 GB 8033 KB
    Partition 2 Unknown 1802 KB 149 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C drivename NTFS Partition 149 GB Healthy Boot
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: Yes
    There is no volume associated with this partition.
    ======================================================================================================
    ****** End Of Log ******


    Thanks.
  22. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Very well :)

    We have fake infected partition there.

    Download GETxPUD.exe to the desktop of your clean computer

    • Double click on GETxPUD.exe
    • A new folder will appear on the desktop.
    • Open the GETxPUD folder and click on the get&burn.bat
    • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
    • Insert blank CD into your CD drive.
    • Click on Start and follow the prompts to burn the image to a CD.
    • Boot bad computer from the CD
    • Click Menu then Terminal Emulator
    • Type parted /dev/sda set 1 boot on
    • Press Enter
    • Type parted /dev/sda rm 2
    • Press Enter
    • Remove xPUD CD, reboot, run ListParts and post the log
  23. meadow

    meadow TS Rookie Topic Starter Posts: 83

    Log of ListParts, Result.txt


    ListParts by Farbar Version: 30-10-2012
    Ran by userid (administrator) on 05-11-2012 at 11:02:44
    Windows XP (X86)
    Running From: C:\Documents and Settings\userid\Desktop
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 29%
    Total physical RAM: 2013.54 MB
    Available physical RAM: 1423.94 MB
    Total Pagefile: 3904.55 MB
    Available Pagefile: 3347.25 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2001.69 MB

    ======================= Partitions =========================

    1 Drive c: (drive label) (Fixed) (Total:149 GB) (Free:130.69 GB) NTFS ==>[Drive with boot components (Windows XP)]

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 149 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 149 GB 8033 KB
    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C drive label NTFS Partition 149 GB Healthy System (partition with boot components)
    ======================================================================================================

    ****** End Of Log ******

    Thanks.
  24. Broni

    Broni Malware Annihilator Posts: 46,775   +254

    Good job :)

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
    =========================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    ========================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  25. meadow

    meadow TS Rookie Topic Starter Posts: 83

    I can boot up my computer normally, but I get window error message there is error on the system..., I continued, and Window Error Message Reporting window pop up suggest me to report, I ignored it and continue.
    here is the log from TDSSKiller:
    13:15:03.0187 2268 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    13:15:03.0187 2268 ============================================================
    13:15:03.0187 2268 Current date / time: 2012/11/06 13:15:03.0187
    13:15:03.0187 2268 SystemInfo:
    13:15:03.0187 2268
    13:15:03.0187 2268 OS Version: 5.1.2600 ServicePack: 3.0
    13:15:03.0187 2268 Product type: Workstation
    13:15:03.0187 2268 ComputerName: mycomputername
    13:15:03.0187 2268 UserName: username
    13:15:03.0187 2268 Windows directory: C:\WINDOWS
    13:15:03.0187 2268 System windows directory: C:\WINDOWS
    13:15:03.0187 2268 Processor architecture: Intel x86
    13:15:03.0187 2268 Number of processors: 2
    13:15:03.0187 2268 Page size: 0x1000
    13:15:03.0187 2268 Boot type: Normal boot
    13:15:03.0187 2268 ============================================================
    13:15:05.0125 2268 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    13:15:05.0125 2268 ============================================================
    13:15:05.0125 2268 \Device\Harddisk0\DR0:
    13:15:05.0125 2268 MBR partitions:
    13:15:05.0125 2268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3EC1, BlocksNum 0x12A0123B
    13:15:05.0125 2268 ============================================================
    13:15:05.0171 2268 C: <-> \Device\Harddisk0\DR0\Partition1
    13:15:05.0171 2268 ============================================================
    13:15:05.0171 2268 Initialize success
    13:15:05.0171 2268 ============================================================
    13:15:07.0343 0660 ============================================================
    13:15:07.0343 0660 Scan started
    13:15:07.0343 0660 Mode: Manual;
    13:15:07.0343 0660 ============================================================
    13:15:08.0453 0660 ================ Scan system memory ========================
    13:15:09.0953 0660 System memory - ok
    13:15:09.0953 0660 ================ Scan services =============================
    13:15:10.0109 0660 Abiosdsk - ok
    13:15:10.0140 0660 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    13:15:10.0140 0660 abp480n5 - ok
    13:15:10.0187 0660 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    13:15:10.0187 0660 ACPI - ok
    13:15:10.0234 0660 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    13:15:10.0234 0660 ACPIEC - ok
    13:15:10.0296 0660 [ 54613C0CAB4C452C852EFAFB97A8A0E9 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
    13:15:10.0296 0660 ADIHdAudAddService - ok
    13:15:10.0343 0660 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    13:15:10.0343 0660 adpu160m - ok
    13:15:10.0343 0660 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    13:15:10.0343 0660 aec - ok
    13:15:10.0390 0660 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    13:15:10.0390 0660 AFD - ok
    13:15:10.0453 0660 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    13:15:10.0453 0660 agp440 - ok
    13:15:10.0453 0660 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    13:15:10.0453 0660 agpCPQ - ok
    13:15:10.0453 0660 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
    13:15:10.0453 0660 Aha154x - ok
    13:15:10.0468 0660 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    13:15:10.0468 0660 aic78u2 - ok
    13:15:10.0468 0660 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    13:15:10.0468 0660 aic78xx - ok
    13:15:10.0515 0660 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    13:15:10.0531 0660 Alerter - ok
    13:15:10.0546 0660 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    13:15:10.0578 0660 ALG - ok
    13:15:10.0687 0660 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
    13:15:10.0687 0660 AliIde - ok
    13:15:10.0703 0660 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
    13:15:10.0703 0660 alim1541 - ok
    13:15:10.0718 0660 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
    13:15:10.0718 0660 amdagp - ok
    13:15:10.0718 0660 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
    13:15:10.0718 0660 amsint - ok
    13:15:10.0750 0660 [ CFD0CED503110272B43626C852D7F55D ] Anydlc C:\WINDOWS\System32\drivers\anydlc.sys
    13:15:10.0750 0660 Anydlc - ok
    13:15:10.0828 0660 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
    13:15:10.0859 0660 AppMgmt - ok
    13:15:11.0171 0660 [ 2E0EC736FA0D9B463CBC8DD435D2AE15 ] Appn C:\WINDOWS\System32\drivers\appn.sys
    13:15:11.0187 0660 Appn - ok
    13:15:11.0875 0660 [ 71DBCEE63C197C156E7300634E61BE91 ] AppnApi C:\WINDOWS\System32\drivers\appnapi.sys
    13:15:11.0890 0660 AppnApi - ok
    13:15:11.0937 0660 [ BDCCB1FB333D76A7675E5621C2CC1A01 ] AppnBase C:\WINDOWS\System32\drivers\AppnBase.sys
    13:15:11.0937 0660 AppnBase - ok
    13:15:11.0968 0660 [ 36F88817105B92DDD7E8A8F00287FDC3 ] AppnNode C:\WINDOWS\system32\Drivers\appnnode.exe
    13:15:11.0968 0660 AppnNode - ok
    13:15:11.0984 0660 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
    13:15:11.0984 0660 asc - ok
    13:15:12.0046 0660 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    13:15:12.0046 0660 asc3350p - ok
    13:15:12.0078 0660 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
    13:15:12.0078 0660 asc3550 - ok
    13:15:12.0406 0660 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    13:15:12.0500 0660 aspnet_state - ok
    13:15:12.0546 0660 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    13:15:12.0546 0660 AsyncMac - ok
    13:15:12.0593 0660 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    13:15:12.0593 0660 atapi - ok
    13:15:12.0593 0660 Atdisk - ok
    13:15:12.0750 0660 [ 6A9420C302E3ABF99B58426FBA694C51 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
    13:15:12.0984 0660 Ati HotKey Poller - ok
    13:15:13.0687 0660 [ 011388DDC5B83EF4A0B2B829735C646F ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    13:15:13.0718 0660 ati2mtag - ok
    13:15:13.0750 0660 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    13:15:13.0750 0660 Atmarpc - ok
    13:15:13.0781 0660 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    13:15:13.0781 0660 AudioSrv - ok
    13:15:13.0812 0660 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    13:15:13.0812 0660 audstub - ok
    13:15:13.0890 0660 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    13:15:13.0890 0660 Beep - ok
    13:15:13.0937 0660 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    13:15:13.0968 0660 BITS - ok
    13:15:14.0031 0660 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
    13:15:14.0125 0660 Browser - ok
    13:15:14.0203 0660 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    13:15:14.0203 0660 cbidf - ok
    13:15:14.0203 0660 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    13:15:14.0203 0660 cbidf2k - ok
    13:15:14.0250 0660 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    13:15:14.0250 0660 CCDECODE - ok
    13:15:14.0390 0660 [ A454A9BAA25B8C8E76735DD86BD4B017 ] CcmExec C:\WINDOWS\system32\CCM\CcmExec.exe
    13:15:14.0421 0660 CcmExec - ok
    13:15:14.0484 0660 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    13:15:14.0484 0660 cd20xrnt - ok
    13:15:14.0500 0660 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    13:15:14.0500 0660 Cdaudio - ok
    13:15:14.0531 0660 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    13:15:14.0531 0660 Cdfs - ok
    13:15:14.0578 0660 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    13:15:14.0578 0660 Cdrom - ok
    13:15:14.0578 0660 Changer - ok
    13:15:14.0625 0660 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    13:15:14.0625 0660 CiSvc - ok
    13:15:14.0640 0660 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    13:15:14.0640 0660 ClipSrv - ok
    13:15:14.0687 0660 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    13:15:15.0031 0660 clr_optimization_v2.0.50727_32 - ok
    13:15:15.0187 0660 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    13:15:15.0187 0660 clr_optimization_v4.0.30319_32 - ok
    13:15:15.0250 0660 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
    13:15:15.0250 0660 CmdIde - ok
    13:15:15.0265 0660 COMSysApp - ok
    13:15:15.0265 0660 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    13:15:15.0265 0660 Cpqarray - ok
    13:15:15.0328 0660 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    13:15:15.0343 0660 CryptSvc - ok
    13:15:15.0421 0660 [ 605AC3AB0570C571C0D4129092A71FCF ] csrcmds C:\Program Files\IBM\Personal Communications\csrcmds.exe
    13:15:15.0453 0660 csrcmds - ok
    13:15:15.0468 0660 [ 26DDCDD81EA0D7D78545ED3EE4E50B43 ] cstrcser C:\WINDOWS\system32\drivers\cstrcser.exe
    13:15:15.0468 0660 cstrcser - ok
    13:15:15.0500 0660 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
    13:15:15.0500 0660 CVirtA - ok
    13:15:15.0687 0660 [ 8B8B082010775093081DEBE9621BEDF0 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    13:15:15.0859 0660 CVPND - ok
    13:15:16.0171 0660 [ 720482888C3778F26EEB83D286A6CDC3 ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
    13:15:16.0171 0660 CVPNDRVA - ok
    13:15:16.0250 0660 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    13:15:16.0250 0660 dac2w2k - ok
    13:15:16.0250 0660 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    13:15:16.0250 0660 dac960nt - ok
    13:15:16.0421 0660 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    13:15:16.0421 0660 DcomLaunch - ok
    13:15:16.0484 0660 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    13:15:16.0484 0660 Dhcp - ok
    13:15:16.0515 0660 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    13:15:16.0531 0660 Disk - ok
    13:15:16.0531 0660 dmadmin - ok
    13:15:17.0062 0660 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    13:15:17.0062 0660 dmboot - ok
    13:15:17.0156 0660 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    13:15:17.0156 0660 dmio - ok
    13:15:17.0203 0660 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    13:15:17.0203 0660 dmload - ok
    13:15:17.0296 0660 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    13:15:17.0312 0660 dmserver - ok
    13:15:17.0406 0660 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    13:15:17.0406 0660 DMusic - ok
    13:15:17.0437 0660 [ 86D52C32A308F84BBC626BFF7C1FB710 ] DNE C:\WINDOWS\system32\DRIVERS\dne2000.sys
    13:15:17.0437 0660 DNE - ok
    13:15:17.0500 0660 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    13:15:17.0500 0660 Dnscache - ok
    13:15:17.0531 0660 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    13:15:17.0546 0660 Dot3svc - ok
    13:15:17.0609 0660 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    13:15:17.0609 0660 dpti2o - ok
    13:15:17.0671 0660 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    13:15:17.0671 0660 drmkaud - ok
    13:15:17.0812 0660 [ 8942419786970ADB32B05BB7950AEE72 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    13:15:17.0812 0660 e1express - ok
    13:15:17.0890 0660 [ 8BED3DBBB13D2C8E1C1C9DECEC309826 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k5132.sys
    13:15:17.0890 0660 e1kexpress - ok
    13:15:17.0937 0660 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    13:15:17.0937 0660 EapHost - ok
    13:15:17.0968 0660 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    13:15:17.0968 0660 ERSvc - ok
    13:15:18.0015 0660 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    13:15:18.0015 0660 Eventlog - ok
    13:15:18.0109 0660 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    13:15:18.0109 0660 EventSystem - ok
    13:15:18.0156 0660 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    13:15:18.0156 0660 Fastfat - ok
    13:15:18.0203 0660 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    13:15:18.0234 0660 FastUserSwitchingCompatibility - ok
    13:15:18.0296 0660 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
    13:15:18.0296 0660 Fax - ok
    13:15:18.0343 0660 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
    13:15:18.0343 0660 Fdc - ok
    13:15:18.0421 0660 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    13:15:18.0421 0660 Fips - ok
    13:15:18.0421 0660 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
    13:15:18.0421 0660 Flpydisk - ok
    13:15:18.0453 0660 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    13:15:18.0453 0660 FltMgr - ok
    13:15:18.0515 0660 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    13:15:18.0531 0660 FontCache3.0.0.0 - ok
    13:15:18.0593 0660 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    13:15:18.0593 0660 Fs_Rec - ok
    13:15:18.0656 0660 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    13:15:18.0656 0660 Ftdisk - ok
    13:15:18.0750 0660 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    13:15:18.0750 0660 Gpc - ok
    13:15:18.0812 0660 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    13:15:18.0812 0660 HDAudBus - ok
    13:15:18.0843 0660 [ C865D1F6D03595DF213DC3C67E4E4C58 ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys
    13:15:18.0843 0660 HECI - ok
    13:15:18.0937 0660 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    13:15:18.0937 0660 helpsvc - ok
    13:15:18.0937 0660 HidServ - ok
    13:15:18.0984 0660 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    13:15:18.0984 0660 hidusb - ok
    13:15:19.0015 0660 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    13:15:19.0015 0660 hkmsvc - ok
    13:15:19.0078 0660 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
    13:15:19.0078 0660 hpn - ok
    13:15:19.0125 0660 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    13:15:19.0125 0660 HTTP - ok
    13:15:19.0187 0660 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    13:15:19.0203 0660 HTTPFilter - ok
    13:15:19.0234 0660 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
    13:15:19.0234 0660 i2omgmt - ok
    13:15:19.0250 0660 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
    13:15:19.0250 0660 i2omp - ok
    13:15:19.0265 0660 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
    13:15:19.0265 0660 i8042prt - ok
    13:15:19.0296 0660 [ 592A0B130FF567A1725F96AD1510D551 ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
    13:15:19.0296 0660 iaStor - ok
    13:15:19.0359 0660 [ 9F184AD7E06F21F35DC7F479FB1C4A56 ] IBM_LLC2 C:\WINDOWS\system32\DRIVERS\llc2.sys
    13:15:19.0359 0660 IBM_LLC2 - ok
    13:15:19.0421 0660 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    13:15:19.0546 0660 idsvc - ok
    13:15:20.0687 0660 iftlsnr - ok
    13:15:20.0718 0660 [ 6857608702487F4DC340080A91BAB642 ] iftrcdrv C:\PROGRA~1\PEREGR~1\INFRAT~1\bin\iftrcdrv.sys
    13:15:20.0734 0660 iftrcdrv - ok
    13:15:20.0812 0660 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    13:15:20.0812 0660 Imapi - ok
    13:15:20.0890 0660 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    13:15:20.0890 0660 ImapiService - ok
    13:15:20.0937 0660 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
    13:15:20.0937 0660 ini910u - ok
    13:15:20.0984 0660 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    13:15:20.0984 0660 IntelIde - ok
    13:15:21.0000 0660 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    13:15:21.0015 0660 intelppm - ok
    13:15:21.0093 0660 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    13:15:21.0093 0660 Ip6Fw - ok
    13:15:21.0093 0660 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    13:15:21.0093 0660 IpFilterDriver - ok
    13:15:21.0140 0660 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    13:15:21.0140 0660 IpInIp - ok
    13:15:21.0234 0660 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    13:15:21.0234 0660 IpNat - ok
    13:15:21.0281 0660 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    13:15:21.0296 0660 IPSec - ok
    13:15:21.0328 0660 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    13:15:21.0328 0660 IRENUM - ok
    13:15:21.0390 0660 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    13:15:21.0390 0660 isapnp - ok
    13:15:21.0500 0660 [ 435D9A74B6C512C9542E295C18B20E5A ] JuniperAccessService C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    13:15:21.0500 0660 JuniperAccessService - ok
    13:15:21.0546 0660 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    13:15:21.0546 0660 Kbdclass - ok
    13:15:21.0625 0660 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    13:15:21.0625 0660 kbdhid - ok
    13:15:21.0656 0660 [ C77BFDD73E39AEC98E247A96E896737C ] KLOGNT C:\WINDOWS\System32\drivers\klognt.sys
    13:15:21.0656 0660 KLOGNT - ok
    13:15:21.0687 0660 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    13:15:21.0687 0660 kmixer - ok
    13:15:21.0750 0660 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    13:15:21.0750 0660 KSecDD - ok
    13:15:21.0812 0660 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
    13:15:21.0812 0660 LanmanServer - ok
    13:15:21.0859 0660 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    13:15:21.0875 0660 lanmanworkstation - ok
    13:15:21.0875 0660 lbrtfdc - ok
    13:15:21.0906 0660 [ 9BCAFC3C4231295647E803984FA282B9 ] ldlcserv C:\WINDOWS\system32\Drivers\ldlcserv.exe
    13:15:21.0906 0660 ldlcserv - ok
    13:15:21.0921 0660 [ 57F8082F02BB422652CB6C2CA82526FC ] ldlcserv6 C:\WINDOWS\system32\Drivers\ldlcserv6.exe
    13:15:22.0109 0660 ldlcserv6 - ok
    13:15:22.0171 0660 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    13:15:22.0171 0660 LmHosts - ok
    13:15:22.0218 0660 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
    13:15:22.0312 0660 MBAMProtector - ok
    13:15:22.0359 0660 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    13:15:22.0500 0660 MBAMScheduler - ok
    13:15:22.0781 0660 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    13:15:22.0843 0660 MBAMService - ok
    13:15:22.0937 0660 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    13:15:22.0937 0660 MDM - ok
    13:15:22.0984 0660 [ 693CB6E68F5839D54C7CBAE17F593D32 ] megasas C:\WINDOWS\system32\DRIVERS\megasas.sys
    13:15:22.0984 0660 megasas - ok
    13:15:23.0031 0660 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    13:15:23.0078 0660 Messenger - ok
    13:15:23.0140 0660 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    13:15:23.0140 0660 mnmdd - ok
    13:15:23.0218 0660 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    13:15:23.0265 0660 mnmsrvc - ok
    13:15:23.0281 0660 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    13:15:23.0281 0660 Modem - ok
    13:15:23.0328 0660 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    13:15:23.0343 0660 Mouclass - ok
    13:15:23.0390 0660 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
    13:15:23.0390 0660 mouhid - ok
    13:15:23.0437 0660 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    13:15:23.0437 0660 MountMgr - ok
    13:15:23.0468 0660 [ FEE0BADED54222E9F1DAE9541212AAB1 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    13:15:23.0468 0660 MpFilter - ok
    13:15:23.0468 0660 Suspicious service (Hidden): MpKsld9ea1846
    13:15:23.0468 0660 MpKsld9ea1846 ( HiddenService.Multi.Generic ) - warning
    13:15:23.0468 0660 MpKsld9ea1846 - detected HiddenService.Multi.Generic (1)
    13:15:23.0500 0660 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    13:15:23.0500 0660 mraid35x - ok
    13:15:23.0531 0660 [ E3F17E1EA5256709D4E97EF0DA04B3C9 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    13:15:23.0531 0660 MRxDAV - ok
    13:15:23.0625 0660 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    13:15:23.0625 0660 MRxSmb - ok
    13:15:23.0671 0660 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    13:15:23.0671 0660 MSDTC - ok
    13:15:23.0781 0660 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    13:15:23.0781 0660 Msfs - ok
    13:15:23.0781 0660 MSIServer - ok
    13:15:23.0859 0660 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    13:15:23.0859 0660 MSKSSRV - ok
    13:15:24.0062 0660 [ CFCE43B70CA0CC4DCC8ADB62B792B173 ] MsMpSvc c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    13:15:24.0093 0660 MsMpSvc - ok
    13:15:24.0125 0660 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    13:15:24.0125 0660 MSPCLOCK - ok
    13:15:24.0140 0660 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    13:15:24.0140 0660 MSPQM - ok
    13:15:24.0328 0660 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    13:15:24.0328 0660 mssmbios - ok
    13:15:24.0390 0660 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    13:15:24.0500 0660 MSTEE - ok
    13:15:24.0531 0660 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    13:15:24.0531 0660 Mup - ok
    13:15:24.0609 0660 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    13:15:24.0640 0660 NABTSFEC - ok
    13:15:24.0937 0660 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    13:15:25.0046 0660 napagent - ok
    13:15:25.0218 0660 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    13:15:25.0312 0660 NDIS - ok
    13:15:25.0390 0660 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    13:15:25.0406 0660 NdisIP - ok
    13:15:25.0453 0660 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    13:15:25.0453 0660 NdisTapi - ok
    13:15:25.0453 0660 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    13:15:25.0453 0660 Ndisuio - ok
    13:15:25.0484 0660 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    13:15:25.0484 0660 NdisWan - ok
    13:15:25.0500 0660 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    13:15:25.0500 0660 NDProxy - ok
    13:15:25.0609 0660 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    13:15:25.0609 0660 NetBIOS - ok
    13:15:25.0625 0660 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    13:15:25.0625 0660 NetBT - ok
    13:15:25.0671 0660 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    13:15:25.0671 0660 NetDDE - ok
    13:15:25.0671 0660 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    13:15:25.0671 0660 NetDDEdsdm - ok
    13:15:25.0718 0660 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    13:15:25.0734 0660 Netlogon - ok
    13:15:25.0796 0660 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    13:15:25.0828 0660 Netman - ok
    13:15:25.0859 0660 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    13:15:25.0859 0660 NetTcpPortSharing - ok
    13:15:25.0875 0660 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    13:15:25.0906 0660 Nla - ok
    13:15:26.0000 0660 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
    13:15:26.0078 0660 NMSAccess - ok
    13:15:26.0109 0660 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    13:15:26.0109 0660 Npfs - ok
    13:15:26.0156 0660 [ D203FB9E9501425D6ACEEAFB2B208196 ] NsTrcNT C:\WINDOWS\System32\drivers\nstrcnt.sys
    13:15:26.0203 0660 NsTrcNT - ok
    13:15:26.0281 0660 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    13:15:26.0312 0660 Ntfs - ok
    13:15:26.0328 0660 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    13:15:26.0328 0660 NtLmSsp - ok
    13:15:26.0359 0660 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    13:15:26.0406 0660 NtmsSvc - ok
    13:15:26.0453 0660 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    13:15:26.0468 0660 Null - ok
    13:15:26.0531 0660 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    13:15:26.0531 0660 NwlnkFlt - ok
    13:15:26.0546 0660 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    13:15:26.0562 0660 NwlnkFwd - ok
    13:15:26.0812 0660 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    13:15:26.0890 0660 odserv - ok
    13:15:26.0921 0660 [ FC246EBA4A5375A90E7F5C764F6C5D12 ] omci C:\WINDOWS\system32\DRIVERS\omci.sys
    13:15:26.0921 0660 omci - ok
    13:15:27.0031 0660 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    13:15:27.0046 0660 ose - ok
    13:15:27.0078 0660 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    13:15:27.0078 0660 Parport - ok
    13:15:27.0125 0660 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    13:15:27.0125 0660 PartMgr - ok
    13:15:27.0156 0660 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    13:15:27.0156 0660 ParVdm - ok
    13:15:27.0218 0660 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    13:15:27.0218 0660 PCI - ok
    13:15:27.0218 0660 PCIDump - ok
    13:15:27.0296 0660 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    13:15:27.0296 0660 PCIIde - ok
    13:15:27.0390 0660 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    13:15:27.0390 0660 Pcmcia - ok
    13:15:27.0390 0660 PDCOMP - ok
    13:15:27.0390 0660 PDFRAME - ok
    13:15:27.0421 0660 [ FE731F27445D8A16050C4105B99C2FE8 ] pdlnacom C:\WINDOWS\System32\drivers\pdlnacom.sys
    13:15:27.0437 0660 pdlnacom - ok
    13:15:27.0453 0660 [ 311D15FF5C863FE7B86A03936DDD45AE ] pdlnafac C:\WINDOWS\System32\drivers\pdlnafac.sys
    13:15:27.0468 0660 pdlnafac - ok
    13:15:27.0500 0660 [ A52C93E4DFD2D51DB9A51E92F96E0A16 ] pdlncbas C:\WINDOWS\System32\drivers\pdlncbas.sys
    13:15:27.0500 0660 pdlncbas - ok
    13:15:27.0578 0660 [ DA8268CF4BE1B514C3033ED09DAB9E6A ] pdlncfwk C:\WINDOWS\System32\drivers\pdlncfwk.sys
    13:15:27.0609 0660 pdlncfwk - ok
    13:15:27.0609 0660 [ 1A19D8BBBD9E7C95BD011D4FF8F25AC2 ] pdlndint C:\WINDOWS\System32\drivers\pdlndint.sys
    13:15:27.0625 0660 pdlndint - ok
    13:15:27.0656 0660 [ 7F646360B39FE404890A00A6CC78D528 ] pdlndldl C:\WINDOWS\System32\drivers\pdlndldl.sys
    13:15:27.0687 0660 pdlndldl - ok
    13:15:27.0703 0660 [ C51C0ECBFE18ABC5507388CF2BDBC093 ] pdlndldl6 C:\WINDOWS\System32\drivers\pdlndldl6.sys
    13:15:27.0734 0660 pdlndldl6 - ok
    13:15:27.0781 0660 [ 63A5CA87C5CF1E70498853C5773B3AAB ] pdlndlpb C:\WINDOWS\System32\drivers\pdlndlpb.sys
    13:15:28.0156 0660 pdlndlpb - ok
    13:15:28.0171 0660 [ 27A07E86B0FC07B1C3E0600B325446F0 ] pdlndoem C:\WINDOWS\System32\drivers\pdlndoem.sys
    13:15:28.0187 0660 pdlndoem - ok
    13:15:28.0203 0660 [ 4E1632F7D2D5CA0870BBE9651906D1D5 ] pdlndqll C:\WINDOWS\System32\drivers\pdlndqll.sys
    13:15:28.0531 0660 pdlndqll - ok
    13:15:28.0546 0660 [ BF12ABF4291B1990A4A1E4CE945AE69E ] pdlndsdl C:\WINDOWS\System32\drivers\pdlndsdl.sys
    13:15:28.0906 0660 pdlndsdl - ok
    13:15:28.0921 0660 [ A9AC62CEE99BBDE822113F59BDDEF033 ] pdlnebas C:\WINDOWS\System32\drivers\pdlnebas.sys
    13:15:28.0937 0660 pdlnebas - ok
    13:15:28.0953 0660 [ 94D49821EF1C4859F82EAC629F516103 ] pdlnecfg C:\WINDOWS\System32\drivers\pdlnecfg.sys
    13:15:28.0984 0660 pdlnecfg - ok
    13:15:29.0000 0660 [ 263E252D320E0B8701747ABA5BAEEF33 ] pdlnemap C:\WINDOWS\System32\drivers\pdlnemap.sys
    13:15:29.0015 0660 pdlnemap - ok
    13:15:29.0031 0660 [ 488475FB71E9F48C01D8FB2E3EF8BBA1 ] pdlnemsg C:\WINDOWS\System32\drivers\pdlnemsg.sys
    13:15:29.0046 0660 pdlnemsg - ok
    13:15:29.0062 0660 [ 3F84CBF62C63C398B7FB8368D91CCAEF ] pdlnepkt C:\WINDOWS\System32\drivers\pdlnepkt.sys
    13:15:29.0078 0660 pdlnepkt - ok
    13:15:29.0078 0660 [ 57B14A241DBF5D5917140667A2213E80 ] pdlnshay C:\WINDOWS\System32\drivers\pdlnshay.sys
    13:15:29.0109 0660 pdlnshay - ok
    13:15:29.0109 0660 [ 32AB210AC3D6619885175FAF5E7AFF1D ] pdlnslea C:\WINDOWS\System32\drivers\pdlnslea.sys
    13:15:29.0140 0660 pdlnslea - ok
    13:15:29.0140 0660 [ 9D58293AF84B0C81321383690CEE31F9 ] pdlnsv25 C:\WINDOWS\System32\drivers\pdlnsv25.sys
    13:15:29.0187 0660 pdlnsv25 - ok
    13:15:29.0187 0660 [ E66C7427954EF87B1EFD063097B43753 ] pdlnsx25 C:\WINDOWS\System32\drivers\pdlnsx25.sys
    13:15:29.0218 0660 pdlnsx25 - ok
    13:15:29.0218 0660 PDRELI - ok
    13:15:29.0218 0660 PDRFRAME - ok
    13:15:29.0265 0660 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
    13:15:29.0265 0660 perc2 - ok
    13:15:29.0265 0660 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    13:15:29.0265 0660 perc2hib - ok
    13:15:29.0437 0660 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE
    13:15:29.0640 0660 PEVSystemStart - ok
    13:15:29.0656 0660 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    13:15:29.0687 0660 PlugPlay - ok
    13:15:29.0687 0660 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    13:15:29.0687 0660 PolicyAgent - ok
    13:15:29.0734 0660 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    13:15:29.0734 0660 PptpMiniport - ok
    13:15:29.0765 0660 [ 2A4514A9233D35A355F569FF8B8F6240 ] prepdrvr C:\WINDOWS\system32\CCM\prepdrv.sys
    13:15:29.0796 0660 prepdrvr - ok
    13:15:29.0812 0660 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    13:15:29.0812 0660 ProtectedStorage - ok
    13:15:29.0828 0660 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    13:15:29.0828 0660 PSched - ok
    13:15:29.0828 0660 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    13:15:29.0828 0660 Ptilink - ok
    13:15:29.0859 0660 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
    13:15:29.0859 0660 ql1080 - ok
    13:15:29.0859 0660 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    13:15:29.0859 0660 Ql10wnt - ok
    13:15:29.0890 0660 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
    13:15:29.0890 0660 ql12160 - ok
    13:15:29.0890 0660 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
    13:15:29.0890 0660 ql1240 - ok
    13:15:29.0890 0660 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
    13:15:29.0890 0660 ql1280 - ok
    13:15:29.0921 0660 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    13:15:29.0921 0660 RasAcd - ok
    13:15:29.0953 0660 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    13:15:29.0953 0660 RasAuto - ok
    13:15:29.0984 0660 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    13:15:29.0984 0660 Rasl2tp - ok
    13:15:30.0015 0660 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    13:15:30.0015 0660 RasMan - ok
    13:15:30.0015 0660 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    13:15:30.0015 0660 RasPppoe - ok
    13:15:30.0015 0660 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    13:15:30.0015 0660 Raspti - ok
    13:15:30.0031 0660 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    13:15:30.0046 0660 Rdbss - ok
    13:15:30.0046 0660 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    13:15:30.0046 0660 RDPCDD - ok
    13:15:30.0078 0660 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    13:15:30.0078 0660 rdpdr - ok
    13:15:30.0109 0660 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    13:15:30.0109 0660 RDPWD - ok
    13:15:30.0140 0660 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    13:15:30.0140 0660 RDSessMgr - ok
    13:15:30.0171 0660 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    13:15:30.0171 0660 redbook - ok
    13:15:30.0203 0660 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    13:15:30.0203 0660 RemoteAccess - ok
    13:15:30.0250 0660 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
    13:15:30.0265 0660 RemoteRegistry - ok
    13:15:30.0328 0660 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    13:15:30.0343 0660 RpcLocator - ok
    13:15:30.0359 0660 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    13:15:30.0390 0660 RpcSs - ok
    13:15:30.0421 0660 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    13:15:30.0421 0660 RSVP - ok
    13:15:30.0437 0660 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    13:15:30.0437 0660 SamSs - ok
    13:15:30.0468 0660 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    13:15:30.0468 0660 SCardSvr - ok
    13:15:30.0500 0660 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    13:15:30.0515 0660 Schedule - ok
    13:15:30.0531 0660 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    13:15:30.0531 0660 Secdrv - ok
    13:15:30.0562 0660 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    13:15:30.0562 0660 seclogon - ok
    13:15:30.0562 0660 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    13:15:30.0562 0660 SENS - ok
    13:15:30.0609 0660 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    13:15:30.0609 0660 serenum - ok
    13:15:30.0609 0660 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    13:15:30.0609 0660 Serial - ok
    13:15:30.0671 0660 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    13:15:30.0671 0660 Sfloppy - ok
    13:15:30.0718 0660 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    13:15:30.0718 0660 SharedAccess - ok
    13:15:30.0734 0660 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    13:15:30.0750 0660 ShellHWDetection - ok
    13:15:30.0796 0660 [ CA4003449B2F20B5C86182758D400A7F ] SI3112 C:\WINDOWS\system32\DRIVERS\SI3112.sys
    13:15:30.0796 0660 SI3112 - ok
    13:15:30.0796 0660 [ 72CF151FB410E544904DBC7D7F29B796 ] SiFilter C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
    13:15:30.0796 0660 SiFilter - ok
    13:15:30.0796 0660 Simbad - ok
    13:15:30.0828 0660 [ 29BF41E60AECDE4F73AE91894ADF62DE ] SiRemFil C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
    13:15:30.0828 0660 SiRemFil - ok
    13:15:30.0859 0660 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
    13:15:30.0859 0660 sisagp - ok
    13:15:30.0906 0660 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    13:15:30.0906 0660 SLIP - ok
    13:15:30.0937 0660 [ 4B4AB78E866BBECF93F6EABC3270178A ] smsmdd C:\WINDOWS\system32\DRIVERS\smsmdm.sys
    13:15:30.0937 0660 smsmdd - ok
    13:15:30.0937 0660 smstsmgr - ok
    13:15:30.0968 0660 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
    13:15:30.0968 0660 Sparrow - ok
    13:15:30.0984 0660 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    13:15:30.0984 0660 splitter - ok
    13:15:31.0015 0660 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    13:15:31.0390 0660 Spooler - ok
    13:15:31.0421 0660 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    13:15:31.0421 0660 sr - ok
    13:15:31.0437 0660 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    13:15:31.0453 0660 srservice - ok
    13:15:31.0453 0660 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    13:15:31.0468 0660 Srv - ok
    13:15:31.0500 0660 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    13:15:31.0531 0660 SSDPSRV - ok
    13:15:31.0546 0660 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
    13:15:31.0546 0660 StarOpen - ok
    13:15:31.0578 0660 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    13:15:31.0609 0660 stisvc - ok
    13:15:31.0625 0660 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    13:15:31.0640 0660 streamip - ok
    13:15:31.0671 0660 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    13:15:31.0671 0660 swenum - ok
    13:15:31.0687 0660 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    13:15:31.0687 0660 swmidi - ok
    13:15:31.0687 0660 SwPrv - ok
    13:15:31.0734 0660 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
    13:15:31.0734 0660 symc810 - ok
    13:15:31.0734 0660 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    13:15:31.0734 0660 symc8xx - ok
    13:15:31.0734 0660 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    13:15:31.0750 0660 sym_hi - ok
    13:15:31.0750 0660 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    13:15:31.0750 0660 sym_u3 - ok
    13:15:31.0750 0660 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    13:15:31.0750 0660 sysaudio - ok
    13:15:31.0781 0660 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    13:15:31.0781 0660 SysmonLog - ok
    13:15:31.0812 0660 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    13:15:31.0843 0660 TapiSrv - ok
    13:15:31.0859 0660 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    13:15:31.0875 0660 Tcpip - ok
    13:15:31.0906 0660 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    13:15:31.0906 0660 TDPIPE - ok
    13:15:31.0921 0660 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    13:15:31.0921 0660 TDTCP - ok
    13:15:31.0968 0660 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    13:15:31.0968 0660 TermDD - ok
    13:15:31.0984 0660 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    13:15:32.0015 0660 TermService - ok
    13:15:32.0015 0660 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    13:15:32.0015 0660 Themes - ok
    13:15:32.0046 0660 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
    13:15:32.0046 0660 TlntSvr - ok
    13:15:32.0062 0660 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
    13:15:32.0062 0660 TosIde - ok
    13:15:32.0109 0660 [ 8C3A69A5D43752A46DF95F9675CAF750 ] TrcBoot C:\WINDOWS\system32\Drivers\trcboot.exe
    13:15:32.0140 0660 TrcBoot - ok
    13:15:32.0140 0660 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    13:15:32.0140 0660 TrkWks - ok
    13:15:32.0187 0660 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    13:15:32.0187 0660 Udfs - ok
    13:15:32.0203 0660 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
    13:15:32.0203 0660 ultra - ok
    13:15:32.0234 0660 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    13:15:32.0234 0660 Update - ok
    13:15:32.0296 0660 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    13:15:32.0328 0660 upnphost - ok
    13:15:32.0343 0660 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    13:15:32.0375 0660 UPS - ok
    13:15:32.0421 0660 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    13:15:32.0453 0660 usbaudio - ok
    13:15:32.0484 0660 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    13:15:32.0484 0660 usbccgp - ok
    13:15:32.0546 0660 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    13:15:32.0546 0660 usbehci - ok
    13:15:32.0562 0660 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    13:15:32.0562 0660 usbhub - ok
    13:15:32.0625 0660 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    13:15:32.0625 0660 USBSTOR - ok
    13:15:32.0625 0660 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    13:15:32.0625 0660 usbuhci - ok
    13:15:32.0656 0660 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    13:15:32.0656 0660 usbvideo - ok
    13:15:32.0703 0660 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    13:15:32.0703 0660 VgaSave - ok
    13:15:32.0718 0660 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
    13:15:32.0718 0660 viaagp - ok
    13:15:32.0718 0660 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    13:15:32.0718 0660 ViaIde - ok
    13:15:32.0750 0660 [ 55A928C40C11870DF5B90300BA329878 ] vmscsi C:\WINDOWS\system32\DRIVERS\vmscsi.sys
    13:15:32.0750 0660 vmscsi - ok
    13:15:32.0750 0660 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    13:15:32.0750 0660 VolSnap - ok
    13:15:32.0781 0660 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    13:15:32.0796 0660 VSS - ok
    13:15:32.0812 0660 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
    13:15:32.0828 0660 W32Time - ok
    13:15:32.0875 0660 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    13:15:32.0875 0660 Wanarp - ok
    13:15:32.0875 0660 WDICA - ok
    13:15:32.0890 0660 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    13:15:32.0890 0660 wdmaud - ok
    13:15:32.0937 0660 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    13:15:32.0937 0660 WebClient - ok
    13:15:33.0140 0660 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    13:15:33.0203 0660 winmgmt - ok
    13:15:33.0359 0660 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
    13:15:33.0546 0660 WinRM - ok
    13:15:33.0671 0660 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    13:15:33.0703 0660 WmdmPmSN - ok
    13:15:33.0875 0660 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
    13:15:33.0875 0660 Wmi - ok
    13:15:33.0921 0660 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    13:15:33.0921 0660 WmiAcpi - ok
    13:15:33.0937 0660 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    13:15:33.0953 0660 WmiApSrv - ok
    13:15:34.0046 0660 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    13:15:34.0062 0660 WMPNetworkSvc - ok
    13:15:34.0156 0660 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    13:15:34.0281 0660 WPFFontCache_v0400 - ok
    13:15:34.0296 0660 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    13:15:34.0296 0660 WS2IFSL - ok
    13:15:34.0328 0660 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    13:15:34.0328 0660 wscsvc - ok
    13:15:34.0343 0660 WSearch - ok
    13:15:34.0359 0660 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    13:15:34.0375 0660 WSTCODEC - ok
    13:15:34.0406 0660 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    13:15:34.0406 0660 wuauserv - ok
    13:15:34.0421 0660 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    13:15:34.0421 0660 WudfPf - ok
    13:15:34.0437 0660 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    13:15:34.0437 0660 WudfRd - ok
    13:15:34.0437 0660 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    13:15:34.0437 0660 WudfSvc - ok
    13:15:34.0500 0660 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    13:15:34.0500 0660 WZCSVC - ok
    13:15:34.0515 0660 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    13:15:34.0546 0660 xmlprov - ok
    13:15:34.0546 0660 ================ Scan global ===============================
    13:15:34.0578 0660 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    13:15:34.0625 0660 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
    13:15:34.0640 0660 [ 95CF3446911A6E25EE4086DF8A45B2AA ] C:\WINDOWS\system32\winsrv.dll
    13:15:34.0656 0660 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    13:15:34.0656 0660 [Global] - ok
    13:15:34.0656 0660 ================ Scan MBR ==================================
    13:15:34.0671 0660 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    13:15:34.0890 0660 \Device\Harddisk0\DR0 - ok
    13:15:34.0890 0660 ================ Scan VBR ==================================
    13:15:34.0890 0660 [ 0A87B5E4CF7F49EB416457732F7B607A ] \Device\Harddisk0\DR0\Partition1
    13:15:34.0890 0660 \Device\Harddisk0\DR0\Partition1 - ok
    13:15:34.0890 0660 ============================================================
    13:15:34.0890 0660 Scan finished
    13:15:34.0890 0660 ============================================================
    13:15:34.0890 1460 Detected object count: 1
    13:15:34.0890 1460 Actual detected object count: 1
    13:16:20.0093 1460 MpKsld9ea1846 ( HiddenService.Multi.Generic ) - skipped by user
    13:16:20.0093 1460 MpKsld9ea1846 ( HiddenService.Multi.Generic ) - User select action: Skip


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.