Inactive CPU at 100% with no activity

Boot back to OTLPE CD

Double-click on the OTLPE icon.

Under the Custom Scan box paste this in:

/md5start
NTVDM.EXE
/md5stop

Post new log.
 
FWIW here is the Rkill.log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 02/29/2012 at 11:24:23.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 02/29/2012 at 11:24:47.


Rkill completed on 02/29/2012 at 11:25:18.
 
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret <NTVDM.EXE> in the current context!
Error: Unable to interpret </md5stop> in the current context!
Error: Unable to interpret < > in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 02292012_161913
 
You did something wrong (clicked wrong button I guess...).

After pasting my script...
Press Run Scan to start the scan.
 
I thought it was a Fix. Here is the log:

OTL logfile created on: 2/29/2012 4:58:17 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 56.28 Gb Free Space | 75.54% Space Free | Partition Type: FAT32
Drive D: | 7.55 Gb Total Space | 0.26 Gb Free Space | 3.46% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/12/12 11:03:40 | 000,290,832 | ---- | M] (Verizon) [Auto] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2010/04/28 14:21:30 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2010/04/05 07:19:58 | 000,444,928 | ---- | M] (Livescribe) [Auto] -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2009/11/18 10:50:40 | 000,668,912 | ---- | M] (Radialpoint Inc.) [Auto] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/09/30 17:41:08 | 000,116,664 | ---- | M] (symantec) [On_Demand] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2008/09/30 17:41:04 | 001,956,792 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/30 17:40:56 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2008/08/20 15:50:30 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2008/06/24 18:17:38 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2008/06/24 18:17:36 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/09/12 18:27:26 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/07/26 19:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/02/23 19:14:52 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/13 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/01/16 11:48:06 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120224.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/01/16 11:48:06 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120224.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/14 00:16:40 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/04 14:55:44 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/05/04 14:55:44 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/04/05 07:20:00 | 000,020,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PulseUsb.sys -- (PulseUsb)
DRV - [2010/03/17 13:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 13:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/02/14 10:28:06 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/08/20 15:50:02 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/20 15:49:56 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/05/28 11:31:24 | 000,337,280 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2008/05/28 11:31:24 | 000,054,656 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2007/11/15 21:18:20 | 000,572,416 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2007/09/26 15:58:00 | 000,461,952 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245)
DRV - [2007/07/26 19:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Edna_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.aol.com/
IE - HKU\Edna_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Edna_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\test_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)



O1 HOSTS File: ([2012/02/28 23:23:54 | 000,001,626 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Verizon Broadband Toolbar) - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\Program Files\verizon_broad\verizon_broad.dll (Verizon Online. )
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Edna_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\Edna_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Edna_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Edna_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\test_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll ()
O9 - Extra 'Tools' menuitem : Start WebEx MeetMeNow - {F5AD6CC5-776C-4DBB-B38F-F5404A3582F3} - C:\WINDOWS\DOWNLO~1\MyWebEx\419\mwmie.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon High Speed Internet Installer.cab (Support.com Configuration Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1234638438733 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mwmus.webex.com/client/v_mywebex-mwm/mywebex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/14 10:09:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: rsvpMRT - (C:\WINDOWS\system32\fixmdiag.dll) - C:\WINDOWS\system32\fixmdiag.dll (Kaspersky Lab)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/28 23:23:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/28 17:26:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\My Documents\My Books
[2012/02/28 17:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\Sun
[2012/02/28 17:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Local Settings\Application Data\kinoma
[2012/02/28 17:21:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Local Settings\Application Data\Sony Corporation
[2012/02/28 17:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\SUPERAntiSpyware.com
[2012/02/28 16:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\Apple Computer
[2012/02/28 16:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\Verizon
[2012/02/28 16:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\VERIZON_BROAD
[2012/02/28 16:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Application Data\Identities
[2012/02/28 16:28:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\test\My Documents\My Music
[2012/02/28 16:28:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\test\My Documents\My Pictures
[2012/02/28 16:28:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\test\IETldCache
[2012/02/28 16:27:24 | 000,000,000 | --SD | C] -- C:\Documents and Settings\test\Application Data\Microsoft
[2012/02/28 16:27:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\test\SendTo
[2012/02/28 16:27:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\test\Recent
[2012/02/28 16:27:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\test\Application Data
[2012/02/28 16:27:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\test\Start Menu\Programs\Startup
[2012/02/28 16:27:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\test\Start Menu
[2012/02/28 16:27:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\test\My Documents
[2012/02/28 16:27:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\test\Favorites
[2012/02/28 16:27:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\test\Start Menu\Programs\Accessories
[2012/02/28 16:27:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\test\Cookies
[2012/02/28 16:27:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\test\PrintHood
[2012/02/28 16:27:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\test\NetHood
[2012/02/28 16:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Desktop
[2012/02/28 16:27:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\test\Templates
[2012/02/28 16:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\test\Local Settings\Application Data\Microsoft
[2012/02/28 16:27:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\test\Local Settings
[2012/02/28 16:20:38 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/02/28 16:18:20 | 000,000,000 | -HSD | C] -- C:\FOUND.004
[2012/02/27 23:33:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/27 19:05:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/02/27 12:32:06 | 000,086,528 | -H-- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\fixmdiag.dll
[2012/02/25 18:58:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/29 16:50:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/29 16:47:08 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/02/29 16:04:10 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Edna\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 11:06:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/29 10:39:36 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Edna\Desktop\rkill.exe
[2012/02/29 10:39:26 | 001,008,141 | ---- | M] () -- C:\Documents and Settings\Edna\Desktop\rkill.com
[2012/02/29 03:39:08 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/02/28 16:30:30 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\test\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/28 16:30:20 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\test\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/02/28 11:49:30 | 000,607,260 | ---- | M] () -- C:\Documents and Settings\test\Desktop\dds.scr
[2012/02/28 11:49:30 | 000,607,260 | ---- | M] () -- C:\Documents and Settings\Edna\Desktop\dds.scr
[2012/02/28 11:49:30 | 000,607,260 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/02/28 11:49:16 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\test\Desktop\GMER.exe
[2012/02/28 11:49:16 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Edna\Desktop\GMER.exe
[2012/02/28 11:49:16 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GMER.exe
[2012/02/27 23:59:38 | 009,502,424 | ---- | M] () -- C:\Documents and Settings\test\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/27 23:59:38 | 009,502,424 | ---- | M] () -- C:\Documents and Settings\Edna\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/27 18:01:42 | 004,420,957 | ---- | M] () -- C:\Documents and Settings\Edna\Desktop\Edna.exe
[2012/02/27 18:01:42 | 004,420,957 | ---- | M] () -- C:\Documents and Settings\test\Desktop\ComboFix.exe
[2012/02/27 18:01:42 | 004,420,957 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/02/27 12:59:34 | 002,062,896 | ---- | M] () -- C:\Documents and Settings\test\Desktop\TDSSKiller.exe
[2012/02/27 12:59:34 | 002,062,896 | ---- | M] () -- C:\Documents and Settings\Edna\Desktop\TDSSKiller.exe
[2012/02/27 12:32:08 | 000,086,528 | -H-- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\fixmdiag.dll
[2012/02/25 23:15:00 | 000,000,089 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\avbase.dat
[2012/02/23 19:15:20 | 000,247,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/22 23:09:56 | 000,432,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/22 23:09:56 | 000,067,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/22 23:07:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/29 11:07:20 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Edna\Desktop\rkill.exe
[2012/02/29 11:07:20 | 001,008,141 | ---- | C] () -- C:\Documents and Settings\Edna\Desktop\rkill.com
[2012/02/29 11:07:12 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Edna\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 09:19:04 | 009,502,424 | ---- | C] () -- C:\Documents and Settings\Edna\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/29 09:19:04 | 002,062,896 | ---- | C] () -- C:\Documents and Settings\Edna\Desktop\TDSSKiller.exe
[2012/02/28 18:50:05 | 002,062,896 | ---- | C] () -- C:\Documents and Settings\test\Desktop\TDSSKiller.exe
[2012/02/28 17:27:52 | 009,502,424 | ---- | C] () -- C:\Documents and Settings\test\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/28 16:54:23 | 000,607,260 | ---- | C] () -- C:\Documents and Settings\test\Desktop\dds.scr
[2012/02/28 16:54:23 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\test\Desktop\GMER.exe
[2012/02/28 16:54:21 | 004,420,957 | ---- | C] () -- C:\Documents and Settings\test\Desktop\ComboFix.exe
[2012/02/28 16:30:29 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\test\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/28 16:30:29 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\test\Start Menu\Programs\Internet Explorer.lnk
[2012/02/28 16:30:19 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\test\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/02/28 16:29:56 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\test\Start Menu\Programs\Outlook Express.lnk
[2012/02/28 16:27:26 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\test\Start Menu\Programs\Remote Assistance.lnk
[2012/02/28 16:27:26 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\test\Start Menu\Programs\Windows Media Player.lnk
[2012/02/28 16:21:43 | 004,420,957 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/02/28 16:21:43 | 000,607,260 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/02/28 16:21:43 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GMER.exe
[2012/02/28 16:21:28 | 000,607,260 | ---- | C] () -- C:\Documents and Settings\Edna\Desktop\dds.scr
[2012/02/28 16:21:28 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Edna\Desktop\GMER.exe
[2012/02/27 19:12:40 | 004,420,957 | ---- | C] () -- C:\Documents and Settings\Edna\Desktop\Edna.exe
[2012/02/25 23:13:27 | 000,000,089 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\avbase.dat
[2012/02/22 21:46:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/22 21:46:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011/01/11 18:05:18 | 000,008,592 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/01/07 16:15:24 | 000,051,300 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/07 15:30:52 | 000,068,294 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/01/07 15:30:52 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2009/02/16 12:56:46 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/02/14 10:48:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/14 10:44:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/02/14 10:21:01 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2009/02/14 10:13:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/14 10:06:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/02/14 10:01:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/14 10:01:02 | 000,247,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/22 01:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 01:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/05/04 16:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edna\Application Data\Downloaded Installations
[2011/03/04 15:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edna\Application Data\TechWizard
[2011/07/30 13:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Edna\Application Data\Broderbund
[2009/02/17 11:17:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/01/07 16:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kinoma
[2010/04/28 20:28:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Radialpoint
[2010/05/04 16:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Livescribe, Inc
[2011/04/29 14:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/18 19:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/07/30 13:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2011/09/21 18:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2012/02/29 03:39:08 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: NTVDM.EXE >
[2004/08/04 12:00:00 | 000,419,840 | ---- | M] (Microsoft Corporation) MD5=0738F4B53D967E46CC5E51F84BC1EB39 -- C:\WINDOWS\$NtServicePackUninstall$\ntvdm.exe
[2008/04/13 16:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) MD5=681B807E53BDADA337735C28C0E48A1B -- C:\WINDOWS\ServicePackFiles\i386\ntvdm.exe
[2008/04/13 16:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) MD5=681B807E53BDADA337735C28C0E48A1B -- C:\WINDOWS\system32\ntvdm.exe
< End of report >
 
I tried searching for NTVDM.EXE in the registry, but it all looks normal. Anything else we can try? 0Access is one though MOFO.
 
SuperAntiSpyware was previously installed, but anything just copied and run on the desktop, gets those two dos windows. It's like something is trying to pass those programs through another program or script.

Also what is causing the CPU to go at 100%? I'm looking at Task Manager and don't seem to see any odd processes, other than multiple SVCHOST.
 
I'm not really sure what we're dealing here with because OTL log seems to be clean.

When you ran commands from my reply #17 did they execute successfully?
 
Broni said:
When you ran commands from my reply #17 did they execute successfully?
Click to expand...

Yeah, they boot ran ok, I think. Both times it asked, if I really wanted to fix the MBR and Boot. I just answered with a "y" unless I'm supposed to answer with a YES.
 
I ran the repair installation, rebooted the system. Same thing. A NTVDM.EXE window will open then close, followed by C:\Doc&Settings\Edna\(filename).exe window open and close.

I ran rKill.exe and saw it in Processes in Task Manager. After about 30 mins it ran and still running. I'm going to let it run it's course and see what happens.
 
I let rKill run overnight, but nothing happened. I was able to run TDSSKiller, but it found nothing. I was able to run aswMBR and here is the log:

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-01 00:30:21
-----------------------------
00:30:21.716 OS Version: Windows 5.1.2600 Service Pack 2
00:30:21.716 Number of processors: 1 586 0x209
00:30:22.091 ComputerName: SANCHEZ-12D2B13 UserName: Edna
00:32:32.122 Initialize success
00:39:35.372 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:39:35.372 Disk 0 Vendor: MAXTOR_STM3802110A 3.AAK Size: 76319MB BusType: 3
00:39:35.372 Disk 0 MBR read successfully
00:39:35.372 Disk 0 MBR scan
00:39:35.529 Disk 0 Windows XP default MBR code
00:39:35.529 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSWIN4.1 76316 MB offset 63
00:39:35.685 Disk 0 scanning sectors +156296385
00:39:35.732 Disk 0 scanning C:\WINDOWS\system32\drivers
00:46:16.435 Service scanning
00:52:22.232 Modules scanning
00:56:22.997 Disk 0 trace - called modules:
00:56:23.154 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
00:56:23.466 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89808ab8]
00:56:23.466 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x897b0d98]
00:56:25.138 Scan finished successfully
08:02:17.013 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
08:02:17.482 The log file has been saved successfully to "E:\aswMBR.txt"
 
I keep trying ComboFix whenever I can, on the hopes it will run. Here is the TDSSKiller log:

00:42:00.0607 1292 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
00:42:02.0919 1292 ============================================================
00:42:02.0919 1292 Current date / time: 2012/03/01 00:42:02.0919
00:42:02.0919 1292 SystemInfo:
00:42:02.0919 1292
00:42:03.0076 1292 OS Version: 5.1.2600 ServicePack: 2.0
00:42:03.0076 1292 Product type: Workstation
00:42:03.0076 1292 ComputerName: SANCHEZ-12D2B13
00:42:03.0263 1292 UserName: Edna
00:42:03.0263 1292 Windows directory: C:\WINDOWS
00:42:03.0263 1292 System windows directory: C:\WINDOWS
00:42:03.0263 1292 Processor architecture: Intel x86
00:42:03.0263 1292 Number of processors: 1
00:42:03.0419 1292 Page size: 0x1000
00:42:03.0419 1292 Boot type: Normal boot
00:42:03.0419 1292 ============================================================
00:44:00.0779 1292 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:44:01.0591 1292 Drive \Device\Harddisk1\DR4 - Size: 0x1E4700000 (7.57 Gb), SectorSize: 0x200, Cylinders: 0x3DC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:44:01.0591 1292 \Device\Harddisk0\DR0:
00:44:01.0747 1292 MBR used
00:44:01.0747 1292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x950E482
00:44:01.0747 1292 \Device\Harddisk1\DR4:
00:44:01.0747 1292 MBR used
00:44:01.0747 1292 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xF21880
00:44:02.0076 1292 Initialize success
00:44:02.0076 1292 ============================================================
00:44:11.0654 4068 ============================================================
00:44:11.0654 4068 Scan started
00:44:11.0654 4068 Mode: Manual;
00:44:11.0654 4068 ============================================================
00:44:19.0435 4068 Abiosdsk - ok
00:44:25.0779 4068 abp480n5 - ok
00:44:28.0794 4068 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:44:28.0794 4068 ACPI - ok
00:44:31.0497 4068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:44:31.0497 4068 ACPIEC - ok
00:44:37.0497 4068 adpu160m - ok
00:44:42.0685 4068 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
00:44:42.0685 4068 aeaudio - ok
00:44:46.0638 4068 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
00:44:46.0638 4068 aec - ok
00:44:50.0497 4068 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
00:44:50.0497 4068 AFD - ok
00:44:56.0529 4068 Aha154x - ok
00:45:02.0497 4068 aic78u2 - ok
00:45:09.0013 4068 aic78xx - ok
00:45:14.0997 4068 AliIde - ok
00:45:21.0357 4068 amsint - ok
00:45:27.0513 4068 asc - ok
00:45:33.0466 4068 asc3350p - ok
00:45:39.0654 4068 asc3550 - ok
00:45:43.0716 4068 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:45:43.0716 4068 AsyncMac - ok
00:45:45.0451 4068 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:45:45.0451 4068 atapi - ok
00:45:51.0810 4068 Atdisk - ok
00:45:55.0701 4068 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:45:55.0701 4068 Atmarpc - ok
00:45:58.0857 4068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:45:58.0857 4068 audstub - ok
00:45:59.0919 4068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:45:59.0919 4068 Beep - ok
00:46:01.0076 4068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:46:01.0076 4068 cbidf2k - ok
00:46:07.0341 4068 cd20xrnt - ok
00:46:10.0076 4068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:46:10.0076 4068 Cdaudio - ok
00:46:11.0982 4068 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
00:46:11.0982 4068 Cdfs - ok
00:46:15.0544 4068 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:46:15.0544 4068 Cdrom - ok
00:46:17.0935 4068 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
00:46:17.0935 4068 cercsr6 - ok
00:46:23.0904 4068 Changer - ok
00:46:30.0076 4068 CmdIde - ok
00:46:36.0138 4068 Cpqarray - ok
00:46:42.0279 4068 dac2w2k - ok
00:46:48.0497 4068 dac960nt - ok
00:46:50.0341 4068 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
00:46:50.0341 4068 Disk - ok
00:46:55.0122 4068 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
00:46:55.0154 4068 dmboot - ok
00:46:58.0185 4068 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
00:46:58.0185 4068 dmio - ok
00:46:58.0888 4068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:46:58.0888 4068 dmload - ok
00:47:04.0107 4068 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
00:47:04.0122 4068 DMusic - ok
00:47:10.0372 4068 dpti2o - ok
00:47:14.0544 4068 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
00:47:14.0544 4068 drmkaud - ok
00:47:18.0091 4068 E1000 (a8b3ec8ee13cbe14f067c72110155a1b) C:\WINDOWS\system32\DRIVERS\e1000325.sys
00:47:18.0091 4068 E1000 - ok
00:47:20.0263 4068 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:47:20.0904 4068 eeCtrl - ok
00:47:22.0966 4068 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:47:24.0357 4068 EraserUtilRebootDrv - ok
00:47:28.0622 4068 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
00:47:28.0622 4068 Fastfat - ok
00:47:31.0669 4068 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:47:31.0669 4068 Fdc - ok
00:47:32.0591 4068 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
00:47:32.0591 4068 Fips - ok
00:47:36.0341 4068 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:47:36.0341 4068 Flpydisk - ok
00:47:38.0435 4068 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
00:47:38.0857 4068 FltMgr - ok
00:47:39.0857 4068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:47:39.0857 4068 Fs_Rec - ok
00:47:40.0622 4068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:47:40.0779 4068 Ftdisk - ok
00:47:43.0529 4068 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:47:43.0529 4068 GEARAspiWDM - ok
00:47:47.0013 4068 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:47:47.0154 4068 Gpc - ok
00:47:48.0310 4068 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:47:48.0310 4068 HidUsb - ok
00:47:54.0638 4068 hpn - ok
00:47:57.0216 4068 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
00:47:57.0216 4068 HPZid412 - ok
00:47:59.0966 4068 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
00:47:59.0966 4068 HPZipr12 - ok
00:48:02.0544 4068 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
00:48:02.0544 4068 HPZius12 - ok
00:48:04.0013 4068 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
00:48:04.0013 4068 HTTP - ok
00:48:09.0872 4068 i2omgmt - ok
00:48:15.0919 4068 i2omp - ok
00:48:19.0154 4068 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:48:19.0154 4068 i8042prt - ok
00:48:23.0044 4068 ialm (da58a8be6a445835f603720c4bc8837e) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
00:48:23.0060 4068 ialm - ok
00:48:26.0951 4068 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:48:26.0951 4068 Imapi - ok
00:48:33.0513 4068 ini910u - ok
00:48:36.0888 4068 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:48:36.0888 4068 IntelIde - ok
00:48:39.0622 4068 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:48:39.0622 4068 intelppm - ok
00:48:43.0888 4068 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
00:48:43.0888 4068 Ip6Fw - ok
00:48:46.0529 4068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:48:46.0529 4068 IpFilterDriver - ok
00:48:50.0826 4068 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:48:50.0826 4068 IpInIp - ok
00:48:55.0169 4068 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:48:55.0169 4068 IpNat - ok
00:48:58.0857 4068 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:48:58.0857 4068 IPSec - ok
00:49:03.0326 4068 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:49:03.0326 4068 IRENUM - ok
00:49:05.0013 4068 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:49:05.0013 4068 isapnp - ok
00:49:08.0372 4068 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:49:08.0372 4068 Kbdclass - ok
00:49:12.0451 4068 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
00:49:12.0451 4068 kmixer - ok
00:49:15.0591 4068 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
00:49:15.0591 4068 KSecDD - ok
00:49:21.0997 4068 lbrtfdc - ok
00:49:24.0529 4068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:49:24.0544 4068 mnmdd - ok
00:49:27.0779 4068 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
00:49:27.0779 4068 Modem - ok
00:49:31.0372 4068 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:49:31.0372 4068 Mouclass - ok
00:49:33.0060 4068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:49:33.0060 4068 mouhid - ok
00:49:35.0466 4068 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
00:49:35.0482 4068 MountMgr - ok
00:49:41.0482 4068 mraid35x - ok
00:49:43.0279 4068 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
00:49:43.0279 4068 MREMP50 - ok
00:49:45.0341 4068 MREMPR5 - ok
00:49:47.0263 4068 MRENDIS5 - ok
00:49:49.0044 4068 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
00:49:49.0044 4068 MRESP50 - ok
00:49:50.0997 4068 MRVW245 (ba8c30c9a505c53b2008293d6850eb84) C:\WINDOWS\system32\DRIVERS\MRVW245.sys
00:49:51.0310 4068 MRVW245 - ok
00:49:54.0779 4068 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:49:54.0779 4068 MRxDAV - ok
00:49:58.0529 4068 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:49:58.0544 4068 MRxSmb - ok
00:50:01.0872 4068 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
00:50:01.0872 4068 Msfs - ok
00:50:04.0107 4068 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:50:04.0107 4068 MSKSSRV - ok
00:50:08.0279 4068 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:50:08.0279 4068 MSPCLOCK - ok
00:50:12.0810 4068 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
00:50:12.0810 4068 MSPQM - ok
00:50:17.0466 4068 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:50:17.0466 4068 mssmbios - ok
00:50:20.0732 4068 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
00:50:20.0732 4068 Mup - ok
00:50:23.0122 4068 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120224.002\naveng.sys
00:50:23.0122 4068 NAVENG - ok
00:50:26.0576 4068 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120224.002\navex15.sys
00:50:26.0591 4068 NAVEX15 - ok
00:50:29.0935 4068 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
00:50:30.0107 4068 NDIS - ok
00:50:32.0935 4068 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:50:32.0935 4068 NdisTapi - ok
00:50:35.0091 4068 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:50:35.0107 4068 Ndisuio - ok
00:50:38.0951 4068 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:50:39.0091 4068 NdisWan - ok
00:50:39.0810 4068 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
00:50:39.0810 4068 NDProxy - ok
00:50:42.0451 4068 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:50:42.0451 4068 NetBIOS - ok
00:50:44.0841 4068 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:50:44.0841 4068 NetBT - ok
00:50:48.0701 4068 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
00:50:48.0701 4068 Npfs - ok
00:50:53.0763 4068 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
00:50:54.0138 4068 Ntfs - ok
00:50:55.0013 4068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:50:55.0013 4068 Null - ok
00:50:56.0232 4068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:50:56.0232 4068 NwlnkFlt - ok
00:50:57.0435 4068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:50:57.0435 4068 NwlnkFwd - ok
00:51:01.0122 4068 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
00:51:01.0122 4068 Parport - ok
00:51:02.0013 4068 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
00:51:02.0013 4068 PartMgr - ok
00:51:04.0826 4068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:51:04.0826 4068 ParVdm - ok
00:51:07.0888 4068 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
00:51:07.0888 4068 PCI - ok
00:51:13.0919 4068 PCIDump - ok
00:51:15.0669 4068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:51:15.0669 4068 PCIIde - ok
00:51:17.0732 4068 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:51:17.0747 4068 Pcmcia - ok
00:51:24.0107 4068 PDCOMP - ok
00:51:30.0294 4068 PDFRAME - ok
00:51:36.0310 4068 PDRELI - ok
00:51:42.0341 4068 PDRFRAME - ok
00:51:48.0763 4068 perc2 - ok
00:51:54.0685 4068 perc2hib - ok
00:51:58.0466 4068 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:51:58.0466 4068 PptpMiniport - ok
00:52:02.0185 4068 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
00:52:02.0185 4068 PSched - ok
00:52:04.0935 4068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:52:04.0951 4068 Ptilink - ok
00:52:07.0372 4068 PulseUsb (071ae03df7d37fbbf9766703265ad871) C:\WINDOWS\system32\DRIVERS\PulseUsb.sys
00:52:07.0372 4068 PulseUsb - ok
00:52:13.0466 4068 ql1080 - ok
00:52:19.0763 4068 Ql10wnt - ok
00:52:25.0982 4068 ql12160 - ok
00:52:32.0310 4068 ql1240 - ok
00:52:38.0529 4068 ql1280 - ok
00:52:39.0466 4068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:52:39.0466 4068 RasAcd - ok
00:52:43.0185 4068 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:52:43.0326 4068 Rasl2tp - ok
00:52:46.0794 4068 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:52:46.0794 4068 RasPppoe - ok
00:52:47.0529 4068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:52:47.0529 4068 Raspti - ok
00:52:50.0497 4068 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:52:50.0513 4068 Rdbss - ok
00:52:51.0716 4068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:52:51.0716 4068 RDPCDD - ok
00:52:56.0435 4068 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:52:56.0435 4068 rdpdr - ok
00:53:01.0654 4068 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
00:53:01.0794 4068 RDPWD - ok
00:53:06.0435 4068 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:53:06.0435 4068 redbook - ok
00:53:12.0497 4068 RT80x86 (aebf31765a926746dd7946fa14c52297) C:\WINDOWS\system32\DRIVERS\RT2860.sys
00:53:12.0529 4068 RT80x86 - ok
00:53:14.0091 4068 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:53:14.0091 4068 SASDIFSV - ok
00:53:15.0654 4068 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
00:53:15.0654 4068 SASENUM - ok
00:53:17.0247 4068 SASKUTIL (4fd72291a89793049104ca0a7e353cd4) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
00:53:17.0247 4068 SASKUTIL - ok
00:53:19.0060 4068 SAVRT (2861c841b03def48402e63277d9cac22) C:\Program Files\Symantec AntiVirus\savrt.sys
00:53:19.0060 4068 SAVRT - ok
00:53:20.0654 4068 SAVRTPEL (54484c13e4d9b268c66d59e9ccb570e6) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
00:53:20.0654 4068 SAVRTPEL - ok
00:53:25.0310 4068 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:53:25.0310 4068 Secdrv - ok
00:53:29.0076 4068 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:53:29.0076 4068 serenum - ok
00:53:32.0732 4068 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
00:53:32.0732 4068 Serial - ok
00:53:36.0497 4068 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:53:36.0497 4068 Sfloppy - ok
00:53:42.0732 4068 Simbad - ok
00:53:47.0732 4068 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
00:53:47.0919 4068 smwdm - ok
00:53:53.0935 4068 Sparrow - ok
00:53:55.0716 4068 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
00:53:55.0716 4068 SPBBCDrv - ok
00:54:00.0435 4068 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
00:54:00.0435 4068 splitter - ok
00:54:05.0169 4068 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
00:54:05.0310 4068 sr - ok
00:54:09.0732 4068 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
00:54:09.0732 4068 Srv - ok
00:54:13.0529 4068 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:54:13.0529 4068 swenum - ok
00:54:14.0435 4068 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
00:54:14.0435 4068 swmidi - ok
00:54:20.0794 4068 symc810 - ok
00:54:27.0060 4068 symc8xx - ok
00:54:33.0216 4068 SymEvent (c5eafb6a8c73fb26b73ee613c1a5aef6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
00:54:33.0216 4068 SymEvent - ok
00:54:38.0763 4068 SYMREDRV (5f9055055dc4900f74fb690b61448be4) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
00:54:38.0763 4068 SYMREDRV - ok
00:54:44.0826 4068 SYMTDI (5561a9d2d1b6529a95cbbffaed7791c1) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
00:54:44.0841 4068 SYMTDI - ok
00:54:51.0076 4068 sym_hi - ok
00:54:57.0404 4068 sym_u3 - ok
00:55:01.0404 4068 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
00:55:01.0560 4068 sysaudio - ok
00:55:05.0779 4068 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:55:05.0794 4068 Tcpip - ok
00:55:08.0638 4068 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:55:08.0638 4068 TDPIPE - ok
00:55:13.0732 4068 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
00:55:13.0732 4068 TDTCP - ok
00:55:18.0779 4068 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:55:18.0779 4068 TermDD - ok
00:55:25.0122 4068 TosIde - ok
00:55:30.0216 4068 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
00:55:30.0216 4068 Udfs - ok
00:55:36.0576 4068 ultra - ok
00:55:41.0201 4068 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
00:55:41.0201 4068 Update - ok
00:55:44.0044 4068 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
00:55:44.0044 4068 USBAAPL - ok
00:55:48.0888 4068 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:55:48.0888 4068 usbccgp - ok
00:55:52.0201 4068 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:55:52.0201 4068 usbehci - ok
00:55:55.0341 4068 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:55:55.0357 4068 usbhub - ok
00:56:01.0404 4068 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:56:01.0404 4068 usbprint - ok
00:56:06.0951 4068 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:56:06.0951 4068 usbscan - ok
00:56:09.0357 4068 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:56:09.0357 4068 USBSTOR - ok
00:56:12.0326 4068 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:56:12.0326 4068 usbuhci - ok
00:56:16.0013 4068 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
00:56:16.0013 4068 VgaSave - ok
00:56:22.0294 4068 ViaIde - ok
00:56:25.0544 4068 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
00:56:25.0560 4068 VolSnap - ok
00:56:29.0310 4068 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:56:29.0310 4068 Wanarp - ok
00:56:32.0013 4068 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
00:56:32.0169 4068 Wdf01000 - ok
00:56:38.0216 4068 WDICA - ok
00:56:40.0872 4068 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
00:56:40.0872 4068 wdmaud - ok
00:56:41.0263 4068 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:56:46.0685 4068 \Device\Harddisk0\DR0 - ok
00:56:46.0685 4068 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR4
00:56:49.0341 4068 \Device\Harddisk1\DR4 - ok
00:56:49.0513 4068 Boot (0x1200) (9327f293ca635f6c9c7a141812a5ed03) \Device\Harddisk0\DR0\Partition0
00:56:49.0513 4068 \Device\Harddisk0\DR0\Partition0 - ok
00:56:49.0513 4068 Boot (0x1200) (63915386365426eba23d9df12d4acb5c) \Device\Harddisk1\DR4\Partition0
00:56:49.0513 4068 \Device\Harddisk1\DR4\Partition0 - ok
00:56:49.0529 4068 ============================================================
00:56:49.0529 4068 Scan finished
00:56:49.0529 4068 ============================================================
00:56:49.0669 3168 Detected object count: 0
00:56:49.0669 3168 Actual detected object count: 0
08:02:40.0576 4000 Deinitialize success
 
The NTVDM window then the Locals\Edna\Edna.exe (Combofix renamed) window, with the text "Program to big for memory".

When I plugged in the network cable briefly to update SAS, iexpore.exe window appears but the directory is from Locals\Temp\RarFX0\iexpore. I was thinking, "what if I delete the contents of the temp dir?" But I wanted to ask you first.
 
The RARFX## directories are created from rKill. I don't know what else to try other than reformatting and re-install the OS from scratch.
 
At this point I'm not even sure if we're dealing with any infection anymore.
Reinstalling may be the best option.
 
I agree, it's not really worth wasting anymore time on, though I am curious what is causing it to peg the CPU. I won't really know until I reformat the drive after backing up the system. Thanks for your time.
 
You're very welcome
smiley_says_hello.gif

I wish we did better :(
 
You must log in or register to reply here.

Similar threads

Daniel Sims
Intel XeSS 1.3 improves performance with new presets, intros DLAA alternative
Replies
12
Views
182
Disiw
D
A
Damaged coral reefs can be saved with enticing underwater soundscape, study suggests
Replies
5
Views
162
wiyosaya
wiyosaya
Daniel Sims
The FCC now defines broadband as 100 Mbps at minimum &ndash; 25/3 Mbps was simply not...
2
Replies
35
Views
534
Hotlynx16
H

Latest posts

Back