Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very slow laptop


  • Please log in to reply
13 replies to this topic

#1 sonrol

sonrol

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 18 August 2012 - 09:50 AM

My laptop started to run very slow recently. OS is Windows XP SP3. I have run the following in safe mode to no avail: Malwarebytes, SUPERAntispyware & Microsoft security Essentials. SAS picked up a Trojan called “wallutil.dll” and indicated that it was successfully removed.

I also downloaded, ran and stopped unnecessary processes with StartUp Inspector and autoruns.

I also ran the diagnostics with Microsoft Office Home. That seemed to cure it for about an hour and then it started getting very slow again. I removed all temp files and defragged the HD and still all programs run slow. There seems to be something running in the background but I do not know for sure.

Also ran chkdsk and again to no avail.

I have tried everything suggested here and then some, but still no results.
Can you help.
Regards

Edited by sonrol, 18 August 2012 - 09:51 AM.


BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,192 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:21 AM

Posted 18 August 2012 - 01:26 PM

Hi,

Try with a scan using Eset On-line Scanner

Make sure that the option Remove found threats is un-ticked and the Scan Archives option is ticked.
Click on Advanced Settings, an check the options:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology are ticked.
Click Scan and then wait for the scan to finish (it will take some time).

When the scan ends press the button LIST OF THREATS FOUND, click Export to Text File open the text file and Copy & Paste the contents to your reply.
Press the BACK button.
Press Finish

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 sonrol

sonrol
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 18 August 2012 - 08:31 PM

As directed the following is the result of the scan. FYI the machine is so slow that it took over 4 hours to scan and then locked up. Had to do a cold boot to start my browser to connect to internet.


"C:\Documents and Settings\PATRICIA SEFLOR\Desktop\DESKTOP\couponprinter.exe probably a variant of Win32/Adware.Softomate.AD application"

Edited by sonrol, 18 August 2012 - 08:53 PM.


#4 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,192 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:21 AM

Posted 19 August 2012 - 06:30 AM

Hi,

Download MiniToolBox and save the file to the Desktop.
Close the browser and run the tool, check the following options:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
Click on Go.

Post the resulting log in your next reply.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#5 sonrol

sonrol
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 19 August 2012 - 07:28 AM

The following is the log that you requested.


MiniToolBox by Farbar Version: 23-07-2012
Ran by PATRICIA SEFLOR (administrator) on 19-08-2012 at 08:11:50
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8139/810x Family Fast Ethernet NIC = Local Area Connection (Connected)
Broadcom 802.11b/g WLAN = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : SEFLOR

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-C0-9F-D1-35-62

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Sunday, August 19, 2012 7:51:14 AM

Lease Expires . . . . . . . . . . : Monday, August 20, 2012 7:51:14 AM



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Broadcom 802.11b/g WLAN

Physical Address. . . . . . . . . : 00-14-A5-14-EC-F8

Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.228.38, 74.125.228.32, 74.125.228.35, 74.125.228.34
74.125.228.39, 74.125.228.41, 74.125.228.33, 74.125.228.40, 74.125.228.36
74.125.228.37, 74.125.228.46



Pinging google.com [74.125.228.68] with 32 bytes of data:



Reply from 74.125.228.68: bytes=32 time=19ms TTL=54

Reply from 74.125.228.68: bytes=32 time=21ms TTL=54



Ping statistics for 74.125.228.68:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 19ms, Maximum = 21ms, Average = 20ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24, 98.138.253.109, 72.30.38.140



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=54ms TTL=50

Reply from 98.138.253.109: bytes=32 time=82ms TTL=50



Ping statistics for 98.138.253.109:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 54ms, Maximum = 82ms, Average = 68ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 c0 9f d1 35 62 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 14 a5 14 ec f8 ...... Broadcom 802.11b/g WLAN - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.2 192.168.1.2 20
192.168.1.2 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.2 192.168.1.2 20
224.0.0.0 240.0.0.0 192.168.1.2 192.168.1.2 20
255.255.255.255 255.255.255.255 192.168.1.2 192.168.1.2 1
255.255.255.255 255.255.255.255 192.168.1.2 3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\nwprovau.dll [142336] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/18/2012 04:15:08 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 14.0.1.4577, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/18/2012 04:15:08 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 14.0.1.4577, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/18/2012 04:15:08 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 14.0.1.4577, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/18/2012 01:28:21 PM) (Source: Microsoft Office 12) (User: )
Description: EventType offdiag12, P1 178b2035-3a3c-42e9-806c-0d903f189366b9cd2231-5172-4adb-9884-d9aa9870a6fb, P2 NIL, P3 NIL, P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 offdiag120, P10 offdiag121.

Error: (08/18/2012 00:34:11 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2012/08/18 12:34:06.546]: [00001672]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5

Error: (08/18/2012 00:06:37 AM) (Source: Microsoft Office 12) (User: )
Description: EventType offdiag12, P1 178b2035-3a3c-42e9-806c-0d903f189366b9cd2231-5172-4adb-9884-d9aa9870a6fb, P2 NIL, P3 NIL, P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 offdiag120, P10 offdiag121.

Error: (08/17/2012 11:51:49 PM) (Source: Microsoft Office 12) (User: )
Description: EventType offdiag12, P1 178b2035-3a3c-42e9-806c-0d903f189366b9cd2231-5172-4adb-9884-d9aa9870a6fb, P2 NIL, P3 NIL, P4 NIL, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 offdiag120, P10 offdiag121.

Error: (08/17/2012 11:51:36 PM) (Source: Application Hang) (User: )
Description: Fault bucket -1227688620.

Error: (08/17/2012 11:50:41 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 14.0.1.4577, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/17/2012 09:35:13 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientmsseces.exe4.0.1526.00x8007043cupdatecmainwindow__onsignatureupdatestatus0security essentialsNILNILNIL


System errors:
=============
Error: (08/18/2012 09:18:32 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/18/2012 09:18:14 PM) (Source: DCOM) (User: SEFLOR)
Description: DCOM got error "%%1084" attempting to start the service WDRulesService with arguments ""
in order to run the server:
{C004E60F-2D62-4BE1-98C4-C39A8046B6BB}

Error: (08/18/2012 09:17:05 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BANTExt
eabfiltr
Fips
MpFilter
Processor
SASDIFSV
SASKUTIL

Error: (08/18/2012 09:16:25 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/18/2012 00:39:41 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WDFMEService service.

Error: (08/18/2012 00:39:11 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WDFMEService service.

Error: (08/18/2012 00:38:42 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WDFMEService service.

Error: (08/18/2012 00:38:11 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WDFMEService service.

Error: (08/18/2012 00:37:41 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WDFMEService service.

Error: (08/18/2012 00:37:11 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the WDFMEService service.


Microsoft Office Sessions:
=========================
Error: (12/12/2009 11:57:10 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 331 seconds with 180 seconds of active time. This session ended with a crash.

Error: (12/12/2009 11:50:38 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 205 seconds with 180 seconds of active time. This session ended with a crash.

Error: (12/12/2009 11:46:19 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 164 seconds with 120 seconds of active time. This session ended with a crash.

Error: (04/12/2009 08:23:20 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 78 seconds with 60 seconds of active time. This session ended with a crash.

Error: (12/17/2008 01:35:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 185 seconds with 120 seconds of active time. This session ended with a crash.

Error: (01/29/2008 08:16:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 451 seconds with 60 seconds of active time. This session ended with a crash.

Error: (01/29/2008 08:07:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 234 seconds with 180 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Add-ons (Version: 1.0.0.0)
Adobe Acrobat 4.0 (Version: 4.0)
Adobe Flash Player 10 ActiveX (Version: 10.1.82.76)
Adobe Flash Player 10 Plugin (Version: 10.0.32.18)
Adobe Reader 7.0 (Version: 7.0.0)
Advanced Drawing
Annotations (Version: 1.0.0.0)
Annotations Help (Version: 1.0.0.0)
AnswerWorks 4.0 Runtime - English (Version: 4.0.101)
ATI - Software Uninstall Utility (Version: 6.14.10.1012)
ATI Control Panel (Version: 6.14.10.5145)
ATI Display Driver (Version: 8.122.1-050411a-022561C)
Belarc Advisor 8.1
Block Diagrams (Version: 1.0.0.0)
Block Diagrams Help (Version: 1.0.0.0)
Borders and Backgrounds (Version: 1.0.0.0)
Borders and Backgrounds Help (Version: 1.0.0.0)
Brother MFL-Pro Suite MFC-J615W (Version: 1.0.4.0)
Building Architecture (Version: 1.0.0.0)
Building Architecture Help (Version: 1.0.0.0)
Building Services (Version: 1.0.0.0)
Building Services Help (Version: 1.0.0.0)
CAD Drawing Converter (Version: 1.0.0.0)
CAD Drawing Converter Help (Version: 1.0.0.0)
CAD Drawing Display (Version: 1.0.0.0)
Callouts and Connectors (Version: 1.0.0.0)
Callouts and Connectors Help (Version: 1.0.0.0)
CCleaner (remove only)
ClickArt® 10,000 Image Pack
ClickArt® Gallery
Clip Art and Symbols (Version: 1.0.0.0)
Clip Art and Symbols Help (Version: 1.0.0.0)
Conexant AC-Link Audio
Critical Update for Windows Media Player 11 (KB959772)
Custom Patterns (Version: 1.0.0.0)
Custom Properties Editor (Version: 1.0.0.0)
Data Fax SoftModem with SmartCP
Database Wizard (Version: 1.0.0.0)
Developing Visio Solutions Help (Version: 1.0.0.0)
DXG-301V
Easy Internet Sign-up (Version: FE UI-3.2.0.1491)
EasyCleaner (Version: 2.0.6.380)
Electrical Engineering (Version: 1.0.0.0)
Electrical Engineering Help (Version: 1.0.0.0)
Equipment Selector (Version: 1.0.0.0)
Equipment Selector Furniture Database (Version: 1.0.0.0)
Equipment Selector Help (Version: 1.0.0.0)
ESET Online Scanner v3
Facilities Management (Version: 1.0.0.0)
Facilities Management Help (Version: 1.0.0.0)
Flowcharts (Version: 1.0.0.0)
Flowcharts Help (Version: 1.0.0.0)
Fluid Power (Version: 1.0.0.0)
Fluid Power Help (Version: 1.0.0.0)
Forms and Charts (Version: 1.0.0.0)
Forms and Charts Help (Version: 1.0.0.0)
Foundation technical (Version: 1.0.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3203.136)
Google Update Helper (Version: 1.3.21.115)
Graphics Filters (Version: 1.0.0.0)
GSP 100,000 Clipart Vol.1 (Version: 3.20.0000)
Help for Visio 2000 (HTML Help) (Version: 1.0.0.0)
Help_Technical (Version: 1.0.0.0)
HijackThis 2.0.2 (Version: 2.0.2)
HP Help and Support (Version: 3.200.16.1)
HP Software Update (Version: 3.0.5.001)
HP User Guides 0002 (Version: 1.00.0006)
HP Wireless Assistant 1.01 A2 (Version: 1.01 A2)
HpSdpAppCoreApp (Version: 3.00.0000)
Intel® Integrated Performance Primitives RTI 4.0 (Version: 4.0.23)
InterVideo WinDVD (Version: 5.0-B11.637)
iTunes (Version: 4.7.0.42)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Logitech MouseWare 9.79
Logitech Resource Center
LS_HSI (Version: 1.0.21.1)
Mah Jong Tiles Deluxe
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Maps (Version: 1.0.0.0)
Maps Help (Version: 1.0.0.0)
Mechanical Engineering (Version: 1.0.0.0)
Mechanical Engineering Help (Version: 1.0.0.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005 (Version: 14)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Repository (Version: 6.0.0.1)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual Studio Service Pack 3 (Version: 6.0.0.1)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MUSICMATCH® Jukebox
muvee autoProducer 4.0 - SE (Version: 4.00.050)
Network Diagrams (Version: 1.0.0.0)
Network Diagrams Help (Version: 1.0.0.0)
Office Layout (Version: 1.0.0.0)
Office Layout Help (Version: 1.0.0.0)
Organization Charts (Version: 1.0.0.0)
Organization Charts Help (Version: 1.0.0.0)
Page Layout Wizard (Version: 1.0.0.0)
PaperPort Image Printer (Version: 1.00.0000)
Portfolio Browser (Version: 6.01.0000)
Presto! Mr. Photo 3
Process Engineering (Version: 1.0.0.0)
Process Engineering Help (Version: 1.0.0.0)
Program Files (Version: 06.00.0000)
Program Files Help (Version: 1.0.0.0)
Program Files Technical (Version: 1.0.0.0)
Project Schedules (Version: 1.0.0.0)
Project Schedules Help (Version: 1.0.0.0)
Property Reporting Wizard (Version: 1.0.0.0)
Quick Launch Buttons 5.10 B2 (Version: 5.10 B2)
QuickTime
Release Notes (Version: 1.0.0.0)
Save as HTML (Version: 1.0.0.0)
ScanSoft PaperPort 11 (Version: 11.2.0000)
Scrapbook Factory (Version: 2.00.0004)
Shape Explorer (Version: 1.0.0.0)
Shape Explorer Help (Version: 1.0.0.0)
Smart Start UP
Solutions (Version: 1.0.0.0)
Sonic Audio Module (Version: 2.0.0)
Sonic Copy Module (Version: 2.0.0)
Sonic Data Module (Version: 2.0.0)
Sonic Express Labeler (Version: 2.0.0)
Sonic MyDVD Plus (Version: 6.1.0)
Sonic Update Manager (Version: 3.0.0)
Spelling (Version: 1.0.0.0)
SpywareBlaster 4.6 (Version: 4.6.0)
SUPERAntiSpyware (Version: 4.48.1000)
Synaptics Pointing Device Driver (Version: 7.13.0.1)
Texas Instruments PCIxx21/x515 drivers. (Version: 1.09.0000)
The Print Shop 12
TIxx21 (Version: 1.09.0000)
TurboTax 2008
TurboTax 2008 WinPerFedFormset (Version: 008.000.0338)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0218)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0190)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.1000)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0428)
TurboTax 2008 wmdiper (Version: 008.000.0120)
TurboTax 2008 wrapper (Version: 008.000.0065)
TurboTax Home & Business 2006
TurboTax Home & Business 2007
TurboTax ItsDeductible 2006 (Version: 10.00.0000)
Uniblue ProcessScanner
Uninstall Startup Inspector
Unity Web Player (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB972636) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VBA (Version: 6.01.00.1234)
Visio (Version: 1.0.0.0)
Visio 2000 (Version: 6.0.0.1)
Visio Core Files (Version: 06.00.0000)
Visio Technical Core Files (Version: 06.00.0000)
WD SmartWare (Version: 1.5.4)
WD Software Upgrader (Version: 1.5.0.6)
WebFldrs XP (Version: 9.50.7523)
WexTech AnswerWorks (Version: 1.00.000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Detect
Zone Deluxe Games (Version: 7.1.7412.1)

**** End of log ****

#6 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,192 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:21 AM

Posted 19 August 2012 - 09:21 AM

Hi,

You have lots of programs installed, do you know how much RAM the computer have? If you don't know run Belarc you have installed the program will show you all your computer specs.

Please Download TDSSkiller
Run it, click on change parameters and check the box for TDLFS file system.

Click on "Scan". If it finds suspicious objects leave it as Skip. Locate the log generated (should be in your C drive) with a name like this TDSSKiller.Version_Date_Time_log.txt.
Please post the log.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#7 sonrol

sonrol
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 19 August 2012 - 10:32 AM

Ran Belarc. It reports 2 slots with 512MB each with usable RAM at 896MB

Scan results as follows:

11:06:13.0234 1732 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
11:06:14.0093 1732 ============================================================
11:06:14.0093 1732 Current date / time: 2012/08/19 11:06:14.0093
11:06:14.0093 1732 SystemInfo:
11:06:14.0093 1732
11:06:14.0093 1732 OS Version: 5.1.2600 ServicePack: 3.0
11:06:14.0093 1732 Product type: Workstation
11:06:14.0109 1732 ComputerName: SEFLOR
11:06:14.0109 1732 UserName: PATRICIA SEFLOR
11:06:14.0109 1732 Windows directory: C:\WINDOWS
11:06:14.0109 1732 System windows directory: C:\WINDOWS
11:06:14.0109 1732 Processor architecture: Intel x86
11:06:14.0109 1732 Number of processors: 1
11:06:14.0109 1732 Page size: 0x1000
11:06:14.0109 1732 Boot type: Normal boot
11:06:14.0109 1732 ============================================================
11:06:42.0984 1732 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:06:43.0671 1732 Drive \Device\Harddisk1\DR2 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:06:43.0828 1732 ============================================================
11:06:43.0890 1732 \Device\Harddisk0\DR0:
11:06:44.0015 1732 MBR partitions:
11:06:44.0015 1732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80
11:06:44.0015 1732 \Device\Harddisk1\DR2:
11:06:44.0015 1732 MBR partitions:
11:06:44.0015 1732 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
11:06:44.0015 1732 ============================================================
11:06:44.0484 1732 C: <-> \Device\Harddisk0\DR0\Partition1
11:06:44.0984 1732 F: <-> \Device\Harddisk1\DR2\Partition1
11:06:44.0984 1732 ============================================================
11:06:44.0984 1732 Initialize success
11:06:44.0984 1732 ============================================================
11:07:40.0765 1208 ============================================================
11:07:40.0765 1208 Scan started
11:07:40.0765 1208 Mode: Manual; TDLFS;
11:07:40.0765 1208 ============================================================
11:07:41.0859 1208 ================ Scan services =============================
11:07:41.0968 1208 [ c0393eb99a6c72c6bef9bfc4a72b33a6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:07:41.0968 1208 !SASCORE - ok
11:07:42.0171 1208 Abiosdsk - ok
11:07:42.0187 1208 abp480n5 - ok
11:07:42.0234 1208 [ 4848abf6d2f38c8a1f2138d4fe8f9455 ] Achernar C:\WINDOWS\system32\Drivers\Achernar.sys
11:07:44.0265 1208 Achernar - ok
11:07:44.0328 1208 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:07:44.0328 1208 ACPI - ok
11:07:44.0359 1208 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:07:44.0375 1208 ACPIEC - ok
11:07:44.0390 1208 adpu160m - ok
11:07:44.0421 1208 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:07:44.0421 1208 aec - ok
11:07:44.0484 1208 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:07:44.0484 1208 AFD - ok
11:07:44.0500 1208 Aha154x - ok
11:07:44.0515 1208 aic78u2 - ok
11:07:44.0531 1208 aic78xx - ok
11:07:44.0578 1208 [ 03a26904786d78552b93bb4d64f0b72f ] Aldebaran C:\WINDOWS\System32\Drivers\Aldebaran.sys
11:07:44.0703 1208 Aldebaran - ok
11:07:44.0750 1208 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:07:44.0750 1208 Alerter - ok
11:07:44.0796 1208 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
11:07:44.0796 1208 ALG - ok
11:07:44.0812 1208 [ 1140ab9938809700b46bb88e46d72a96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
11:07:44.0812 1208 AliIde - ok
11:07:44.0828 1208 amsint - ok
11:07:44.0843 1208 AppMgmt - ok
11:07:44.0890 1208 [ b5b8a80875c1dededa8b02765642c32f ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:07:44.0921 1208 Arp1394 - ok
11:07:44.0921 1208 asc - ok
11:07:44.0937 1208 asc3350p - ok
11:07:44.0953 1208 asc3550 - ok
11:07:45.0109 1208 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:07:45.0156 1208 aspnet_state - ok
11:07:45.0187 1208 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:07:45.0203 1208 AsyncMac - ok
11:07:45.0234 1208 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:07:45.0234 1208 atapi - ok
11:07:45.0250 1208 Atdisk - ok
11:07:45.0328 1208 [ 9fb66cdb75a069a156208ef98b6eeb62 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
11:07:45.0328 1208 Ati HotKey Poller - ok
11:07:45.0437 1208 [ 9dc33d25ee0ed27752455a52f25ddb6e ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:07:45.0453 1208 ati2mtag - ok
11:07:45.0640 1208 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:07:45.0656 1208 Atmarpc - ok
11:07:45.0718 1208 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:07:45.0718 1208 AudioSrv - ok
11:07:45.0781 1208 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:07:45.0781 1208 audstub - ok
11:07:45.0812 1208 [ 5d7be7b19e827125e016325334e58ff1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
11:07:45.0812 1208 BANTExt - ok
11:07:45.0859 1208 [ e7debb46b9ef1f28932e533be4a3d1a9 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
11:07:45.0875 1208 BCM43XX - ok
11:07:45.0890 1208 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:07:45.0890 1208 Beep - ok
11:07:46.0015 1208 [ 574738f61fca2935f5265dc4e5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:07:46.0203 1208 BITS - ok
11:07:46.0265 1208 [ d3facb34fff5db91adb70987838f8ba7 ] Brother XP spl Service C:\WINDOWS\system32\brsvc01a.exe
11:07:46.0296 1208 Brother XP spl Service - ok
11:07:46.0375 1208 [ cfd4e51402da9838b5a04ae680af54a0 ] Browser C:\WINDOWS\System32\browser.dll
11:07:46.0390 1208 Browser - ok
11:07:46.0562 1208 [ 92a964547b96d697e5e9ed43b4297f5a ] BrScnUsb C:\WINDOWS\system32\Drivers\BrScnUsb.sys
11:07:46.0609 1208 BrScnUsb - ok
11:07:46.0656 1208 [ 9f80879913dc2712fd0c4d734e3f519b ] BrSerIb C:\WINDOWS\system32\DRIVERS\BrSerIb.sys
11:07:46.0671 1208 BrSerIb - ok
11:07:46.0703 1208 [ 26051d886f3333cb41857d6f52248de1 ] BrSerIf C:\WINDOWS\system32\Drivers\BrSerIf.sys
11:07:46.0703 1208 BrSerIf - ok
11:07:46.0734 1208 [ 7ac85cdc03befd78908b3b6a73d201d0 ] BrUsbSer C:\WINDOWS\system32\Drivers\BrUsbSer.sys
11:07:46.0734 1208 BrUsbSer - ok
11:07:46.0750 1208 [ b67512da42c0c90bf236d5485226c1c7 ] BrUsbSIb C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys
11:07:46.0750 1208 BrUsbSIb - ok
11:07:46.0843 1208 [ ea7e57f87d6fee5fd6c5f813c04e8cd2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
11:07:46.0859 1208 BrYNSvc - ok
11:07:46.0906 1208 [ e6bcc8cd48a7bb9c83ea1536fcff0fd1 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
11:07:48.0156 1208 BTWUSB - ok
11:07:48.0203 1208 [ 4ebc37b6677a6768b307ae40839d788f ] CAMCAUD C:\WINDOWS\system32\drivers\camc6aud.sys
11:07:48.0203 1208 CAMCAUD - ok
11:07:48.0281 1208 [ 9a38fc432ad8b3400cefb70a7236979e ] CAMCHALA C:\WINDOWS\system32\drivers\camc6hal.sys
11:07:48.0296 1208 CAMCHALA - ok
11:07:48.0546 1208 catchme - ok
11:07:48.0687 1208 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:07:48.0687 1208 cbidf2k - ok
11:07:48.0703 1208 cd20xrnt - ok
11:07:48.0718 1208 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:07:48.0750 1208 Cdaudio - ok
11:07:48.0812 1208 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:07:48.0828 1208 Cdfs - ok
11:07:48.0859 1208 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:07:48.0859 1208 Cdrom - ok
11:07:48.0875 1208 Changer - ok
11:07:48.0937 1208 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:07:48.0953 1208 CiSvc - ok
11:07:49.0000 1208 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:07:49.0000 1208 ClipSrv - ok
11:07:49.0046 1208 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:07:49.0156 1208 clr_optimization_v2.0.50727_32 - ok
11:07:49.0187 1208 [ 0f6c187d38d98f8df904589a5f94d411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:07:49.0187 1208 CmBatt - ok
11:07:49.0203 1208 CmdIde - ok
11:07:49.0218 1208 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:07:49.0218 1208 Compbatt - ok
11:07:49.0234 1208 COMSysApp - ok
11:07:49.0265 1208 Cpqarray - ok
11:07:49.0296 1208 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:07:49.0296 1208 CryptSvc - ok
11:07:49.0312 1208 dac2w2k - ok
11:07:49.0328 1208 dac960nt - ok
11:07:49.0406 1208 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:07:49.0453 1208 DcomLaunch - ok
11:07:49.0578 1208 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:07:49.0578 1208 Dhcp - ok
11:07:49.0609 1208 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:07:49.0609 1208 Disk - ok
11:07:49.0625 1208 dmadmin - ok
11:07:49.0718 1208 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:07:49.0796 1208 dmboot - ok
11:07:49.0828 1208 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:07:49.0843 1208 dmio - ok
11:07:49.0906 1208 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:07:49.0906 1208 dmload - ok
11:07:49.0968 1208 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:07:49.0968 1208 dmserver - ok
11:07:50.0000 1208 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:07:50.0000 1208 DMusic - ok
11:07:50.0031 1208 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:07:50.0031 1208 Dnscache - ok
11:07:50.0109 1208 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:07:50.0109 1208 Dot3svc - ok
11:07:50.0125 1208 dpti2o - ok
11:07:50.0156 1208 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:07:50.0156 1208 drmkaud - ok
11:07:50.0203 1208 [ 81b7808d3b5892388f33273119c2dc31 ] eabfiltr C:\WINDOWS\system32\drivers\EABFiltr.sys
11:07:50.0203 1208 eabfiltr - ok
11:07:50.0250 1208 [ 1ba14da377b66278335d4b9e8824cd42 ] eabusb C:\WINDOWS\system32\drivers\eabusb.sys
11:07:50.0250 1208 eabusb - ok
11:07:50.0281 1208 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:07:50.0281 1208 EapHost - ok
11:07:50.0312 1208 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:07:50.0312 1208 ERSvc - ok
11:07:50.0328 1208 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:07:50.0343 1208 Eventlog - ok
11:07:50.0500 1208 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
11:07:50.0515 1208 EventSystem - ok
11:07:50.0593 1208 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:07:50.0640 1208 Fastfat - ok
11:07:50.0718 1208 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:07:50.0718 1208 FastUserSwitchingCompatibility - ok
11:07:50.0765 1208 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:07:50.0765 1208 Fdc - ok
11:07:50.0828 1208 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:07:50.0828 1208 Fips - ok
11:07:50.0859 1208 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:07:50.0875 1208 Flpydisk - ok
11:07:50.0937 1208 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:07:50.0937 1208 FltMgr - ok
11:07:51.0078 1208 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:07:51.0078 1208 FontCache3.0.0.0 - ok
11:07:51.0125 1208 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:07:51.0140 1208 Fs_Rec - ok
11:07:51.0156 1208 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:07:51.0156 1208 Ftdisk - ok
11:07:51.0218 1208 [ 2fb04db459c71f416ee8b05448ca4ac3 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:07:51.0218 1208 GEARAspiWDM - ok
11:07:51.0265 1208 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:07:51.0265 1208 Gpc - ok
11:07:51.0421 1208 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:07:51.0421 1208 gupdate - ok
11:07:51.0437 1208 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:07:51.0437 1208 gupdatem - ok
11:07:51.0562 1208 [ 5d4bc124faae6730ac002cdb67bf1a1c ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:07:51.0578 1208 gusvc - ok
11:07:51.0734 1208 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:07:51.0734 1208 helpsvc - ok
11:07:51.0796 1208 [ deb04da35cc871b6d309b77e1443c796 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:07:51.0796 1208 HidServ - ok
11:07:51.0843 1208 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:07:51.0875 1208 HidUsb - ok
11:07:51.0968 1208 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:07:51.0984 1208 hkmsvc - ok
11:07:52.0000 1208 hpn - ok
11:07:52.0109 1208 [ 6745820c1b0783a367f03da128f5b1e2 ] hpqwmi C:\Program Files\HPQ\SHARED\HPQWMI.exe
11:07:56.0203 1208 hpqwmi - ok
11:07:56.0281 1208 [ 13d4b70bf2f9bc550e9079da864d3ec1 ] HSFHWATI C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
11:07:56.0281 1208 HSFHWATI - ok
11:07:56.0359 1208 [ dfa8f86c0dbca7db948043aa3be6793b ] HSF_DP C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
11:07:56.0421 1208 HSF_DP - ok
11:07:56.0484 1208 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:07:56.0484 1208 HTTP - ok
11:07:56.0546 1208 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:07:56.0546 1208 HTTPFilter - ok
11:07:56.0562 1208 i2omgmt - ok
11:07:56.0578 1208 i2omp - ok
11:07:56.0609 1208 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:07:56.0625 1208 i8042prt - ok
11:07:56.0750 1208 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:07:56.0765 1208 idsvc - ok
11:07:56.0812 1208 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:07:56.0828 1208 Imapi - ok
11:07:56.0875 1208 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:07:56.0875 1208 ImapiService - ok
11:07:56.0906 1208 ini910u - ok
11:07:56.0937 1208 [ b5466a9250342a7aa0cd1fba13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:07:56.0953 1208 IntelIde - ok
11:07:57.0093 1208 [ 1a263bd87c082fa7ab38093014c8fc79 ] IntuitUpdateService C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
11:07:57.0093 1208 IntuitUpdateService - ok
11:07:57.0140 1208 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:07:57.0140 1208 Ip6Fw - ok
11:07:57.0187 1208 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:07:57.0187 1208 IpFilterDriver - ok
11:07:57.0218 1208 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:07:57.0218 1208 IpInIp - ok
11:07:57.0265 1208 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:07:57.0265 1208 IpNat - ok
11:07:57.0312 1208 [ 6d1dd86ea58ad1b2f57301042d819436 ] iPodService C:\Program Files\iPod\bin\iPodService.exe
11:07:57.0343 1208 iPodService - ok
11:07:57.0359 1208 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:07:57.0375 1208 IPSec - ok
11:07:57.0453 1208 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:07:57.0468 1208 IRENUM - ok
11:07:57.0640 1208 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:07:57.0640 1208 isapnp - ok
11:07:57.0796 1208 [ 4f2143570d2250ca4c4a4c98553c82cd ] JavaQuickStarterService C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
11:07:57.0796 1208 JavaQuickStarterService - ok
11:07:57.0828 1208 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:07:57.0828 1208 Kbdclass - ok
11:07:57.0875 1208 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:07:57.0875 1208 kmixer - ok
11:07:57.0921 1208 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:07:57.0921 1208 KSecDD - ok
11:07:57.0968 1208 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:07:57.0984 1208 lanmanserver - ok
11:07:58.0031 1208 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:07:58.0031 1208 lanmanworkstation - ok
11:07:58.0046 1208 lbrtfdc - ok
11:07:58.0125 1208 [ b97d05e656818572b6b04ba682d3aa8f ] LHidFlt2 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
11:07:58.0125 1208 LHidFlt2 - ok
11:07:58.0203 1208 [ c4869842d15987d9e05f8c54684d9857 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:07:58.0203 1208 LightScribeService - ok
11:07:58.0250 1208 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:07:58.0250 1208 LmHosts - ok
11:07:58.0265 1208 [ b666f835c18974f392a387c6e863072f ] LMouFlt2 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
11:07:58.0281 1208 LMouFlt2 - ok
11:07:58.0312 1208 [ 3c318b9cd391371bed62126581ee9961 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:07:58.0312 1208 mdmxsdk - ok
11:07:58.0375 1208 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:07:58.0375 1208 Messenger - ok
11:07:58.0437 1208 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:07:58.0453 1208 mnmdd - ok
11:07:58.0484 1208 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:07:58.0531 1208 mnmsrvc - ok
11:07:58.0593 1208 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:07:58.0593 1208 Modem - ok
11:07:58.0656 1208 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:07:58.0656 1208 Mouclass - ok
11:07:58.0687 1208 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:07:58.0687 1208 mouhid - ok
11:07:58.0734 1208 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:07:58.0734 1208 MountMgr - ok
11:07:58.0828 1208 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:07:58.0828 1208 MozillaMaintenance - ok
11:07:58.0875 1208 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:07:58.0890 1208 MpFilter - ok
11:07:59.0078 1208 [ a69630d039c38018689190234f866d77 ] MpKsl7817892b C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14C09E7A-AE2B-4EF4-B4BA-DE3737343227}\MpKsl7817892b.sys
11:07:59.0078 1208 MpKsl7817892b - ok
11:07:59.0093 1208 mraid35x - ok
11:07:59.0140 1208 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:07:59.0140 1208 MRxDAV - ok
11:07:59.0218 1208 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:07:59.0218 1208 MRxSmb - ok
11:07:59.0281 1208 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:07:59.0281 1208 MSDTC - ok
11:07:59.0328 1208 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:07:59.0328 1208 Msfs - ok
11:07:59.0343 1208 MSIServer - ok
11:07:59.0468 1208 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:07:59.0468 1208 MSKSSRV - ok
11:07:59.0687 1208 [ 24516bf4e12a46cb67302e2cdcb8cddf ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
11:07:59.0687 1208 MsMpSvc - ok
11:07:59.0718 1208 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:07:59.0718 1208 MSPCLOCK - ok
11:07:59.0750 1208 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:07:59.0765 1208 MSPQM - ok
11:07:59.0812 1208 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:07:59.0812 1208 mssmbios - ok
11:07:59.0843 1208 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:07:59.0843 1208 Mup - ok
11:07:59.0906 1208 [ 31509f505fea9b37f9e59a10adcfe8f5 ] MxlW2k C:\WINDOWS\system32\drivers\MxlW2k.sys
11:08:00.0203 1208 MxlW2k - ok
11:08:00.0281 1208 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:08:00.0281 1208 napagent - ok
11:08:00.0343 1208 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:08:00.0343 1208 NDIS - ok
11:08:00.0468 1208 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:08:00.0468 1208 NdisTapi - ok
11:08:00.0562 1208 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:08:00.0562 1208 Ndisuio - ok
11:08:00.0593 1208 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:08:00.0593 1208 NdisWan - ok
11:08:00.0640 1208 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:08:00.0640 1208 NDProxy - ok
11:08:00.0687 1208 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:08:00.0687 1208 NetBIOS - ok
11:08:00.0718 1208 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:08:00.0750 1208 NetBT - ok
11:08:00.0796 1208 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
11:08:00.0796 1208 NetDDE - ok
11:08:00.0812 1208 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:08:00.0812 1208 NetDDEdsdm - ok
11:08:00.0875 1208 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:08:00.0875 1208 Netlogon - ok
11:08:00.0937 1208 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
11:08:00.0953 1208 Netman - ok
11:08:01.0000 1208 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:08:01.0000 1208 NetTcpPortSharing - ok
11:08:01.0031 1208 [ e9e47cfb2d461fa0fc75b7a74c6383ea ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:08:01.0031 1208 NIC1394 - ok
11:08:01.0093 1208 [ 943337d786a56729263071623bbb9de5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:08:01.0109 1208 Nla - ok
11:08:01.0125 1208 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:08:01.0125 1208 Npfs - ok
11:08:01.0203 1208 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:08:01.0218 1208 Ntfs - ok
11:08:01.0234 1208 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:08:01.0234 1208 NtLmSsp - ok
11:08:01.0281 1208 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:08:01.0296 1208 NtmsSvc - ok
11:08:01.0328 1208 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
11:08:01.0343 1208 Null - ok
11:08:01.0375 1208 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:08:01.0375 1208 NwlnkFlt - ok
11:08:01.0453 1208 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:08:01.0484 1208 NwlnkFwd - ok
11:08:01.0546 1208 [ 8b8b1be2dba4025da6786c645f77f123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
11:08:01.0546 1208 NwlnkIpx - ok
11:08:01.0578 1208 [ 56d34a67c05e94e16377c60609741ff8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
11:08:01.0593 1208 NwlnkNb - ok
11:08:01.0625 1208 [ c0bb7d1615e1acbdc99757f6ceaf8cf0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
11:08:01.0625 1208 NwlnkSpx - ok
11:08:01.0703 1208 [ 4b83fcbbe72af5f99d109798653e8b78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
11:08:01.0703 1208 NwSapAgent - ok
11:08:02.0093 1208 [ 785f487a64950f3cb8e9f16253ba3b7b ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:08:02.0140 1208 odserv - ok
11:08:02.0203 1208 [ ca33832df41afb202ee7aeb05145922f ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:08:02.0250 1208 ohci1394 - ok
11:08:02.0468 1208 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:08:02.0578 1208 ose - ok
11:08:02.0734 1208 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:08:02.0765 1208 Parport - ok
11:08:02.0828 1208 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:08:02.0875 1208 PartMgr - ok
11:08:02.0968 1208 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:08:02.0984 1208 ParVdm - ok
11:08:03.0078 1208 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:08:03.0078 1208 PCI - ok
11:08:03.0093 1208 PCIDump - ok
11:08:03.0109 1208 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:08:03.0109 1208 PCIIde - ok
11:08:03.0125 1208 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:08:03.0140 1208 Pcmcia - ok
11:08:03.0156 1208 PDCOMP - ok
11:08:03.0171 1208 PDFRAME - ok
11:08:03.0187 1208 PDRELI - ok
11:08:03.0203 1208 PDRFRAME - ok
11:08:03.0218 1208 perc2 - ok
11:08:03.0234 1208 perc2hib - ok
11:08:03.0281 1208 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:08:03.0281 1208 PlugPlay - ok
11:08:03.0312 1208 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:08:03.0312 1208 PolicyAgent - ok
11:08:03.0375 1208 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:08:03.0390 1208 PptpMiniport - ok
11:08:03.0484 1208 [ a32bebaf723557681bfc6bd93e98bd26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
11:08:03.0500 1208 Processor - ok
11:08:03.0500 1208 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:08:03.0515 1208 ProtectedStorage - ok
11:08:03.0546 1208 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:08:03.0703 1208 PSched - ok
11:08:03.0781 1208 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:08:03.0781 1208 Ptilink - ok
11:08:03.0843 1208 [ 7c81ae3c9b82ba2da437ed4d31bc56cf ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:08:04.0078 1208 PxHelp20 - ok
11:08:04.0093 1208 ql1080 - ok
11:08:04.0109 1208 Ql10wnt - ok
11:08:04.0125 1208 ql12160 - ok
11:08:04.0140 1208 ql1240 - ok
11:08:04.0156 1208 ql1280 - ok
11:08:04.0171 1208 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:08:04.0171 1208 RasAcd - ok
11:08:04.0234 1208 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:08:04.0265 1208 RasAuto - ok
11:08:04.0296 1208 [ 0207d26ddf796a193ccd9f83047bb5fc ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:08:04.0312 1208 Rasirda - ok
11:08:04.0343 1208 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:08:04.0343 1208 Rasl2tp - ok
11:08:04.0531 1208 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:08:04.0546 1208 RasMan - ok
11:08:04.0562 1208 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:08:04.0562 1208 RasPppoe - ok
11:08:04.0578 1208 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:08:04.0578 1208 Raspti - ok
11:08:04.0671 1208 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:08:04.0671 1208 Rdbss - ok
11:08:04.0734 1208 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:08:04.0750 1208 RDPCDD - ok
11:08:04.0890 1208 [ 43af5212bd8fb5ba6eed9754358bd8f7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:08:04.0890 1208 RDPWD - ok
11:08:04.0984 1208 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:08:04.0984 1208 RDSessMgr - ok
11:08:05.0031 1208 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:08:05.0031 1208 redbook - ok
11:08:05.0093 1208 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:08:05.0109 1208 RemoteAccess - ok
11:08:05.0203 1208 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
11:08:05.0234 1208 RpcLocator - ok
11:08:05.0296 1208 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:08:05.0296 1208 RpcSs - ok
11:08:05.0343 1208 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:08:05.0359 1208 RSVP - ok
11:08:05.0406 1208 [ 7f0413bdd7d53eb4c7a371e7f6f84df1 ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
11:08:05.0421 1208 RTL8023xp - ok
11:08:05.0484 1208 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:08:05.0484 1208 SamSs - ok
11:08:05.0578 1208 [ 39763504067962108505bff25f024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:08:05.0578 1208 SASDIFSV - ok
11:08:05.0687 1208 [ 77b9fc20084b48408ad3e87570eb4a85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:08:05.0687 1208 SASKUTIL - ok
11:08:05.0765 1208 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:08:05.0765 1208 SCardSvr - ok
11:08:05.0859 1208 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:08:05.0875 1208 Schedule - ok
11:08:05.0921 1208 [ 8d04819a3ce51b9eb47e5689b44d43c4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:08:05.0921 1208 sdbus - ok
11:08:05.0953 1208 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:08:05.0953 1208 Secdrv - ok
11:08:06.0000 1208 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:08:06.0000 1208 seclogon - ok
11:08:06.0046 1208 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
11:08:06.0046 1208 SENS - ok
11:08:06.0093 1208 [ 0f29512ccd6bead730039fb4bd2c85ce ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:08:06.0093 1208 serenum - ok
11:08:06.0125 1208 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:08:06.0125 1208 Serial - ok
11:08:06.0171 1208 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:08:06.0171 1208 Sfloppy - ok
11:08:06.0234 1208 [ 83f41d0d89645d7235c051ab1d9523ac ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:08:06.0250 1208 SharedAccess - ok
11:08:06.0281 1208 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:08:06.0281 1208 ShellHWDetection - ok
11:08:06.0296 1208 Simbad - ok
11:08:06.0359 1208 [ 707647a1aa0edb6cbef61b0c75c28ed3 ] SMCIRDA C:\WINDOWS\system32\DRIVERS\smcirda.sys
11:08:06.0359 1208 SMCIRDA - ok
11:08:06.0375 1208 Sparrow - ok
11:08:06.0468 1208 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:08:06.0468 1208 splitter - ok
11:08:06.0609 1208 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:08:06.0625 1208 Spooler - ok
11:08:06.0656 1208 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:08:06.0671 1208 sr - ok
11:08:06.0750 1208 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:08:06.0750 1208 srservice - ok
11:08:06.0812 1208 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:08:06.0843 1208 Srv - ok
11:08:06.0875 1208 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:08:06.0875 1208 SSDPSRV - ok
11:08:06.0953 1208 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:08:06.0968 1208 stisvc - ok
11:08:07.0078 1208 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:08:07.0078 1208 swenum - ok
11:08:07.0109 1208 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:08:07.0109 1208 swmidi - ok
11:08:07.0125 1208 SwPrv - ok
11:08:07.0156 1208 symc810 - ok
11:08:07.0171 1208 symc8xx - ok
11:08:07.0187 1208 sym_hi - ok
11:08:07.0203 1208 sym_u3 - ok
11:08:07.0296 1208 [ 1dbc86da355b5db35174f862c110fd09 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:08:07.0296 1208 SynTP - ok
11:08:07.0343 1208 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:08:07.0359 1208 sysaudio - ok
11:08:07.0484 1208 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:08:07.0500 1208 SysmonLog - ok
11:08:07.0578 1208 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:08:07.0593 1208 TapiSrv - ok
11:08:07.0687 1208 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:08:07.0687 1208 Tcpip - ok
11:08:07.0750 1208 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:08:07.0750 1208 TDPIPE - ok
11:08:07.0796 1208 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:08:07.0796 1208 TDTCP - ok
11:08:07.0828 1208 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:08:07.0843 1208 TermDD - ok
11:08:07.0921 1208 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
11:08:07.0921 1208 TermService - ok
11:08:07.0968 1208 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
11:08:07.0968 1208 Themes - ok
11:08:08.0046 1208 [ a900f20ac0ed38223fbb87d2884cafb9 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
11:08:08.0046 1208 tifm21 - ok
11:08:08.0062 1208 TosIde - ok
11:08:08.0125 1208 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:08:08.0125 1208 TrkWks - ok
11:08:08.0203 1208 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:08:08.0203 1208 Udfs - ok
11:08:08.0218 1208 ultra - ok
11:08:08.0296 1208 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:08:08.0312 1208 Update - ok
11:08:08.0359 1208 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:08:08.0359 1208 upnphost - ok
11:08:08.0390 1208 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
11:08:08.0406 1208 UPS - ok
11:08:08.0453 1208 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:08:08.0500 1208 usbccgp - ok
11:08:08.0546 1208 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:08:08.0546 1208 usbehci - ok
11:08:08.0625 1208 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:08:08.0625 1208 usbhub - ok
11:08:08.0671 1208 [ 0daecce65366ea32b162f85f07c6753b ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
11:08:08.0671 1208 usbohci - ok
11:08:08.0718 1208 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:08:08.0718 1208 usbprint - ok
11:08:08.0781 1208 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:08:08.0781 1208 USBSTOR - ok
11:08:08.0859 1208 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:08:08.0859 1208 usbuhci - ok
11:08:08.0890 1208 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:08:08.0890 1208 VgaSave - ok
11:08:08.0953 1208 [ 3b3efcda263b8ac14fdf9cbdd0791b2e ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
11:08:08.0953 1208 ViaIde - ok
11:08:08.0984 1208 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:08:09.0000 1208 VolSnap - ok
11:08:09.0046 1208 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
11:08:09.0062 1208 VSS - ok
11:08:09.0109 1208 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\system32\w32time.dll
11:08:09.0109 1208 W32Time - ok
11:08:09.0187 1208 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:08:09.0187 1208 Wanarp - ok
11:08:09.0218 1208 [ d6efaf429fd30c5df613d220e344cce7 ] WDC_SAM C:\WINDOWS\system32\DRIVERS\wdcsam.sys
11:08:09.0218 1208 WDC_SAM - ok
11:08:09.0281 1208 [ 24e26b7c7706aebf679b70575610d5f9 ] WDDMService C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
11:08:09.0296 1208 WDDMService - ok
11:08:09.0437 1208 [ 6c0c5b01a6a57d9b75839ad0f22dc3f1 ] WDFMEService C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
11:08:09.0468 1208 WDFMEService - ok
11:08:09.0484 1208 WDICA - ok
11:08:09.0546 1208 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:08:09.0562 1208 wdmaud - ok
11:08:09.0750 1208 [ 6063d6602b8d60afa3cc10586b79a58a ] WDRulesService C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
11:08:09.0781 1208 WDRulesService - ok
11:08:09.0828 1208 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:08:09.0828 1208 WebClient - ok
11:08:09.0921 1208 [ 473ee64c368ce2eed110376c11960259 ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:08:09.0937 1208 winachsf - ok
11:08:10.0062 1208 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:08:10.0062 1208 winmgmt - ok
11:08:10.0125 1208 [ c51b4a5c05a5475708e3c81c7765b71d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:08:10.0125 1208 WmdmPmSN - ok
11:08:10.0234 1208 [ c42584fd66ce9e17403aebca199f7bdb ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:08:10.0234 1208 WmiAcpi - ok
11:08:10.0281 1208 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:08:10.0281 1208 WmiApSrv - ok
11:08:10.0515 1208 [ f74e3d9a7fa9556c3bbb14d4e5e63d3b ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:08:10.0531 1208 WMPNetworkSvc - ok
11:08:10.0593 1208 [ 6abe6e225adb5a751622a9cc3bc19ce8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:08:10.0609 1208 WS2IFSL - ok
11:08:10.0656 1208 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:08:10.0671 1208 wscsvc - ok
11:08:10.0687 1208 [ 35321fb577cdc98ce3eb3a3eb9e4610a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:08:10.0734 1208 wuauserv - ok
11:08:10.0828 1208 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:08:10.0828 1208 WudfPf - ok
11:08:10.0859 1208 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:08:10.0859 1208 WudfRd - ok
11:08:10.0890 1208 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:08:10.0890 1208 WudfSvc - ok
11:08:10.0953 1208 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:08:10.0968 1208 WZCSVC - ok
11:08:11.0000 1208 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:08:11.0015 1208 xmlprov - ok
11:08:11.0046 1208 ================ Scan global ===============================
11:08:11.0109 1208 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
11:08:11.0140 1208 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
11:08:11.0171 1208 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
11:08:11.0203 1208 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
11:08:11.0203 1208 [Global] - ok
11:08:11.0218 1208 ================ Scan MBR ==================================
11:08:11.0234 1208 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk0\DR0
11:08:11.0656 1208 \Device\Harddisk0\DR0 - ok
11:08:11.0687 1208 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
11:08:11.0859 1208 \Device\Harddisk1\DR2 - ok
11:08:11.0859 1208 ================ Scan VBR ==================================
11:08:11.0875 1208 Boot (0x1200) (39ff419ae5d7544a131d360c58d8751a) \Device\Harddisk0\DR0\Partition1
11:08:11.0875 1208 \Device\Harddisk0\DR0\Partition1 - ok
11:08:11.0875 1208 Boot (0x1200) (4ae21f4c5da1ede45b67ada07cb293b0) \Device\Harddisk1\DR2\Partition1
11:08:11.0890 1208 \Device\Harddisk1\DR2\Partition1 - ok
11:08:11.0890 1208 ============================================================
11:08:11.0890 1208 Scan finished
11:08:11.0890 1208 ============================================================
11:08:11.0953 2988 Detected object count: 0
11:08:11.0953 2988 Actual detected object count: 0
11:09:25.0265 3104 Deinitialize success

#8 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,192 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:21 AM

Posted 19 August 2012 - 03:26 PM

Hi,

1GB of RAM its not much memory for all that and the graphic card is using also some memory...

Can you give some details about what you disable/remove using StartUp Inspector and autoruns?

The Event Viewer shows that some device services are failing to start...

Do you have Malwarebytes with the Real-time protection active? If you have please disable the run-time protection because MSE and malwarebytes running at the same time can be too much.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#9 sonrol

sonrol
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 19 August 2012 - 04:55 PM

My version of Malwarebytes is the free version. It does not run in real time.

I disabled the following in Startup Inspector

C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\Default Settings\cpqset.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
Warning: This file does not exists.
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
Warning: This file does not exists.

I disabled the following in autoruns:

0 File not found: http://www.lifenatural.com/images/aaasmoke-rxbanner2.jpg
1 File not found: http://mailcenter3.comcast.net/wm/images/nav-bg.gif
2 2 File not found: About:Home
3 AppMgmt Provides software installation services such as Assign, Publish, and Remove. File not found: C:\WINDOWS\System32\appmgmts.dll
4 catchme File not found: C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\catchme.sys
5 Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
6 i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
7 lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
8 PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
9 PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
10 PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
11 PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
12 PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
13 WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
14 VIDC.NSVI File not found: NSVIDEO.DLL

#10 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,192 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:21 AM

Posted 19 August 2012 - 05:10 PM

Hi,

These files should be re-enabled on Autoruns:

File not found: C:\WINDOWS\System32\Drivers\Changer.sys
File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
File not found: C:\WINDOWS\System32\Drivers\WDICA.sys

I really don't know if disabling them causes any damage but they should be enabled, this is a well know error on Autoruns that can be found on the FAQ #12

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#11 sonrol

sonrol
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 19 August 2012 - 05:53 PM

Hi Rui,

Thank you for all of your assistance. It is genuinely appreciated.

I enabled the processes that you listed in your previous post. Is there anything more that can be tried to correct the original problem of slowness and lockups?

#12 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,192 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:21 AM

Posted 20 August 2012 - 04:50 AM

Hi Rui,

Thank you for all of your assistance. It is genuinely appreciated.

I enabled the processes that you listed in your previous post. Is there anything more that can be tried to correct the original problem of slowness and lockups?


Hi,

At this time i can only do some more questions trying to understand the problem...

- Is the laptop old?
- Did you notice if the Laptop is hotter than before? Can you ear the fans working?
- The machine is always slow or its only on some occasions? Can you associate the problem with specific tasks you do?
- Did you change the Antivirus recently?

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#13 sonrol

sonrol
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 20 August 2012 - 09:52 AM

- Is the laptop old?
The laptop was purchased in 2005. It is 7 years old.

- Did you notice if the Laptop is hotter than before? Can you ear the fans working?
The machine has always run warm. It seemed a little hotter than usual, but not too much. The fan is working. I removed the back cover and vacuumed out all of the dust. The fan is running smoother now.


- The machine is always slow or its only on some occasions? Can you associate the problem with specific tasks you do?
When the machine is first booted it runs ok for an older machine. When I start the browser to check email it is ok. It starts to slow down when I start to use another application and then eventually it locks up and has to be rebooted.

- Did you change the Antivirus recently?
I only use MSE. Have been using it for about 2 years.

#14 SleepyDude

SleepyDude

  • Malware Response Team
  • 3,192 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:09:21 AM

Posted 20 August 2012 - 10:21 AM

- Is the laptop old?
The laptop was purchased in 2005. It is 7 years old.

- Did you notice if the Laptop is hotter than before? Can you ear the fans working?
The machine has always run warm. It seemed a little hotter than usual, but not too much. The fan is working. I removed the back cover and vacuumed out all of the dust. The fan is running smoother now.


- The machine is always slow or its only on some occasions? Can you associate the problem with specific tasks you do?
When the machine is first booted it runs ok for an older machine. When I start the browser to check email it is ok. It starts to slow down when I start to use another application and then eventually it locks up and has to be rebooted.

- Did you change the Antivirus recently?
I only use MSE. Have been using it for about 2 years.


Hi,

Thanks for all the answers, the laptop its a bit old and the fan's can lost performance during time, also the thermal paste between the CPU and the cooler can lost properties and stop doing its job properly.

Try this, download HWMonitor
extract the zip and put the exe inside on your desktop, shutdown the computer and let it rest for about 30 minutes, power on and when you got access to the desktop run HWMonitor_x32 (it can be minimized), use the computer as usual and after a while check the temperatures on HWMonitor, please take a screenshot of the program window and upload to http://tinypic.com, next insert the image URL on your post.

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users