Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% CPU usage all the time


  • Please log in to reply
18 replies to this topic

#1 Caeji1

Caeji1

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 12 November 2012 - 11:06 PM

Hi,
I have a DELL Inspiron 1300 running Windows XP Home Edition. Any time I switch it on it shows 100% CPU usage even when there are no programs running. When I open any browser, Firefox, Opera or IE, it just hangs for a while before coming back. I find it almost impossible to do anything because each time I start a program it just hangs. When it gets back to normal it hangs again after a while.

I am at a loss as to why this is happening. This behaviour just started and has me completely stumped. I would greatly appreciate any help in resolving this matter.

Thanks.

Edited by boopme, 16 November 2012 - 08:37 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:05 PM

Posted 12 November 2012 - 11:17 PM

Hello,let's
Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.



Please Download

TDSSkiller


Launch it. Click on change parameters-Select TDLFS file system

Click on "Scan".
Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results.




Please download AdwCleaner by Xplode onto your desktop.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.



Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Caeji1

Caeji1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 13 November 2012 - 04:26 AM

Thanks for replying Boopme...here are the logs you requested..

TDSSkiller
06:00:59.0062 1536 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
06:00:59.0156 1536 ============================================================
06:00:59.0156 1536 Current date / time: 2012/11/13 06:00:59.0156
06:00:59.0156 1536 SystemInfo:
06:00:59.0156 1536
06:00:59.0156 1536 OS Version: 5.1.2600 ServicePack: 2.0
06:00:59.0156 1536 Product type: Workstation
06:00:59.0156 1536 ComputerName: GAMEBOX
06:00:59.0171 1536 UserName: Yes Boss
06:00:59.0171 1536 Windows directory: C:\WINDOWS
06:00:59.0171 1536 System windows directory: C:\WINDOWS
06:00:59.0171 1536 Processor architecture: Intel x86
06:00:59.0171 1536 Number of processors: 1
06:00:59.0171 1536 Page size: 0x1000
06:00:59.0171 1536 Boot type: Safe boot with network
06:00:59.0171 1536 ============================================================
06:01:03.0359 1536 Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
06:01:03.0484 1536 ============================================================
06:01:03.0484 1536 \Device\Harddisk0\DR0:
06:01:03.0484 1536 MBR partitions:
06:01:03.0484 1536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x4454A6C
06:01:03.0484 1536 ============================================================
06:01:03.0546 1536 C: <-> \Device\Harddisk0\DR0\Partition1
06:01:03.0546 1536 ============================================================
06:01:03.0546 1536 Initialize success
06:01:03.0546 1536 ============================================================
06:02:29.0140 1560 ============================================================
06:02:29.0140 1560 Scan started
06:02:29.0140 1560 Mode: Manual; TDLFS;
06:02:29.0140 1560 ============================================================
06:02:30.0359 1560 ================ Scan system memory ========================
06:02:30.0406 1560 System memory - ok
06:02:30.0484 1560 ================ Scan services =============================
06:02:30.0750 1560 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
06:02:30.0765 1560 !SASCORE - ok
06:02:31.0468 1560 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
06:02:31.0468 1560 Aavmker4 - ok
06:02:31.0609 1560 Abiosdsk - ok
06:02:31.0750 1560 abp480n5 - ok
06:02:31.0890 1560 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
06:02:31.0906 1560 ACPI - ok
06:02:32.0062 1560 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
06:02:32.0078 1560 ACPIEC - ok
06:02:32.0093 1560 adpu160m - ok
06:02:32.0296 1560 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
06:02:32.0312 1560 aec - ok
06:02:32.0437 1560 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
06:02:32.0437 1560 AFD - ok
06:02:32.0578 1560 Aha154x - ok
06:02:32.0718 1560 aic78u2 - ok
06:02:32.0796 1560 aic78xx - ok
06:02:32.0984 1560 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
06:02:32.0984 1560 Alerter - ok
06:02:33.0125 1560 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
06:02:33.0125 1560 ALG - ok
06:02:33.0250 1560 AliIde - ok
06:02:33.0328 1560 amsint - ok
06:02:33.0468 1560 AppMgmt - ok
06:02:33.0625 1560 asc - ok
06:02:33.0703 1560 asc3350p - ok
06:02:33.0843 1560 asc3550 - ok
06:02:34.0578 1560 [ D33C507942299753868204CC7642FA27 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
06:02:34.0609 1560 aspnet_state - ok
06:02:34.0750 1560 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
06:02:34.0750 1560 aswFsBlk - ok
06:02:34.0859 1560 [ E2FEE0486D68BF85355D3EDA1A24FF68 ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
06:02:34.0875 1560 aswKbd - ok
06:02:35.0031 1560 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
06:02:35.0046 1560 aswMon2 - ok
06:02:35.0171 1560 [ 7C9F0A2AB17D52261A9252A2EB320884 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
06:02:35.0171 1560 aswRdr - ok
06:02:35.0406 1560 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
06:02:35.0468 1560 aswSnx - ok
06:02:35.0703 1560 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
06:02:35.0781 1560 aswSP - ok
06:02:35.0890 1560 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
06:02:35.0906 1560 aswTdi - ok
06:02:36.0000 1560 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
06:02:36.0015 1560 AsyncMac - ok
06:02:36.0187 1560 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
06:02:36.0187 1560 atapi - ok
06:02:36.0343 1560 Atdisk - ok
06:02:36.0515 1560 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
06:02:36.0531 1560 Atmarpc - ok
06:02:36.0656 1560 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
06:02:36.0656 1560 AudioSrv - ok
06:02:36.0843 1560 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
06:02:36.0859 1560 audstub - ok
06:02:37.0093 1560 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
06:02:37.0140 1560 avast! Antivirus - ok
06:02:37.0343 1560 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwdx C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
06:02:37.0343 1560 Avgfwdx - ok
06:02:37.0484 1560 [ 8BE661C16FBF84A73BCEC84B6B4A9DB5 ] Avgfwfd C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
06:02:37.0484 1560 Avgfwfd - ok
06:02:37.0625 1560 AVGIDSHX - ok
06:02:37.0765 1560 AVGIDSShim - ok
06:02:37.0859 1560 [ 87E88A36279C8E5869270CC87F5BB7CD ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
06:02:37.0906 1560 Avglogx - ok
06:02:38.0156 1560 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
06:02:38.0156 1560 Beep - ok
06:02:38.0359 1560 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
06:02:38.0531 1560 BITS - ok
06:02:38.0718 1560 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
06:02:38.0734 1560 Browser - ok
06:02:38.0843 1560 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
06:02:38.0843 1560 cbidf2k - ok
06:02:38.0984 1560 cd20xrnt - ok
06:02:39.0125 1560 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
06:02:39.0125 1560 Cdaudio - ok
06:02:39.0250 1560 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
06:02:39.0265 1560 Cdfs - ok
06:02:39.0437 1560 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
06:02:39.0437 1560 Cdrom - ok
06:02:39.0484 1560 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
06:02:39.0484 1560 cercsr6 - ok
06:02:39.0609 1560 Changer - ok
06:02:39.0781 1560 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
06:02:39.0781 1560 CiSvc - ok
06:02:39.0906 1560 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
06:02:39.0921 1560 ClipSrv - ok
06:02:40.0140 1560 [ 3C4D595E7F9B747325AEF28B4ADCAAE5 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:02:40.0406 1560 clr_optimization_v2.0.50727_32 - ok
06:02:40.0609 1560 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
06:02:40.0625 1560 CmBatt - ok
06:02:40.0765 1560 CmdIde - ok
06:02:40.0984 1560 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
06:02:40.0984 1560 Compbatt - ok
06:02:41.0140 1560 COMSysApp - ok
06:02:41.0421 1560 Cpqarray - ok
06:02:41.0546 1560 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
06:02:41.0562 1560 CryptSvc - ok
06:02:41.0656 1560 dac2w2k - ok
06:02:41.0812 1560 dac960nt - ok
06:02:41.0937 1560 [ 5C83A4408604F737717AB96371201680 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
06:02:41.0984 1560 DcomLaunch - ok
06:02:42.0140 1560 [ 637CF50B06BC53DEAE846B252D56BBDC ] DellBIOS C:\WINDOWS\DellBIOS.Sys
06:02:42.0156 1560 DellBIOS - ok
06:02:42.0296 1560 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
06:02:42.0312 1560 Dhcp - ok
06:02:42.0343 1560 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
06:02:42.0343 1560 Disk - ok
06:02:42.0500 1560 dmadmin - ok
06:02:42.0718 1560 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
06:02:42.0796 1560 dmboot - ok
06:02:42.0906 1560 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
06:02:42.0906 1560 dmio - ok
06:02:43.0109 1560 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
06:02:43.0109 1560 dmload - ok
06:02:43.0203 1560 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
06:02:43.0218 1560 dmserver - ok
06:02:43.0406 1560 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
06:02:43.0406 1560 DMusic - ok
06:02:43.0515 1560 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
06:02:43.0515 1560 Dnscache - ok
06:02:43.0593 1560 dpti2o - ok
06:02:43.0734 1560 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
06:02:43.0734 1560 drmkaud - ok
06:02:43.0937 1560 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
06:02:43.0953 1560 ERSvc - ok
06:02:44.0093 1560 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] Eventlog C:\WINDOWS\system32\services.exe
06:02:44.0109 1560 Eventlog - ok
06:02:44.0265 1560 [ ACD36A2DD7D1E9D8A060AA651DC07E63 ] EventSystem C:\WINDOWS\system32\es.dll
06:02:44.0281 1560 EventSystem - ok
06:02:44.0437 1560 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
06:02:44.0500 1560 Fastfat - ok
06:02:44.0640 1560 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
06:02:44.0671 1560 FastUserSwitchingCompatibility - ok
06:02:44.0812 1560 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
06:02:44.0828 1560 Fdc - ok
06:02:44.0968 1560 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
06:02:44.0968 1560 Fips - ok
06:02:45.0109 1560 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
06:02:45.0109 1560 Flpydisk - ok
06:02:45.0296 1560 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
06:02:45.0312 1560 FltMgr - ok
06:02:45.0343 1560 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
06:02:45.0359 1560 Fs_Rec - ok
06:02:45.0515 1560 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
06:02:45.0515 1560 Ftdisk - ok
06:02:45.0671 1560 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
06:02:45.0671 1560 Gpc - ok
06:02:45.0890 1560 [ E31363D186B3E1D7C4E9117884A6AEE5 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
06:02:45.0890 1560 HDAudBus - ok
06:02:45.0937 1560 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
06:02:45.0937 1560 helpsvc - ok
06:02:46.0062 1560 HidServ - ok
06:02:46.0234 1560 hpn - ok
06:02:46.0515 1560 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
06:02:46.0640 1560 HSF_DPV - ok
06:02:46.0843 1560 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
06:02:46.0906 1560 HSXHWAZL - ok
06:02:47.0140 1560 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
06:02:47.0234 1560 HTTP - ok
06:02:47.0343 1560 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
06:02:47.0359 1560 HTTPFilter - ok
06:02:47.0468 1560 i2omgmt - ok
06:02:47.0546 1560 i2omp - ok
06:02:47.0718 1560 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
06:02:47.0718 1560 i8042prt - ok
06:02:48.0000 1560 [ D705558B6A678E894C5C67430EEF67A2 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
06:02:48.0156 1560 ialm - ok
06:02:48.0437 1560 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
06:02:48.0437 1560 Imapi - ok
06:02:48.0593 1560 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
06:02:48.0625 1560 ImapiService - ok
06:02:48.0828 1560 ini910u - ok
06:02:49.0000 1560 [ 2D722B2B54AB55B2FA475EB58D7B2AAD ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
06:02:49.0000 1560 IntelIde - ok
06:02:49.0140 1560 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
06:02:49.0140 1560 intelppm - ok
06:02:49.0312 1560 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
06:02:49.0328 1560 Ip6Fw - ok
06:02:49.0500 1560 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
06:02:49.0515 1560 IpFilterDriver - ok
06:02:49.0593 1560 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
06:02:49.0593 1560 IpInIp - ok
06:02:49.0703 1560 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
06:02:49.0703 1560 IpNat - ok
06:02:49.0843 1560 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
06:02:49.0859 1560 IPSec - ok
06:02:50.0046 1560 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
06:02:50.0062 1560 IRENUM - ok
06:02:50.0218 1560 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
06:02:50.0218 1560 isapnp - ok
06:02:50.0390 1560 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
06:02:50.0390 1560 Kbdclass - ok
06:02:50.0562 1560 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
06:02:50.0578 1560 kmixer - ok
06:02:50.0687 1560 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
06:02:50.0703 1560 KSecDD - ok
06:02:50.0843 1560 [ 93D32468D34E000CB3407947D1D6E22A ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
06:02:50.0875 1560 lanmanserver - ok
06:02:51.0046 1560 [ 2C0A7B2AE9C26F2C163627679B42783C ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
06:02:51.0125 1560 lanmanworkstation - ok
06:02:51.0265 1560 lbrtfdc - ok
06:02:51.0531 1560 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
06:02:51.0531 1560 LmHosts - ok
06:02:51.0671 1560 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
06:02:51.0671 1560 MBAMProtector - ok
06:02:51.0953 1560 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
06:02:51.0984 1560 MBAMScheduler - ok
06:02:52.0265 1560 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
06:02:52.0343 1560 MBAMService - ok
06:02:52.0531 1560 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
06:02:52.0531 1560 MBAMSwissArmy - ok
06:02:52.0656 1560 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
06:02:52.0671 1560 mdmxsdk - ok
06:02:52.0812 1560 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
06:02:52.0828 1560 Messenger - ok
06:02:52.0984 1560 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
06:02:52.0984 1560 mnmdd - ok
06:02:53.0140 1560 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
06:02:53.0156 1560 mnmsrvc - ok
06:02:53.0281 1560 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
06:02:53.0296 1560 Modem - ok
06:02:53.0406 1560 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
06:02:53.0421 1560 Mouclass - ok
06:02:53.0578 1560 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
06:02:53.0578 1560 MountMgr - ok
06:02:53.0703 1560 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
06:02:53.0734 1560 MozillaMaintenance - ok
06:02:53.0875 1560 mraid35x - ok
06:02:54.0031 1560 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
06:02:54.0046 1560 MRxDAV - ok
06:02:54.0281 1560 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
06:02:54.0328 1560 MRxSmb - ok
06:02:54.0453 1560 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
06:02:54.0500 1560 MSDTC - ok
06:02:54.0640 1560 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
06:02:54.0640 1560 Msfs - ok
06:02:54.0781 1560 MSIServer - ok
06:02:54.0921 1560 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
06:02:54.0921 1560 MSKSSRV - ok
06:02:55.0015 1560 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
06:02:55.0015 1560 MSPCLOCK - ok
06:02:55.0093 1560 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
06:02:55.0093 1560 MSPQM - ok
06:02:55.0296 1560 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
06:02:55.0296 1560 mssmbios - ok
06:02:55.0406 1560 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
06:02:55.0421 1560 Mup - ok
06:02:55.0578 1560 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
06:02:55.0593 1560 NDIS - ok
06:02:55.0671 1560 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
06:02:55.0671 1560 NdisTapi - ok
06:02:55.0828 1560 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
06:02:55.0828 1560 Ndisuio - ok
06:02:55.0968 1560 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
06:02:55.0968 1560 NdisWan - ok
06:02:56.0125 1560 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
06:02:56.0140 1560 NDProxy - ok
06:02:56.0281 1560 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
06:02:56.0281 1560 NetBIOS - ok
06:02:56.0406 1560 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
06:02:56.0406 1560 NetBT - ok
06:02:56.0562 1560 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
06:02:56.0578 1560 NetDDE - ok
06:02:56.0687 1560 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
06:02:56.0703 1560 NetDDEdsdm - ok
06:02:56.0875 1560 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
06:02:56.0890 1560 Netlogon - ok
06:02:57.0031 1560 [ DAB9E6C7105D2EF49876FE92C524F565 ] Netman C:\WINDOWS\System32\netman.dll
06:02:57.0062 1560 Netman - ok
06:02:57.0250 1560 [ 4E74AF063C3271FBEA20DD940CFD1184 ] Nla C:\WINDOWS\System32\mswsock.dll
06:02:57.0281 1560 Nla - ok
06:02:57.0375 1560 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
06:02:57.0390 1560 Npfs - ok
06:02:57.0562 1560 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
06:02:57.0625 1560 Ntfs - ok
06:02:57.0703 1560 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
06:02:57.0718 1560 NtLmSsp - ok
06:02:57.0843 1560 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
06:02:57.0921 1560 NtmsSvc - ok
06:02:58.0093 1560 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
06:02:58.0093 1560 Null - ok
06:02:58.0312 1560 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
06:02:58.0312 1560 NwlnkFlt - ok
06:02:58.0453 1560 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
06:02:58.0453 1560 NwlnkFwd - ok
06:02:58.0656 1560 [ 4E651808B35656AC88A4DCDAF6CC1169 ] NWUSBModem C:\WINDOWS\system32\DRIVERS\nwusbmdm.sys
06:02:58.0671 1560 NWUSBModem - ok
06:02:58.0765 1560 [ 4E651808B35656AC88A4DCDAF6CC1169 ] NWUSBPort C:\WINDOWS\system32\DRIVERS\nwusbser.sys
06:02:58.0765 1560 NWUSBPort - ok
06:02:58.0843 1560 [ 4E651808B35656AC88A4DCDAF6CC1169 ] NWUSBPort2 C:\WINDOWS\system32\DRIVERS\nwusbser2.sys
06:02:58.0859 1560 NWUSBPort2 - ok
06:02:59.0031 1560 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
06:02:59.0031 1560 Parport - ok
06:02:59.0171 1560 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
06:02:59.0171 1560 PartMgr - ok
06:02:59.0359 1560 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
06:02:59.0359 1560 ParVdm - ok
06:02:59.0468 1560 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
06:02:59.0484 1560 PCI - ok
06:02:59.0625 1560 PCIDump - ok
06:02:59.0812 1560 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
06:02:59.0812 1560 PCIIde - ok
06:02:59.0968 1560 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
06:02:59.0968 1560 Pcmcia - ok
06:03:00.0015 1560 PDCOMP - ok
06:03:00.0156 1560 PDFRAME - ok
06:03:00.0328 1560 PDRELI - ok
06:03:00.0468 1560 PDRFRAME - ok
06:03:00.0609 1560 perc2 - ok
06:03:00.0687 1560 perc2hib - ok
06:03:01.0078 1560 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] PlugPlay C:\WINDOWS\system32\services.exe
06:03:01.0093 1560 PlugPlay - ok
06:03:01.0203 1560 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
06:03:01.0218 1560 PolicyAgent - ok
06:03:01.0328 1560 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
06:03:01.0343 1560 PptpMiniport - ok
06:03:01.0453 1560 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
06:03:01.0468 1560 ProtectedStorage - ok
06:03:01.0609 1560 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
06:03:01.0609 1560 PSched - ok
06:03:01.0765 1560 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
06:03:01.0765 1560 Ptilink - ok
06:03:01.0906 1560 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
06:03:01.0906 1560 PxHelp20 - ok
06:03:02.0000 1560 ql1080 - ok
06:03:02.0140 1560 Ql10wnt - ok
06:03:02.0218 1560 ql12160 - ok
06:03:02.0375 1560 ql1240 - ok
06:03:02.0453 1560 ql1280 - ok
06:03:02.0625 1560 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
06:03:02.0625 1560 RasAcd - ok
06:03:02.0781 1560 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
06:03:02.0796 1560 RasAuto - ok
06:03:02.0953 1560 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
06:03:02.0953 1560 Rasl2tp - ok
06:03:03.0093 1560 [ 41A3C11E3517C962C9B44893BCEC3B34 ] RasMan C:\WINDOWS\System32\rasmans.dll
06:03:03.0109 1560 RasMan - ok
06:03:03.0250 1560 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
06:03:03.0250 1560 RasPppoe - ok
06:03:03.0328 1560 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
06:03:03.0328 1560 Raspti - ok
06:03:03.0531 1560 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
06:03:03.0531 1560 Rdbss - ok
06:03:03.0640 1560 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
06:03:03.0656 1560 RDPCDD - ok
06:03:04.0000 1560 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
06:03:04.0015 1560 RDPWD - ok
06:03:04.0171 1560 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
06:03:04.0265 1560 RDSessMgr - ok
06:03:04.0484 1560 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
06:03:04.0484 1560 redbook - ok
06:03:04.0625 1560 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
06:03:04.0640 1560 RemoteAccess - ok
06:03:04.0781 1560 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
06:03:04.0796 1560 RpcLocator - ok
06:03:05.0000 1560 [ 5C83A4408604F737717AB96371201680 ] RpcSs C:\WINDOWS\system32\rpcss.dll
06:03:05.0031 1560 RpcSs - ok
06:03:05.0265 1560 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
06:03:05.0281 1560 RSVP - ok
06:03:05.0406 1560 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
06:03:05.0421 1560 SamSs - ok
06:03:05.0562 1560 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
06:03:05.0562 1560 SASDIFSV - ok
06:03:05.0703 1560 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
06:03:05.0703 1560 SASKUTIL - ok
06:03:05.0875 1560 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
06:03:05.0906 1560 SCardSvr - ok
06:03:05.0984 1560 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
06:03:06.0015 1560 Schedule - ok
06:03:06.0125 1560 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
06:03:06.0125 1560 Secdrv - ok
06:03:06.0281 1560 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
06:03:06.0296 1560 seclogon - ok
06:03:06.0375 1560 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
06:03:06.0390 1560 SENS - ok
06:03:06.0484 1560 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
06:03:06.0484 1560 Serial - ok
06:03:06.0625 1560 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
06:03:06.0640 1560 Sfloppy - ok
06:03:06.0812 1560 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
06:03:06.0875 1560 SharedAccess - ok
06:03:07.0062 1560 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
06:03:07.0078 1560 ShellHWDetection - ok
06:03:07.0203 1560 Simbad - ok
06:03:07.0343 1560 Sparrow - ok
06:03:07.0500 1560 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
06:03:07.0515 1560 splitter - ok
06:03:07.0671 1560 [ 7435B108B935E42EA92CA94F59C8E717 ] Spooler C:\WINDOWS\system32\spoolsv.exe
06:03:07.0687 1560 Spooler - ok
06:03:07.0828 1560 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
06:03:07.0843 1560 sr - ok
06:03:07.0921 1560 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
06:03:07.0937 1560 srservice - ok
06:03:08.0093 1560 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
06:03:08.0125 1560 Srv - ok
06:03:08.0250 1560 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
06:03:08.0265 1560 SSDPSRV - ok
06:03:08.0531 1560 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
06:03:08.0640 1560 STHDA - ok
06:03:08.0828 1560 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
06:03:08.0875 1560 stisvc - ok
06:03:08.0984 1560 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
06:03:08.0984 1560 swenum - ok
06:03:09.0156 1560 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
06:03:09.0171 1560 swmidi - ok
06:03:09.0296 1560 SwPrv - ok
06:03:09.0375 1560 symc810 - ok
06:03:09.0515 1560 symc8xx - ok
06:03:09.0593 1560 sym_hi - ok
06:03:09.0734 1560 sym_u3 - ok
06:03:10.0031 1560 [ FA2DAA32BED908023272A0F77D625DAE ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
06:03:10.0046 1560 SynTP - ok
06:03:10.0140 1560 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
06:03:10.0140 1560 sysaudio - ok
06:03:10.0343 1560 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
06:03:10.0359 1560 SysmonLog - ok
06:03:10.0453 1560 [ EB4A4187D74A8EFDCBEA3EA2CB1BDFBD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
06:03:10.0468 1560 TapiSrv - ok
06:03:10.0625 1560 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
06:03:10.0687 1560 Tcpip - ok
06:03:10.0843 1560 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
06:03:10.0843 1560 TDPIPE - ok
06:03:10.0984 1560 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
06:03:10.0984 1560 TDTCP - ok
06:03:11.0125 1560 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
06:03:11.0140 1560 TermDD - ok
06:03:11.0281 1560 [ B60C877D16D9C880B952FDA04ADF16E6 ] TermService C:\WINDOWS\System32\termsrv.dll
06:03:11.0312 1560 TermService - ok
06:03:11.0453 1560 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
06:03:11.0468 1560 Themes - ok
06:03:11.0593 1560 TosIde - ok
06:03:11.0703 1560 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
06:03:11.0765 1560 TrkWks - ok
06:03:11.0968 1560 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
06:03:12.0000 1560 Udfs - ok
06:03:12.0140 1560 UIUSys - ok
06:03:12.0296 1560 ultra - ok
06:03:12.0375 1560 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
06:03:12.0390 1560 Update - ok
06:03:12.0562 1560 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
06:03:12.0578 1560 upnphost - ok
06:03:12.0718 1560 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
06:03:12.0734 1560 UPS - ok
06:03:12.0968 1560 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
06:03:12.0984 1560 usbccgp - ok
06:03:13.0109 1560 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
06:03:13.0125 1560 usbehci - ok
06:03:13.0296 1560 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
06:03:13.0296 1560 usbhub - ok
06:03:13.0468 1560 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
06:03:13.0484 1560 USBSTOR - ok
06:03:13.0625 1560 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
06:03:13.0640 1560 usbuhci - ok
06:03:13.0718 1560 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
06:03:13.0734 1560 VgaSave - ok
06:03:13.0875 1560 ViaIde - ok
06:03:14.0015 1560 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
06:03:14.0015 1560 VolSnap - ok
06:03:14.0156 1560 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
06:03:14.0203 1560 VSS - ok
06:03:14.0375 1560 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
06:03:14.0406 1560 W32Time - ok
06:03:14.0625 1560 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
06:03:14.0625 1560 Wanarp - ok
06:03:14.0765 1560 WDICA - ok
06:03:14.0875 1560 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
06:03:14.0890 1560 wdmaud - ok
06:03:15.0031 1560 [ 5D0A442864BFBF3B19DCCA4CD29F6E99 ] WebClient C:\WINDOWS\System32\webclnt.dll
06:03:15.0046 1560 WebClient - ok
06:03:15.0296 1560 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
06:03:15.0359 1560 winachsf - ok
06:03:15.0578 1560 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
06:03:15.0593 1560 winmgmt - ok
06:03:15.0859 1560 [ C086483E3DBA8C1C0A687EC8D5B3D4C1 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
06:03:15.0859 1560 WmdmPmSN - ok
06:03:16.0093 1560 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
06:03:16.0109 1560 WmiApSrv - ok
06:03:16.0328 1560 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
06:03:16.0343 1560 wscsvc - ok
06:03:16.0515 1560 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
06:03:16.0578 1560 wuauserv - ok
06:03:16.0765 1560 [ 5A91E6FEAB9F901302FA7FF768C0120F ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
06:03:16.0812 1560 WZCSVC - ok
06:03:16.0953 1560 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
06:03:16.0984 1560 xmlprov - ok
06:03:17.0015 1560 ================ Scan global ===============================
06:03:17.0125 1560 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
06:03:17.0203 1560 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
06:03:17.0375 1560 [ 442D0EAD5534E4ADCF6D4469043C82C0 ] C:\WINDOWS\system32\winsrv.dll
06:03:17.0421 1560 [ C6CE6EEC82F187615D1002BB3BB50ED4 ] C:\WINDOWS\system32\services.exe
06:03:17.0437 1560 [Global] - ok
06:03:17.0500 1560 ================ Scan MBR ==================================
06:03:17.0515 1560 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
06:03:18.0281 1560 \Device\Harddisk0\DR0 - ok
06:03:18.0375 1560 ================ Scan VBR ==================================
06:03:18.0421 1560 [ C34B7066DA0B3999F644AD7226606C4D ] \Device\Harddisk0\DR0\Partition1
06:03:18.0437 1560 \Device\Harddisk0\DR0\Partition1 - ok
06:03:18.0500 1560 ============================================================
06:03:18.0500 1560 Scan finished
06:03:18.0500 1560 ============================================================
06:03:18.0796 1552 Detected object count: 0
06:03:18.0796 1552 Actual detected object count: 0

AdwCleaner

# AdwCleaner v2.007 - Logfile created 11/13/2012 at 06:06:42
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Yes Boss - GAMEBOX
# Boot Mode : Safe mode with networking
# Running from : C:\Documents and Settings\Yes Boss\Desktop\Temp\BleCom\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Documents and Settings\Yes Boss\Application Data\Mozilla\Firefox\Profiles\ole0mqs7.default\prefs.js

[OK] File is clean.

-\\ Opera v12.0.1467.0

File : C:\Documents and Settings\Yes Boss\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [903 octets] - [13/11/2012 06:06:42]

########## EOF - C:\AdwCleaner[S2].txt - [962 octets] ##########

RKill

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/13/2012 09:47:47 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Automatic Updates (wuauserv) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 11/13/2012 10:08:06 AM
Execution time: 0 hours(s), 20 minute(s), and 19 seconds(s)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:05 PM

Posted 13 November 2012 - 12:47 PM

Pleasde run 2 more ...Normal mode os OK

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.




Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 smerffed

smerffed

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hanover, PA, US
  • Local time:08:05 PM

Posted 13 November 2012 - 01:17 PM

Download process explorer and check to see if your i/o hardware interrupts process is high. Task manager doesn't show this process.

#6 Caeji1

Caeji1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 14 November 2012 - 10:01 AM

Thanks again Boopme...

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-14 09:12:33
-----------------------------
09:12:33.328 OS Version: Windows 5.1.2600 Service Pack 2
09:12:33.328 Number of processors: 1 586 0xD08
09:12:33.343 ComputerName: GAMEBOX UserName:
09:12:35.468 Initialize success
09:12:41.375 AVAST engine defs: 12111301
09:13:25.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
09:13:25.328 Disk 0 Vendor: FUJITSU_MHV2040AH 00000096 Size: 38154MB BusType: 3
09:13:25.390 Disk 0 MBR read successfully
09:13:25.390 Disk 0 MBR scan
09:13:25.421 Disk 0 Windows XP default MBR code
09:13:25.421 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
09:13:25.484 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 34985 MB offset 176715
09:13:25.546 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3074 MB offset 71826615
09:13:25.578 Disk 0 scanning sectors +78124095
09:13:25.765 Disk 0 scanning C:\WINDOWS\system32\drivers
09:15:46.921 Service scanning
09:20:42.328 Modules scanning
09:23:19.531 Disk 0 trace - called modules:
09:23:20.187 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
09:23:20.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89896ab8]
09:23:20.234 3 CLASSPNP.SYS[ba8e905b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8986bd98]
09:23:21.281 AVAST engine scan C:\WINDOWS
09:23:29.062 AVAST engine scan C:\WINDOWS\system32
09:50:03.218 AVAST engine scan C:\WINDOWS\system32\drivers
09:56:03.375 AVAST engine scan C:\Documents and Settings\Yes Boss
11:59:51.218 AVAST engine scan C:\Documents and Settings\All Users
12:02:23.171 Scan finished successfully
12:02:50.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Yes Boss\Desktop\MBR.dat"
12:02:50.906 The log file has been saved successfully to "C:\Documents and Settings\Yes Boss\Desktop\aswMBR.txt"


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/14/2012 at 03:03 PM

Application Version : 5.6.1012

Core Rules Database Version : 9581
Trace Rules Database Version: 7393

Scan type : Complete Scan
Total Scan Time : 01:33:42

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 403
Memory threats detected : 0
Registry items scanned : 34872
Registry threats detected : 0
File items scanned : 22821
File threats detected : 6

Adware.Tracking Cookie
C:\Documents and Settings\Yes Boss\Cookies\yes_boss@doubleclick[2].txt [ /doubleclick ]
accounts.google.com [ C:\DOCUMENTS AND SETTINGS\YES BOSS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OLE0MQS7.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\YES BOSS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OLE0MQS7.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\YES BOSS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OLE0MQS7.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\DOCUMENTS AND SETTINGS\YES BOSS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OLE0MQS7.DEFAULT\COOKIES.SQLITE ]
.premiumtv.122.2o7.net [ C:\DOCUMENTS AND SETTINGS\YES BOSS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\OLE0MQS7.DEFAULT\COOKIES.SQLITE ]

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:05 PM

Posted 15 November 2012 - 11:30 AM

Download process explorer and check to see if your i/o hardware interrupts process is high. Task manager doesn't show this process.

Run this as sugessted
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Caeji1

Caeji1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 15 November 2012 - 12:24 PM

Forgive me but I have no idea what this means or for that matter how to "check to see if your i/o hardware interrupts process is high"..

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:05 PM

Posted 15 November 2012 - 08:23 PM

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Post the content in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Caeji1

Caeji1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 16 November 2012 - 11:14 AM

Thanks for explaining boopme...this is the log you requested

Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 70.00 0 K 28 K
System 4 1.43 0 K 256 K
Interrupts n/a 15.71 0 K 0 K Hardware Interrupts and DPCs
smss.exe 504 172 K 408 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 552 1,476 K 3,456 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 580 5,976 K 2,992 K Windows NT Logon Application Microsoft Corporation winlogon.exe
services.exe 624 4,580 K 7,472 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
svchost.exe 784 5,148 K 6,440 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k DcomLaunch
Phoenix.exe 548 1.43 5,664 K 10,124 K NVTL Phoenix MFC Application Novatel Wireless Inc. "C:\Program Files\Novatel Wireless\Mobilink\Phoenix.exe" -Embedding
wmiprvse.exe 904 5,084 K 7,076 K
svchost.exe 920 3,864 K 5,944 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k rpcss
svchost.exe 972 2.86 14,476 K 20,792 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe 1032 3,492 K 5,124 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe 1076 3,936 K 6,528 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
AvastSvc.exe 1168 19,044 K 41,008 K avast! Service AVAST Software "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
mbamscheduler.exe 1324 2,932 K 4,996 K Malwarebytes Anti-Malware Malwarebytes Corporation "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe"
mbamservice.exe 1380 104,088 K 102,276 K Malwarebytes Anti-Malware Malwarebytes Corporation "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
mbamgui.exe 1608 3,400 K 5,784 K Malwarebytes Anti-Malware Malwarebytes Corporation "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
alg.exe 2024 3,144 K 4,892 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
lsass.exe 636 6,216 K 1,004 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
explorer.exe 1620 2.86 20,344 K 12,408 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
twtcl.exe 164 4,020 K 6,512 K Desktop Twitter Twitter Brooks ltd. "C:\Program Files\Desktop Twitter\twtcl.exe"
Lite.exe 188 7,392 K 8,188 K Mobilink Lite Novatel Wireless "C:\Program Files\Novatel Wireless\MobiLink\Lite.exe"
AvastUI.exe 264 9,884 K 5,344 K avast! Antivirus AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe"
firefox.exe 3568 4.29 364,948 K 252,036 K Firefox Mozilla Corporation "C:\Program Files\Mozilla Firefox\firefox.exe"
taskmgr.exe 2732 3,548 K 1,496 K Windows TaskManager Microsoft Corporation C:\WINDOWS\system32\taskmgr.exe
procexp.exe 3640 1.43 14,836 K 18,984 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\Yes Boss\Desktop\ProXP\procexp.exe"

Process: System Idle Process Pid: 0

Type Name

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,199 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:05 PM

Posted 16 November 2012 - 08:37 PM

I am moving this to XP as I suspect it is not malware.One of the staff there may have a better idea what to try next.

I am moving this to XP as I suspect it is not malware. One of the staff there may have a better idea what to try next.
I thought smerfed wanted to see that last log.

Edited by boopme, 16 November 2012 - 08:39 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Nanobyte

Nanobyte

  • Members
  • 431 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 16 November 2012 - 10:37 PM

I don't know if there is any easy way to show the PE log because anything 0 in the process is not included. To display CPU easily, I copied the text and saved as a text file. Then I replaced <space>K with K and imported into Excel with a space as the delimiter. Although screwed up, all the non-zero CPU usages are on the right side of that column. Not pretty but more legible. The other columns are displaced of course wherever there is a non-zero CPU.

#13 hamluis

hamluis

    Moderator


  • Moderator
  • 55,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:05 PM

Posted 17 November 2012 - 11:55 AM

Sounds like...possible overheating and/or insufficient free space on Windows.

Can you boot into safe mode?

Can you check the CPU temp in the BIOS?

You are running IE6 and only XP, SP2. Did you recently try to reinstall Windows?

If you can boot into safe mode...try the following:

Please download MiniToolBox , save it to your desktop and run it.

Checkmark the following checkboxes:
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size.

Click Go and paste the content into your next post.

Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 .

Louis

#14 Caeji1

Caeji1
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:05 AM

Posted 18 November 2012 - 07:22 AM

Hello Louis..thanks for replying...i went into the BIOS but could not find anywhere to check the CPU temperature...looked several times but could not find it...yes I can boot into safe mode..I am running XP SP2 with IE 8 and Firefox 16..and yes I recently reinstalled Windows..and updated the drivers too..

This is the MiniToolBox result:

MiniToolBox by Farbar Version: 10-11-2012 02
Ran by Yes Boss (administrator) on 18-11-2012 at 12:43:06
Microsoft Windows XP Service Pack 2 (X86)
Boot Mode: Network
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/18/2012 06:11:38 AM) (Source: Application Error) (User: )
Description: Faulting application phoenix.exe, version 2.2.29.8, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000106c3.
Processing media-specific event for [phoenix.exe!ws!]

Error: (10/23/2012 08:58:19 AM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module ieframe.dll, version 8.0.6001.18702, fault address 0x00247dc2.
Processing media-specific event for [iexplore.exe!ws!]

Error: (10/22/2012 05:28:13 PM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.140, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/18/2012 02:18:49 PM) (Source: MsiInstaller) (User: GAMEBOX)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallation(0xE0010057): Driver installation failed

Error: (10/18/2012 02:18:49 PM) (Source: MsiInstaller) (User: GAMEBOX)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error: (10/18/2012 02:00:37 PM) (Source: MsiInstaller) (User: GAMEBOX)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1704. SA_Error1704: StandardAction(0xC00706A8): An installation for AVG 2013 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (10/18/2012 00:41:42 PM) (Source: MsiInstaller) (User: GAMEBOX)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1327. SA_Error1327: StandardAction(0xC007052F): Invalid Drive: F:\

Error: (10/11/2012 09:37:37 AM) (Source: Application Error) (User: )
Description: Faulting application marine~1.scr, version 0.0.0.3, faulting module marine~1.scr, version 0.0.0.3, fault address 0x00009525.
Processing media-specific event for [marine~1.scr!ws!]

Error: (10/11/2012 05:28:18 AM) (Source: Application Error) (User: )
Description: Faulting application cc.exe, version 0.0.0.0, faulting module kernel32.dll, version 5.1.2600.2180, fault address 0x0001eb33.
Processing media-specific event for [cc.exe!ws!]

Error: (10/11/2012 04:52:56 AM) (Source: Application Error) (User: )
Description: Faulting application pes2011.exe, version 1.1.0.0, faulting module pes2011.exe, version 1.1.0.0, fault address 0x00c6c238.
Processing media-specific event for [pes2011.exe!ws!]


System errors:
=============
Error: (11/18/2012 00:42:18 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Aavmker4
aswSnx
aswSP
aswTdi
AVGIDSShim
Fips
intelppm
SASDIFSV
SASKUTIL

Error: (11/18/2012 00:41:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/18/2012 10:47:22 AM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service failed to start due to the following error:
%%1053

Error: (11/18/2012 10:47:10 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

Error: (11/18/2012 10:46:26 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSShim

Error: (11/18/2012 08:39:25 AM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053

Error: (11/18/2012 08:39:25 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.

Error: (11/18/2012 08:39:10 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSShim

Error: (11/18/2012 08:31:43 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSShim

Error: (11/18/2012 08:25:08 AM) (Source: Service Control Manager) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (11/18/2012 06:11:38 AM) (Source: Application Error)(User: )
Description: phoenix.exe2.2.29.8ntdll.dll5.1.2600.2180000106c3

Error: (10/23/2012 08:58:19 AM) (Source: Application Error)(User: )
Description: iexplore.exe8.0.6001.18702ieframe.dll8.0.6001.1870200247dc2

Error: (10/22/2012 05:28:13 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.62.0.140hungapp0.0.0.000000000

Error: (10/18/2012 02:18:49 PM) (Source: MsiInstaller)(User: GAMEBOX)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallation(0xE0010057): Driver installation failed(NULL)(NULL)(NULL)

Error: (10/18/2012 02:18:49 PM) (Source: MsiInstaller)(User: GAMEBOX)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed(NULL)(NULL)(NULL)

Error: (10/18/2012 02:00:37 PM) (Source: MsiInstaller)(User: GAMEBOX)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error 1704. SA_Error1704: StandardAction(0xC00706A8): An installation for AVG 2013 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)

Error: (10/18/2012 00:41:42 PM) (Source: MsiInstaller)(User: GAMEBOX)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2013 -- Error 1327. SA_Error1327: StandardAction(0xC007052F): Invalid Drive: F:\(NULL)(NULL)(NULL)

Error: (10/11/2012 09:37:37 AM) (Source: Application Error)(User: )
Description: marine~1.scr0.0.0.3marine~1.scr0.0.0.300009525

Error: (10/11/2012 05:28:18 AM) (Source: Application Error)(User: )
Description: cc.exe0.0.0.0kernel32.dll5.1.2600.21800001eb33

Error: (10/11/2012 04:52:56 AM) (Source: Application Error)(User: )
Description: pes2011.exe1.1.0.0pes2011.exe1.1.0.000c6c238


=========================== Installed Programs ============================

AAC Decoder (Version: 7.1.0)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader 7.0.7 (Version: 7.0.7)
Angry Birds (Version: 2.1.0)
Angry Birds Rio (Version: 1.4.0)
Angry Birds Space (Version: 1.0.0)
AutoUpdate (Version: 1.1)
avast! Pro Antivirus (Version: 7.0.1474.0)
Ben 10 Alien Force
Broadcom Management Programs (Version: 10.15.03)
BurnAware Free 3.1.6
Conexant HDA D110 MDC V.92 Modem
Deluxe Pacman version 1.94 (Version: 1.94)
Deus Ex - Game of the Year Edition
Digital Line Detect (Version: 1.15)
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.0.0)
DivX Player (Version: 7.0.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.0.0.19)
DivX Web Player (Version: 1.4.2)
Duke Nukem - Manhattan Project
Epubor PDF DRM Removal 1.4
ESET Online Scanner v3
Follow The Dragon (Version: 1.0.0)
H.264 Decoder (Version: 1.0.0)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
Intel® Graphics Media Accelerator Driver for Mobile (Version: 6.14.10.4609)
K-Lite Codec Pack 7.0.0 (Full) (Version: 7.0.0)
Kea Coloring Book 3.7.0
Leah's Farm Coloring Book
Little Fighter 2 version 2.0a
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Reader
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MKV Splitter (Version: 1.0.0)
Mobilink Lite (Version: 2.08.29)
Mouse Suite for Laptop Computers (Version: 1.00.0000)
Mozilla Firefox 16.0.2 (x86 en-US) (Version: 16.0.2)
Mozilla Maintenance Service (Version: 16.0.2)
NSIS Example2 (remove only)
Old Super Mario Bros
Opera 12.00 (Version: 12.00.1467)
Pro Evolution Soccer 2011 (Version: 1.01.0000)
SereneScreen Marine Aquarium 3 (Version: 3.0)
SigmaTel Audio (Version: 5.10.5210.0)
SlimCleaner (Version: 4.0.24283)
Speccy (Version: 1.18)
SUPERAntiSpyware (Version: 5.6.1012)
Synaptics Pointing Device Driver (Version: 8.2.4.6)
TeraCopy 2.27
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 8 (Version: 20090308.140743)
Wise Registry Cleaner Professional V5.9.4 (Version: 5.9.4)
Your Uninstaller! 7 (Version: 7.4.2012.5)

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 1271.37 MB
Available physical RAM: 1025.43 MB
Total Pagefile: 3034.46 MB
Available Pagefile: 2945.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1997.51 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:34.17 GB) (Free:12.59 GB) NTFS

========================= Users: ========================================

User accounts for \\GAMEBOX

Administrator Guest HelpAssistant
Nah Boss SUPPORT_388945a0 Switch Blade
Yes Boss


**** End of log ****

and the Speccy snapshot: http://speccy.piriform.com/results/Yjt7swAWvwaE7GE7vifKr0i

#15 hamluis

hamluis

    Moderator


  • Moderator
  • 55,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:05 PM

Posted 18 November 2012 - 11:09 AM

I would uninstall AVG remnants, http://www.avg.com/ww-en/faq.num-4416 .

Uninstall Your Uninstaller 7.

Uninstall Wise Registry Cleaner.

Uninstall TeraCopy.

Uninstall Slim Cleaner.

Uninstall Pro Evolution Soccer.

Uninstall Hijack This...your version is severely outdated and the program itself is outdated for malware-analysis/removal purposes.

Epubar PDF DRM Removal: The presence of this on the system indicates that you are violating EULA agreements of at least one software program. I suggest that you read the BC forum rules (link in my signature) re software piracy/illegal software.

Digital Line Detect

Uninstall AutoUpdate, your version is outdated and the product is no longer being supported.

Your version of Flash is outdated and, therefore, a security risk.

Note: I did not suggest reinstalling any of the above. Once these items are removed...I suggest that you do at least 3 things:

a. Remove any illegal downloads you have installed on your system.
b. Run the chkdsk /r command on the Windows partition. Start/Run...type chkdsk /r and hit Enter. Type Y in new screen and hit Enter. Reboot, the command will execute before booting into Windows automatically.
c. Run the sfc /scannow command to reinstall any system files which have been removed/damaged by your previous actions.
d. Install SP3 and all critical updates which have been put forth since SP3.
e. See how the system runs without burdensome programs. Should you decide to reinstall any which have been removed...please do so one at a time...and then check Event Viewer for any errors generated by such reinstallation.

FWIW:

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:
  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.Louis

Edited by hamluis, 18 November 2012 - 11:12 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users