Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with really really slow laptop please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Help with really really slow laptop please

Unread postby john_m_nash » November 18th, 2010, 10:28 am

This is driving me bonkers

I did as you asked above and I got the blue screen of death each time.

I've scanned 4 times now.

The scans seemed to get to the end of the programs files section and then the pc crashes.

Is there a way to do the scan in sections and post each section log so that it can be examined bit by bit or should I try to use something else to fix that part of windows first?
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am
Advertisement
Register to Remove

Re: Help with really really slow laptop please

Unread postby john_m_nash » November 18th, 2010, 10:35 am

I'm not sure if this is going to be duplicated as I'm sure that I already clicked on the submit button.

The laptop keeps crashing at the scanner ends the program files section and this is driving me bonkers.

I've scanned it 4 times now and get the blue screen of death each time.

Is it possible to scan it section by section to get some data or do I need to find a windows fix first?
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Help with really really slow laptop please

Unread postby deltalima » November 18th, 2010, 10:43 am

Hi john_m_nash,

I did as you asked above and I got the blue screen of death each time.


GMER can be difficult sometimes; it digs deep into the operating system and can cause instability.

Let's try another rootkit scanner.

Please download this file

It is in RAR format so will need to be unarchived using peazip

  • Now Right click on RKU3.8.388.590.exe and select Run as Administrator.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help with really really slow laptop please

Unread postby john_m_nash » November 18th, 2010, 12:13 pm

The scan appears to have been stuck on the files section for over an hour.

Shall I redo it in 2 scans - one with the files section on its own?
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Help with really really slow laptop please

Unread postby deltalima » November 18th, 2010, 12:39 pm

Hi john_m_nash,

Shall I redo it in 2 scans


No, let's postpone the rootkit scan for now.

Rkill

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • A notepad windows will open, please post the contents in your next reply
  • This log can also be found at C:\rkill.log
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help with really really slow laptop please

Unread postby john_m_nash » November 18th, 2010, 4:16 pm

The rootkit scanner is still going and is at about 70% done allthough its now been going for about 5 hours.

The rkill log is here

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Eray on 18/11/2010 at 18:32:02.


Services Stopped:


Processes terminated by Rkill or while it was running:


C:\Users\Eray\Desktop\rkill.exe


Rkill completed on 18/11/2010 at 18:33:15.


I had previously tried to clean the laptop with malwarebytes before I originally contacted you as it is a program I use regularly, so I updated it and the scan is here

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5145

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

18/11/2010 19:27:49
mbam-log-2010-11-18 (19-27-49).txt

Scan type: Quick scan
Objects scanned: 139233
Time elapsed: 55 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 16
Files Infected: 33

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3popularscreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.


I have not restarted yet as the rootkit scanner is stil working, but I'll restart when its finished.
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Help with really really slow laptop please

Unread postby deltalima » November 18th, 2010, 4:34 pm

Hi john_m_nash,

I have not restarted yet as the rootkit scanner is stil working, but I'll restart when its finished.


OK, please post the log when completed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help with really really slow laptop please

Unread postby john_m_nash » November 18th, 2010, 5:04 pm

Scanner report (finally)

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8E80E000 C:\Windows\system32\DRIVERS\atikmdag.sys 7540736 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x85C00000 C:\Windows\system32\ntoskrnl.exe 3846144 bytes (Microsoft Corporation, NT Kernel & System)
0x85C00000 PnpManager 3846144 bytes
0x85C00000 RAW 3846144 bytes
0x85C00000 WMIxWDM 3846144 bytes
0x814E0000 Win32k 2109440 bytes
0x814E0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x92E21000 C:\Windows\system32\drivers\RTKVHDA.sys 1638400 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x939DE000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101117.019\NAVEX15.SYS 1368064 bytes (Symantec Corporation, AV Engine)
0x9380D000 C:\Windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
0x89C08000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x89911000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x89A82000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x864D7000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x8327A000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8300B000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x9AA1F000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx86.sys 704512 bytes (Symantec Corporation, BASH Driver)
0x8EF3F000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x89E8C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x92C02000 C:\Windows\system32\DRIVERS\athr.sys 528384 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x9A9A0000 C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys 520192 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0x865B7000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x898A0000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8640D000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x830BB000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x9A90E000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x9A8B3000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101116.002\IDSvix86.sys 372736 bytes (Symantec Corporation, IDS Core Driver)
0x89B87000 C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0x93936000 C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS 356352 bytes (Symantec Corporation, Symantec AutoProtect)
0x89801000 C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS 352256 bytes (Symantec Corporation, Symantec Data Store)
0x8322C000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x866E9000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x89FB0000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x86640000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x86496000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x92CB6000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x89E27000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x9A86D000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x89A47000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x831B3000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x89D18000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x92DDB000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x85FAB000 ACPI_HAL 208896 bytes
0x85FAB000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x867AB000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9A804000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x92C87000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x86748000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x92FB1000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89867000 C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS 184320 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x89A1C000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x89F45000 C:\Windows\system32\DRIVERS\SynTP.sys 176128 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x92D91000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x9AB37000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x83399000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x83204000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x89D82000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x86697000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x89F8B000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x93B2C000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x92D24000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x89DBA000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x83173000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x93B91000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9398D000 C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS 126976 bytes (Symantec Corporation, Iron Driver)
0x83194000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8678D000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x9A96C000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x83128000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x89B6C000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9AB04000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x83145000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x89E74000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x831EC000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x9A989000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x92D02000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8336E000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x9A836000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x93BE4000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x8315E000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x92D6A000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x89D5E000 C:\Windows\system32\DRIVERS\sbp2port.sys 86016 bytes (Microsoft Corporation, SBP-2 Protocol Driver)
0x833C1000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x833D6000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x93B51000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101117.019\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x92D56000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x92FDE000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x89F19000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x9AB6B000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x9A85A000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x833EB000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x89DA9000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x92E10000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8647D000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x89857000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x939B5000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9AB27000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x86775000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x89F7B000 C:\Windows\system32\DRIVERS\Rtnicxp.sys 65536 bytes (Realtek Semiconductor Corporation , Realtek 10/100 NDIS 5.1 Driver )
0x92D7F000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x89E18000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x9AAF5000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x89D73000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x866BE000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x92D47000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x89E65000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x866DA000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x81720000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x9A84C000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x93BCD000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8673A000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x89F2C000 C:\Windows\system32\DRIVERS\qkbfiltr.sys 57344 bytes (TOSHIBA, TOSHIBA HotKey Keyboard Filter Driver)
0x9AACB000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x93929000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x92DCE000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x86633000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x89894000 C:\Windows\System32\Drivers\PxHelp20.sys 49152 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x83362000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x93B85000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8EFDE000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x9AAD8000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x89F3A000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x89F70000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x93BC2000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x92D19000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x92CF7000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x89E04000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x866D0000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x9AAEB000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8E800000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 40960 bytes (GEAR Software Inc., CD DVD Filter)
0x92DC4000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9AB61000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x9A8A9000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x83358000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x939D4000 C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x8EFEA000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x92DBB000 C:\Windows\system32\drivers\BoiHwSetup.sys 36864 bytes (Quanta Computer Corp, Toshiba HwSetup Driver)
0x89DDB000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x93B65000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x939AC000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x83000000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x93BDB000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x81700000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x89E0F000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x86686000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x86785000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8648E000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x9AAE3000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x939CC000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8668F000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x93BB2000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x93BBA000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x89D56000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x93B75000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x939C5000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x86406000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x93B6E000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x86733000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x89D51000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x92C83000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8EFF4000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 16384 bytes (TOSHIBA Corporation., Toshiba ODD Writing Driver For x86.)
0x866CD000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x92D8F000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8E80A000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x04070000 Hidden Image-->CLI.Component.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 1060864 bytes
0x05C10000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 1060864 bytes
0x05760000 Hidden Image-->CLI.Aspect.DeviceTV2.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 1085440 bytes
0x05870000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 1101824 bytes
0x042D0000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 167936 bytes
0x05200000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 176128 bytes
0x05BE0000 Hidden Image-->CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 192512 bytes
0x03D60000 Hidden Image-->CLI.Caste.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 233472 bytes
0x041A0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 233472 bytes
0x00B00000 Hidden Image-->LOG.Foundation.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x03DB0000 Hidden Image-->DEM.OS.I0602.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x03D20000 Hidden Image-->ATICCCom.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x03DC0000 Hidden Image-->DEM.Foundation.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x03DF0000 Hidden Image-->DEM.OS.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x04000000 Hidden Image-->DEM.Graphics.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x04170000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x056C0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x057D0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x057F0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x05820000 Hidden Image-->CLI.Aspect.DeviceProperty2.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x05830000 Hidden Image-->CLI.Aspect.OverDrive2.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 28672 bytes
0x00AB0000 Hidden Image-->LOG.Foundation.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 28672 bytes
0x01D30000 Hidden Image-->ATICCCom.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 28672 bytes
0x04000000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 28672 bytes
0x05340000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 28672 bytes
0x05DA0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 28672 bytes
0x05DF0000 Hidden Image-->CLI.Aspect.DeviceProperty2.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 28672 bytes
0x06010000 Hidden Image-->CLI.Aspect.OverDrive2.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 28672 bytes
0x04090000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x881138A0 ] PID: 1440, 307200 bytes
0x05980000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 323584 bytes
0x059D0000 Hidden Image-->CLI.Aspect.DeviceDFP2.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 331776 bytes
0x05A30000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 356352 bytes
0x00AA0000 Hidden Image-->CLI.Implementation.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x01AA0000 Hidden Image-->CLI.Foundation.XManifestation.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x03D30000 Hidden Image-->AEM.Foundation.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x03DA0000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x041D0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x04360000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x04310000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x043A0000 Hidden Image-->CLI.Aspect.DeviceLCD2.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x04380000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x04390000 Hidden Image-->CLI.Aspect.DeviceLCD2.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x043E0000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x05100000 Hidden Image-->APM.Foundation.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x05430000 Hidden Image-->CLI.Aspect.OverDrive2.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x05320000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x05450000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x05580000 Hidden Image-->CLI.Aspect.PowerPlay3.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x05910000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 36864 bytes
0x004C0000 Hidden Image-->CLI.Implementation.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x00AC0000 Hidden Image-->CLI.Foundation.XManifestation.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x01860000 Hidden Image-->CLI.Component.Dashboard.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x01D50000 Hidden Image-->AEM.Foundation.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x01D60000 Hidden Image-->ACE.Graphics.DisplaysManager.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x05390000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x05FE0000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x05E10000 Hidden Image-->CLI.Aspect.DeviceLCD2.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x05E00000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x05FC0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x05FD0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x06000000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x05FF0000 Hidden Image-->CLI.Aspect.PowerPlay3.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 36864 bytes
0x05530000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 397312 bytes
0x055A0000 Hidden Image-->CLI.Aspect.DeviceLCD2.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 405504 bytes
0x00AC0000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x01C10000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x04320000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x04340000 Hidden Image-->CLI.Aspect.DeviceCRT2.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x043D0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x043F0000 Hidden Image-->CLI.Aspect.DeviceCV2.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x05280000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x05590000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x055A0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 45056 bytes
0x004E0000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 45056 bytes
0x01970000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 45056 bytes
0x05E30000 Hidden Image-->CLI.Aspect.DeviceCV2.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 45056 bytes
0x05E20000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 45056 bytes
0x05E80000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 45056 bytes
0x05000000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 454656 bytes
0x05180000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 479232 bytes
0x054B0000 Hidden Image-->CLI.Aspect.DeviceCRT2.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 487424 bytes
0x05D20000 Hidden Image-->CLI.Aspect.OverDrive2.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 503808 bytes
0x00AF0000 Hidden Image-->LOG.Foundation.Service.dll [ EPROCESS 0x881138A0 ] PID: 1440, 53248 bytes
0x03DE0000 Hidden Image-->DEM.Graphics.I0601.dll [ EPROCESS 0x881138A0 ] PID: 1440, 53248 bytes
0x04200000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 53248 bytes
0x05270000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 53248 bytes
0x052B0000 Hidden Image-->CLI.Aspect.DeviceDFP2.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 53248 bytes
0x052A0000 Hidden Image-->CLI.Aspect.DeviceDFP2.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 53248 bytes
0x00AA0000 Hidden Image-->LOG.Foundation.Service.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 53248 bytes
0x01850000 Hidden Image-->CLI.Component.Client.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 53248 bytes
0x05E90000 Hidden Image-->CLI.Aspect.DeviceDFP2.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 53248 bytes
0x05A90000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 602112 bytes
0x03D50000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x041F0000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x04020000 Hidden Image-->ATIDEMOS.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x041E0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x04330000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x04350000 Hidden Image-->CLI.Aspect.DeviceCRT2.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x05440000 Hidden Image-->CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x05470000 Hidden Image-->CLI.Aspect.PowerPlay3.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x056B0000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 61440 bytes
0x01D40000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 61440 bytes
0x05070000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 61440 bytes
0x05DD0000 Hidden Image-->CLI.Aspect.DeviceCRT2.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 61440 bytes
0x053A0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 61440 bytes
0x05FA0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 61440 bytes
0x056C0000 Hidden Image-->CLI.Aspect.DeviceCV2.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 626688 bytes
0x05B30000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 667648 bytes
0x041A0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 69632 bytes
0x043B0000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 69632 bytes
0x05240000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 69632 bytes
0x05200000 Hidden Image-->CLI.Aspect.DeviceCV2.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 69632 bytes
0x05220000 Hidden Image-->CLI.Aspect.DeviceTV2.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 69632 bytes
0x052C0000 Hidden Image-->CLI.Aspect.OverDrive3.Graphics.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 69632 bytes
0x05860000 Hidden Image-->CLI.Aspect.DeviceTV2.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 69632 bytes
0x05880000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0x881138A0 ] PID: 1440, 69632 bytes
0x05E60000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 69632 bytes
0x05E40000 Hidden Image-->CLI.Aspect.DeviceTV2.Graphics.Shared.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 69632 bytes
0x05610000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 708608 bytes
0x00AD0000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0x881138A0 ] PID: 1440, 77824 bytes
0x00A80000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 77824 bytes
0x03FE0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 77824 bytes
0x01BF0000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0x881138A0 ] PID: 1440, 94208 bytes
0x01D10000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 94208 bytes
0x04180000 Hidden Image-->CLI.Aspect.Welcome.Local.Dashboard.dll [ EPROCESS 0xAC2AFD90 ] PID: 3304, 94208 bytes
0x04DD0000 Hidden Image-->TCrdMain.resources.dll [ EPROCESS 0x87BA7680 ] PID: 2720, 970752 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Users\Eray\AppData\Local\Temp\Low\~DF9C19.tmp::$DATA
!-->[Hidden] C:\Users\Eray\AppData\Local\Temp\Low\~DF9C50.tmp::$DATA
!-->[Hidden] C:\Users\Eray\AppData\Local\Temp\~DF2589.tmp::$DATA
!-->[Hidden] C:\Users\Eray\AppData\Local\Temp\~DF63E6.tmp::$DATA
!-->[Hidden] C:\Users\Eray\AppData\Local\Temp\~DFD91A.tmp::$DATA
!-->[Hidden] C:\Users\Eray\AppData\Local\Temp\~DFF4B8.tmp::$DATA
!-->[Hidden] C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\00-00-00-00-00-00.xml
!-->[Hidden] C:\Windows\System32\WDI\{a7a5847a-7511-4e4e-90b1-45ad2a002f51}\{871ae3a1-587d-498e-95ee-a470ea7fff32}
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x0006948A, Type: Inline - RelativeJump 0x85C6948A-->85C69491 []
ntoskrnl.exe+0x0006D924, Type: Inline - RelativeJump 0x85C6D924-->85C6D92D []
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Help with really really slow laptop please

Unread postby deltalima » November 18th, 2010, 5:44 pm

Hi john_m_nash,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {da21bd13-ca22-42e3-a071-98f08f1ca1e7} - No CLSID value found.
    O4 - HKLM..\RunOnceEx: [] File not found
    O4 - HKU\S-1-5-21-546573252-2442487885-2140036986-1000..\Run: [ares] C:\Program Files\Ares\Ares.exe File not found
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 0
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply and also let me know how your computer is running now.

Note – The Kaspersky scan takes a very long time
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help with really really slow laptop please

Unread postby john_m_nash » November 19th, 2010, 4:38 pm

I'm having a problem running the kaspersky scan.

It downloaded the program files and most of definition and before I could follow your instructions I got an error message (after about 4 hours).

error from webpage
update has failed. the program could not be started.please close the window of the kaspersky online scanner 7.0 and start the program again from the kaspersky lab.

successful updating......requires uninterrupted internet connection. please make sure the internet connection is established [error lisence has expired].


I tried it again when I got home tonight and got the same error message?



The OTL log is here

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{da21bd13-ca22-42e3-a071-98f08f1ca1e7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da21bd13-ca22-42e3-a071-98f08f1ca1e7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-546573252-2442487885-2140036986-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ares not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" | 0 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | 0 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Eray
->Temp folder emptied: 11166278 bytes
->Temporary Internet Files folder emptied: 10223306 bytes
->Java cache emptied: 58103309 bytes
->FireFox cache emptied: 67800410 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 1923458 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 181113 bytes
RecycleBin emptied: 28603175 bytes

Total Files Cleaned = 170.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11182010_222631

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


What do you suggest - oh and thanks for your continued support.
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Help with really really slow laptop please

Unread postby deltalima » November 19th, 2010, 4:45 pm

Hi john_m_nash,

I'm having a problem running the kaspersky scan.


It looks like a problem with the Kaspersky site, please run this alternative scan.

ESET online scannner

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help with really really slow laptop please

Unread postby john_m_nash » November 20th, 2010, 11:58 am

The scan completed and reported no threats.

The laptop is responding faster than it did and I'm actually able to post this reply from it as it can now access the forum, but it is still very slow and explorer keeps not responding.

My friend has agreed to purchase more ram which I am going to order now, so I'll be able to determine if the slow performance is down to hardware or software issues.

I'm just wondering whether this pc is now clean, as it just stopped responding again?
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Help with really really slow laptop please

Unread postby deltalima » November 20th, 2010, 2:52 pm

Hi john_m_nash,


My friend has agreed to purchase more ram which I am going to order now, so I'll be able to determine if the slow performance is down to hardware or software issues.


Good, that will make a big improvement in speed.

I'm just wondering whether this pc is now clean, as it just stopped responding again?


We have removed some minor infections, and it is good to hear that the computer is better than it was. Before considering it clean I would like to run one more scan.

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Right click on MBRCheck.exe and select Run as Administrator.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Help with really really slow laptop please

Unread postby john_m_nash » November 20th, 2010, 3:21 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite L30
Logical Drives Mask: 0x00000014

Kernel Drivers (total 151):
0x85C04000 \SystemRoot\system32\ntoskrnl.exe
0x85FAF000 \SystemRoot\system32\hal.dll
0x8640C000 \SystemRoot\system32\kdcom.dll
0x86413000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x86483000 \SystemRoot\system32\PSHED.dll
0x86494000 \SystemRoot\system32\BOOTVID.dll
0x8649C000 \SystemRoot\system32\CLFS.SYS
0x864DD000 \SystemRoot\system32\CI.dll
0x865BD000 \SystemRoot\system32\drivers\Wdf01000.sys
0x86639000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x86646000 \SystemRoot\system32\drivers\acpi.sys
0x8668C000 \SystemRoot\system32\drivers\WMILIB.SYS
0x86695000 \SystemRoot\system32\drivers\msisadrv.sys
0x8669D000 \SystemRoot\system32\drivers\pci.sys
0x866C4000 \SystemRoot\System32\drivers\partmgr.sys
0x866D3000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x866D6000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x866E0000 \SystemRoot\system32\drivers\volmgr.sys
0x866EF000 \SystemRoot\System32\drivers\volmgrx.sys
0x86739000 \SystemRoot\system32\drivers\pciide.sys
0x86740000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8674E000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x8677B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8678B000 \SystemRoot\system32\drivers\atapi.sys
0x86793000 \SystemRoot\system32\drivers\ataport.SYS
0x867B1000 \SystemRoot\system32\drivers\fltmgr.sys
0x8980E000 \SystemRoot\system32\drivers\NIS\1108000.005\SYMDS.SYS
0x89864000 \SystemRoot\system32\drivers\fileinfo.sys
0x89874000 \SystemRoot\system32\drivers\NIS\1108000.005\SYMEFA.SYS
0x898A1000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x898AD000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8991E000 \SystemRoot\system32\drivers\ndis.sys
0x89A29000 \SystemRoot\system32\drivers\msrpc.sys
0x89A54000 \SystemRoot\system32\drivers\NETIO.SYS
0x89A8F000 \SystemRoot\System32\drivers\tcpip.sys
0x89B79000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89C0D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x89D1D000 \SystemRoot\system32\drivers\volsnap.sys
0x89D56000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x89D5B000 \SystemRoot\System32\Drivers\spldr.sys
0x89D63000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x89D78000 \SystemRoot\System32\Drivers\mup.sys
0x89D87000 \SystemRoot\System32\drivers\ecache.sys
0x89DAE000 \SystemRoot\system32\drivers\disk.sys
0x89DBF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x89DE0000 \SystemRoot\system32\drivers\crcdisk.sys
0x89E09000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x89E14000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x89E1D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E800000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8EF31000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EFD0000 \SystemRoot\System32\drivers\watchdog.sys
0x8EFDC000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x89E2C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EFE6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EFF5000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x89E6A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x89E82000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x89E8C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x89F19000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x89F2C000 \SystemRoot\system32\DRIVERS\qkbfiltr.sys
0x89F3A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x89F45000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8EFF9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x89F70000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x89F7B000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x9280F000 \SystemRoot\system32\DRIVERS\athr.sys
0x92890000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x92894000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x928C3000 \SystemRoot\system32\DRIVERS\storport.sys
0x92904000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9290F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92926000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92931000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x92954000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x92963000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92977000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9298C000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9299C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9299E000 \SystemRoot\system32\DRIVERS\ks.sys
0x929C8000 \SystemRoot\system32\drivers\BoiHwSetup.sys
0x929D1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x929DB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x929E8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x92A1D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92A2E000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x92BBE000 \SystemRoot\system32\drivers\portcls.sys
0x89F8B000 \SystemRoot\system32\drivers\drmk.sys
0x93801000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9391D000 \SystemRoot\system32\drivers\modem.sys
0x9392A000 \SystemRoot\System32\Drivers\NIS\1108000.005\SRTSP.SYS
0x93981000 \SystemRoot\system32\drivers\NIS\1108000.005\Ironx86.SYS
0x939A0000 \SystemRoot\system32\drivers\NIS\1108000.005\SRTSPX.SYS
0x93AF8000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x93B31000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x93B3A000 \SystemRoot\System32\Drivers\Null.SYS
0x93B41000 \SystemRoot\System32\Drivers\Beep.SYS
0x93B51000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x93B58000 \SystemRoot\System32\drivers\vga.sys
0x93B64000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x93B85000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x93B8D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x93B95000 \SystemRoot\System32\Drivers\Msfs.SYS
0x93BA0000 \SystemRoot\System32\Drivers\Npfs.SYS
0x93BAE000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x93BB7000 \SystemRoot\system32\DRIVERS\tdx.sys
0x89B94000 \SystemRoot\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS
0x93BCD000 \SystemRoot\system32\DRIVERS\smb.sys
0x89FB0000 \SystemRoot\system32\drivers\afd.sys
0x9B006000 \SystemRoot\System32\DRIVERS\netbt.sys
0x9B038000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9B04E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9B05C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9B06F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9B0AB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9B110000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x9B16E000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x9B18B000 \SystemRoot\System32\Drivers\dfsc.sys
0x9B1A2000 \SystemRoot\system32\drivers\NIS\1108000.005\ccHPx86.sys
0x9B221000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101104.001\BHDrvx86.sys
0x9B2CD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9B2DA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9B2E5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x81880000 \SystemRoot\System32\win32k.sys
0x9B2ED000 \SystemRoot\System32\drivers\Dxapi.sys
0x9B2F7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81AA0000 \SystemRoot\System32\TSDDD.dll
0x81AC0000 \SystemRoot\System32\cdd.dll
0x9B306000 \SystemRoot\system32\drivers\luafv.sys
0x9B329000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9B339000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9B363000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9B36D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x84806000 \SystemRoot\system32\drivers\spsys.sys
0x848B6000 \SystemRoot\system32\drivers\HTTP.sys
0x84923000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x84940000 \SystemRoot\system32\DRIVERS\bowser.sys
0x84959000 \SystemRoot\system32\drivers\mrxdav.sys
0x8497A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x84999000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x849D2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x849EA000 \SystemRoot\System32\DRIVERS\srv2.sys
0x84A12000 \SystemRoot\System32\DRIVERS\srv.sys
0x84A60000 \SystemRoot\system32\drivers\peauth.sys
0x84B3E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x84B48000 \SystemRoot\System32\drivers\tcpipreg.sys
0x84B54000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x84B7E000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101119.001\IDSvix86.sys
0x939AA000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101120.002\NAVEX15.SYS
0x84BD9000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101120.002\NAVENG.SYS
0x774B0000 \Windows\System32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
432 C:\Windows\System32\smss.exe
568 csrss.exe
620 csrss.exe
628 C:\Windows\System32\wininit.exe
668 C:\Windows\System32\winlogon.exe
708 C:\Windows\System32\services.exe
720 C:\Windows\System32\lsass.exe
728 C:\Windows\System32\lsm.exe
884 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\Ati2evxx.exe
1068 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\audiodg.exe
1212 C:\Windows\System32\svchost.exe
1228 C:\Windows\System32\SLsvc.exe
1284 C:\Windows\System32\svchost.exe
1404 C:\Windows\System32\svchost.exe
1524 C:\Windows\System32\Ati2evxx.exe
1832 C:\Windows\System32\spoolsv.exe
1860 C:\Windows\System32\svchost.exe
1976 C:\Windows\System32\taskeng.exe
536 C:\Windows\System32\dwm.exe
532 C:\Windows\explorer.exe
820 C:\Windows\System32\agrsmsvc.exe
1412 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1636 C:\Program Files\Bonjour\mDNSResponder.exe
1668 C:\Windows\System32\svchost.exe
1984 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
624 C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
2208 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2216 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
2248 C:\Windows\RtHDVCpl.exe
2312 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2320 C:\Windows\System32\svchost.exe
2392 C:\Windows\System32\svchost.exe
2408 C:\Program Files\TOSHIBA\Utilities\VolControl.exe
2440 C:\Windows\System32\TODDSrv.exe
2512 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
2628 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
2736 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2892 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2960 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2984 C:\Windows\System32\svchost.exe
3016 C:\Windows\System32\SearchIndexer.exe
3292 C:\Program Files\Windows Media Player\wmpnscfg.exe
3468 dllhost.exe
3748 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
3836 C:\Program Files\Synaptics\SynTP\SynToshiba.exe
4020 C:\Windows\System32\wbem\unsecapp.exe
2096 WmiPrvSE.exe
2124 C:\Windows\System32\taskeng.exe
812 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
2200 C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
3924 C:\Program Files\Windows Media Player\wmpnetwk.exe
2172 C:\Program Files\Internet Explorer\iexplore.exe
4016 C:\Program Files\Internet Explorer\iexplore.exe
3536 C:\Windows\System32\SearchProtocolHost.exe
2360 C:\Windows\System32\SearchFilterHost.exe
2024 C:\Users\Eray\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK8037GSX, Rev: DL230M

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!


I hope this is ok - my friend says a registry defrag would help things - is this the case and how is this done please
john_m_nash
Regular Member
 
Posts: 67
Joined: May 14th, 2007, 10:27 am

Re: Help with really really slow laptop please

Unread postby deltalima » November 20th, 2010, 4:41 pm

Hi john_m_nash,

my friend says a registry defrag would help things


No! at best it could make a marginal improvement, at worst it could make the computer unusable.

There are some important updates you need to apply.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.4 are vulnerable.
  • Go HERE, UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 22.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 22 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u22-windows-i586-p.exe to install the newest version

After that then install the extra RAM and see how the computer runs then. The scans now show no sign of active malware and so any system slowness is likely caused by some other issue such as incorrect driver or failing hardware.


Remove GMER

Delete the GMER icon from your desktop.

Delete the RKill icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware