Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow, periodocally shuts down one of multi-monitors

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Slow, periodocally shuts down one of multi-monitors

Unread postby appreciateshelp » August 6th, 2012, 6:03 pm

Computer will shut down one of the monitors peridocally. Also shut down is very slow. In addition, response time is slow.
THANK YOU!
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19272 BrowserJavaVersion: 10.5.1
Run by Robert at 16:54:59 on 2012-08-06
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.2046.1007 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SOS Online Backup\SMessaging.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
C:\Users\Robert\AppData\Local\Autobahn\nexdef.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LOH60A0\dds[1].scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_3_300_257_ActiveX.exe -update activex
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [SMessaging] c:\program files\sos online backup\SMessaging.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\robert\appdata\roaming\micros~1\windows\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\network usb hub control center\Connect.exe
StartupFolder: c:\users\robert\appdata\roaming\micros~1\windows\startm~1\programs\startup\nexdef~1.lnk - c:\users\robert\appdata\local\autobahn\nexdef.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: defensivedriving.com\www
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-5 217600]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-12-29 21504]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2012-1-5 58880]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2011-8-18 1846592]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-4-6 9334784]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-5 275968]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2012-2-23 83984]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2011-8-18 23960]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-7 106656]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-30 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-30 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-06 17:37:13 -------- d-----w- c:\program files\Oracle
2012-07-12 08:04:08 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:43:48 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 08:43:46 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 08:43:46 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 08:43:22 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 08:43:22 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 08:43:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
==================== Find3M ====================
.
2012-07-06 03:06:30 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-21 19:37:17 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-21 19:37:17 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-06 13:59:33 687560 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec
2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 16:55:10.38 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/14/2011 2:47:41 PM
System Uptime: 8/6/2012 1:17:48 PM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5W64 WS Pro
Processor: Intel(R) Core(TM)2 Extreme CPU Q6850 @ 3.00GHz | LGA 775 | 1998/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 213.276 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: RAID Controller
Device ID: PCI\VEN_11AB&DEV_6145&SUBSYS_82201043&REV_A1\4&1A41C456&0&00E5
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_11AB&DEV_6145&SUBSYS_82201043&REV_A1\4&1A41C456&0&00E5
Service:
.
==== System Restore Points ===================
.
RP267: 7/19/2012 12:00:04 AM - Scheduled Checkpoint
RP268: 7/19/2012 6:40:02 PM - Installed Microsoft Office Outlook Connector
RP269: 7/21/2012 12:00:03 AM - Scheduled Checkpoint
RP270: 7/22/2012 12:00:03 AM - Scheduled Checkpoint
RP271: 7/23/2012 12:00:04 AM - Scheduled Checkpoint
RP272: 7/24/2012 12:00:05 AM - Scheduled Checkpoint
RP273: 7/25/2012 12:00:04 AM - Scheduled Checkpoint
RP274: 7/26/2012 12:00:04 AM - Scheduled Checkpoint
RP275: 7/27/2012 12:00:03 AM - Scheduled Checkpoint
RP276: 7/28/2012 12:00:04 AM - Scheduled Checkpoint
RP277: 7/29/2012 12:00:05 AM - Scheduled Checkpoint
RP278: 7/30/2012 12:37:49 AM - Scheduled Checkpoint
RP279: 7/31/2012 12:00:05 AM - Scheduled Checkpoint
RP280: 8/1/2012 12:00:05 AM - Scheduled Checkpoint
RP281: 8/2/2012 12:00:06 AM - Scheduled Checkpoint
RP282: 8/3/2012 12:00:09 AM - Scheduled Checkpoint
RP283: 8/3/2012 10:54:15 PM - Scheduled Checkpoint
RP284: 8/5/2012 12:00:03 AM - Scheduled Checkpoint
RP285: 8/6/2012 12:00:04 AM - Scheduled Checkpoint
RP286: 8/6/2012 12:24:22 PM - Removed Java(TM) 7 Update 4
RP287: 8/6/2012 12:33:26 PM - Installed Java(TM) 7 Update 5
RP288: 8/6/2012 12:35:37 PM - Removed JavaFX 2.0.2
RP289: 8/6/2012 12:36:43 PM - Installed JavaFX 2.1.1
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
AMD APP SDK Runtime
AMD Catalyst Install Manager
Ask Toolbar
Ask Toolbar Updater
Belkin Network USB Hub Control Center
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cool & Quiet
CutePDF Writer 2.8
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
LiveUpdate 3.3 (Symantec Corporation)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NexDef Plug-in
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
SOS Online Backup
Symantec Endpoint Protection
thinkorswim
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WinPatrol
.
==== Event Viewer Messages From Past Week ========
.
8/6/2012 1:18:41 PM, Error: EventLog [6008] - The previous system shutdown at 1:15:43 PM on 8/6/2012 was unexpected.
8/3/2012 10:16:40 PM, Error: EventLog [6008] - The previous system shutdown at 10:14:30 PM on 8/3/2012 was unexpected.
8/3/2012 10:13:30 PM, Error: EventLog [6008] - The previous system shutdown at 10:09:25 PM on 8/3/2012 was unexpected.
.
==== End Of File ===========================
appreciateshelp
Regular Member
 
Posts: 22
Joined: December 6th, 2011, 4:56 pm
Advertisement
Register to Remove

Re: Slow, periodocally shuts down one of multi-monitors

Unread postby askey127 » August 9th, 2012, 1:55 pm

Hi appreciateshelp,
You appear to be posting for help for a "Business" computer.
"Symantec Endpoint Protection is an antivirus and personal firewall product leveled at centrally managed corporate environments security for servers and workstations."

May I draw your attention to THIS topic, which you should have read before posting for help.

The section Posting for help for business machines explains why we do not offer help for such computers.

Unless there is some kind of misunderstanding about the usage of the machine, this topic will be closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Slow, periodocally shuts down one of multi-monitors

Unread postby appreciateshelp » August 9th, 2012, 3:54 pm

Thank you for reviewing my posting. My Son attends LSU and has used this computer to do LSU related assignments while at home and away from school, thus the reason he loaded the school anti-virus. This is not a corporate computer. I do understand the reasons that this forum does not support corporate computers. If I remember correctly, you were kind enough to help me with this computer quite some tim ago as I remember the 'kitty cat" picture. Unfortunately, we ended up having to completely reload windows from the OE disk due to the severity of damage to the system at thatr time......now a few months later I think I have a new issue. I hope you can help but if you feel uncomfortable with doing so I understand. I would not ignore the rules on the forum and do understand the sensitivity you folks have with the "corporate computer" policy.
Thank you for your attention.
appreciateshelp
Regular Member
 
Posts: 22
Joined: December 6th, 2011, 4:56 pm

Re: Slow, periodocally shuts down one of multi-monitors

Unread postby askey127 » August 9th, 2012, 4:53 pm

appreciateshelp,
Let's see what we can do to get rid of the problem.
-----------------------------------------------------------
Download the Microsoft Security Essentials Installer
The download is here: http://www.microsoft.com/security_essentials/
Save it to your desktop, but don't run it yet.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
Ask Toolbar
Ask Toolbar Updater
LiveUpdate 3.3 (Symantec Corporation)
Symantec Endpoint Protection

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Install Microsoft Security Essentials
Double Click the icon for the Microsoft Security Essentials installer.
Let it install, update itself, run a scan, and delete anything it finds.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • For Vista, right click the icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking for the contents of the two files from OTL: OTL.txt and Extras.txt
Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Slow, periodocally shuts down one of multi-monitors

Unread postby appreciateshelp » August 12th, 2012, 7:52 pm

Here are the logs. Thank you!

OTL logfile created on: 8/10/2012 7:46:39 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Robert\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.70% Memory free
4.24 Gb Paging File | 2.34 Gb Available in Paging File | 55.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 213.54 Gb Free Space | 71.64% Space Free | Partition Type: NTFS

Computer Name: ROBERT-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/10 13:15:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/05 21:16:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/04/05 21:15:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/29 18:36:10 | 000,329,824 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/12/02 17:46:24 | 000,045,472 | ---- | M] (SOS Online Backup) -- C:\Program Files\SOS Online Backup\SMessaging.exe
PRC - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\nexdef.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/08/30 01:05:10 | 000,790,609 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 10:39:28 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll
MOD - [2012/06/14 10:38:04 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/14 10:17:52 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:17:42 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:17:15 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 03:33:28 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 03:41:33 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll
MOD - [2012/05/10 03:40:01 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll
MOD - [2012/05/10 03:40:00 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
MOD - [2012/05/10 03:39:58 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
MOD - [2012/05/10 03:39:57 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
MOD - [2012/05/10 03:39:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 03:39:30 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
MOD - [2012/05/10 03:39:30 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012/05/10 03:39:30 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/10 03:39:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 03:37:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 03:36:52 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012/05/10 03:36:47 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 03:36:42 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 03:35:48 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 03:35:37 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 03:35:15 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/04/05 22:00:20 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/04/05 20:09:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011/08/11 10:27:44 | 000,159,744 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
MOD - [2011/08/11 10:27:44 | 000,069,632 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\rt\bin\java.dll
MOD - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\nexdef.exe
MOD - [2011/08/11 10:27:40 | 000,126,976 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\rt\bin\zip.dll
MOD - [2011/08/11 10:27:40 | 000,020,480 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/04/11 01:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/04/10 21:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 23:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/05 21:15:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stop_Pending] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/08/10 10:57:03 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A702AEA-180D-41F0-B40A-289683B659FD}\MpKsl188092f2.sys -- (MpKsl188092f2)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/06 00:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/04/05 20:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/23 07:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2009/09/05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/12/17 18:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/07/26 22:03:00 | 000,058,880 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2004/08/13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 A5 3E 75 10 C7 CC 01 [binary data]
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS464
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\..\SearchScopes\{CED4E89A-6302-4BA7-AD9A-B64A0C6926CD}: "URL" = http://websearch.ask.com/custom/java/re ... src=crm&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000
IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SMessaging] C:\Program Files\SOS Online Backup\SMessaging.exe (SOS Online Backup)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\..Trusted Domains: defensivedriving.com ([www] https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B940A2B-7D4F-4FCB-BD4F-BD5A072957EC}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/10 13:15:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2012/08/10 10:50:48 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/08/10 10:50:00 | 000,000,000 | ---D | C] -- C:\20bd7077bd6e5ce283
[2012/08/10 10:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/10 10:45:45 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/08/10 10:01:30 | 010,288,512 | ---- | C] (Microsoft Corporation) -- C:\Users\Robert\Desktop\mseinstall.exe
[2012/08/07 14:07:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thinkorswim
[2012/08/07 11:04:09 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Malwarebytes
[2012/08/07 11:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/07 11:04:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/07 11:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/07 11:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/06 23:49:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Apps
[2012/08/06 13:22:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\dds.scr
[2012/08/06 12:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/06 12:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/08/06 12:34:57 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/06 12:34:24 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/06 12:34:24 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/06 12:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/08/06 12:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/17 12:46:19 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\101 Royal new listing 7.17.12
[2012/07/12 03:04:08 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012/08/10 18:49:13 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 18:49:13 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 13:15:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2012/08/10 10:56:51 | 000,639,404 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/10 10:56:51 | 000,117,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/10 10:50:07 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/10 10:49:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/10 10:01:37 | 010,288,512 | ---- | M] (Microsoft Corporation) -- C:\Users\Robert\Desktop\mseinstall.exe
[2012/08/10 03:18:57 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\SOS Online Backup - rsmith@houstonsuburbanrealestate.com.job
[2012/08/08 11:54:19 | 000,045,051 | ---- | M] () -- C:\Users\Robert\Desktop\AgentInventory.pdf
[2012/08/08 09:12:59 | 000,013,710 | ---- | M] () -- C:\Users\Robert\Desktop\shadowtraderproswing.pdf
[2012/08/07 14:10:29 | 000,001,742 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\thinkorswim.lnk
[2012/08/07 11:04:06 | 000,000,930 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/07 11:04:06 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 13:20:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\dds.scr
[2012/08/06 12:33:59 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/06 12:33:59 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/03 15:20:35 | 000,598,666 | ---- | M] () -- C:\Users\Robert\Desktop\Layout1.pdf
[2012/08/03 14:55:49 | 000,305,767 | ---- | M] () -- C:\Users\Robert\Desktop\18 acre tract specifics.jpg
[2012/08/03 14:11:01 | 000,646,323 | ---- | M] () -- C:\Users\Robert\Desktop\Friendswood Comps 8.3.13.pdf
[2012/08/03 14:10:47 | 000,353,038 | ---- | M] () -- C:\Users\Robert\Desktop\Friendswood Comps 8.3.12.jpg
[2012/08/03 14:08:57 | 000,353,038 | ---- | M] () -- C:\Users\Robert\Documents\Friendswood listings.sales 8.3.12.jpg
[2012/08/03 10:59:06 | 000,665,858 | ---- | M] () -- C:\Users\Robert\Desktop\Comps.pdf
[2012/08/03 10:41:01 | 000,207,841 | ---- | M] () -- C:\Users\Robert\Desktop\Friendswood Properties for Sale.pdf
[2012/07/23 18:04:21 | 002,387,130 | ---- | M] () -- C:\Users\Robert\Desktop\1307 Jasmine Survey,Overview,Mls.pdf
[2012/07/23 13:58:31 | 000,183,099 | ---- | M] () -- C:\Users\Robert\Desktop\9 acres Gulf Fwy..pdf
[2012/07/23 13:38:04 | 000,705,982 | ---- | M] () -- C:\Users\Robert\Desktop\Addendum #2 18 acres.JPG
[2012/07/18 12:35:02 | 000,057,954 | ---- | M] () -- C:\Users\Robert\Desktop\FinAddendum.pdf
[2012/07/18 12:18:27 | 000,039,348 | ---- | M] () -- C:\Users\Robert\Desktop\Cma- Fairdale Oaks.pdf
[2012/07/16 14:41:48 | 000,101,048 | ---- | M] () -- C:\Users\Robert\Desktop\Royal 7.16.12.pdf
[2012/07/16 12:22:47 | 000,061,014 | ---- | M] () -- C:\Users\Robert\Desktop\high meadow listing.pdf
[2012/07/12 09:25:26 | 000,370,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/08/10 10:47:12 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/10 10:46:52 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/08 11:54:24 | 000,045,051 | ---- | C] () -- C:\Users\Robert\Desktop\AgentInventory.pdf
[2012/08/08 09:13:04 | 000,013,710 | ---- | C] () -- C:\Users\Robert\Desktop\shadowtraderproswing.pdf
[2012/08/07 14:07:26 | 000,001,742 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\thinkorswim.lnk
[2012/08/07 11:04:06 | 000,000,930 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/07 11:04:06 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/03 15:20:49 | 000,598,666 | ---- | C] () -- C:\Users\Robert\Desktop\Layout1.pdf
[2012/08/03 14:55:49 | 000,305,767 | ---- | C] () -- C:\Users\Robert\Desktop\18 acre tract specifics.jpg
[2012/08/03 14:11:20 | 000,646,323 | ---- | C] () -- C:\Users\Robert\Desktop\Friendswood Comps 8.3.13.pdf
[2012/08/03 14:10:47 | 000,353,038 | ---- | C] () -- C:\Users\Robert\Desktop\Friendswood Comps 8.3.12.jpg
[2012/08/03 14:08:57 | 000,353,038 | ---- | C] () -- C:\Users\Robert\Documents\Friendswood listings.sales 8.3.12.jpg
[2012/08/03 10:59:16 | 000,665,858 | ---- | C] () -- C:\Users\Robert\Desktop\Comps.pdf
[2012/08/03 10:40:59 | 000,207,841 | ---- | C] () -- C:\Users\Robert\Desktop\Friendswood Properties for Sale.pdf
[2012/07/23 18:04:21 | 002,387,130 | ---- | C] () -- C:\Users\Robert\Desktop\1307 Jasmine Survey,Overview,Mls.pdf
[2012/07/23 13:58:55 | 000,183,099 | ---- | C] () -- C:\Users\Robert\Desktop\9 acres Gulf Fwy..pdf
[2012/07/23 13:40:06 | 000,705,982 | ---- | C] () -- C:\Users\Robert\Desktop\Addendum #2 18 acres.JPG
[2012/07/18 12:35:13 | 000,057,954 | ---- | C] () -- C:\Users\Robert\Desktop\FinAddendum.pdf
[2012/07/18 12:19:07 | 000,039,348 | ---- | C] () -- C:\Users\Robert\Desktop\Cma- Fairdale Oaks.pdf
[2012/07/16 14:42:08 | 000,101,048 | ---- | C] () -- C:\Users\Robert\Desktop\Royal 7.16.12.pdf
[2012/07/16 12:23:07 | 000,061,014 | ---- | C] () -- C:\Users\Robert\Desktop\high meadow listing.pdf
[2012/04/18 01:34:09 | 000,003,584 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/05 22:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/03/25 13:15:24 | 014,776,568 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\SMRBackup250.dat
[2012/01/10 16:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/01/05 13:34:33 | 000,000,367 | ---- | C] () -- C:\Windows\System32\CNCMFP12.INI
[2012/01/02 18:05:43 | 000,125,265 | ---- | C] () -- C:\Users\Robert\3311 Pochivalova.offer.pdf
[2012/01/02 18:04:02 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/01/02 17:55:04 | 000,000,088 | ---- | C] () -- C:\Users\Robert\.java.policy
[2011/12/30 11:04:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/12/29 14:03:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/12/29 14:03:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/12/29 14:02:37 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/12/29 09:47:11 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2011/12/15 19:08:25 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf
[2011/12/15 18:54:13 | 000,000,072 | ---- | C] () -- C:\Windows\VSWizard.ini
[2011/12/14 16:16:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/14 14:55:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011/12/14 14:55:07 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011/12/14 14:55:05 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2011/12/14 14:55:05 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2011/12/14 14:39:21 | 000,000,680 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/04/20 02:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll

========== LOP Check ==========

[2011/12/30 13:53:51 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\WinPatrol
[2012/08/10 10:47:34 | 000,032,478 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/10 03:18:57 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\SOS Online Backup - rsmith@houstonsuburbanrealestate.com.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Users\Robert\Desktop\Addendum #2 18 acres.JPG:3or4kl4x13tuuug3Byamue2s4b

< End of report >
OTL Extras logfile created on: 8/10/2012 7:46:39 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Robert\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.70% Memory free
4.24 Gb Paging File | 2.34 Gb Available in Paging File | 55.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 213.54 Gb Free Space | 71.64% Space Free | Partition Type: NTFS

Computer Name: ROBERT-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4B09CEF2-D4F0-4176-BEB1-AD24DCF0DE50}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |
"{D2174FDF-382C-489D-9372-EF216E15C3DF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0372D390-0CF8-43F8-84D4-E6A72501D083}" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |
"{14154303-7F68-47AB-99F2-C12FE8DDB66F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{675943C2-A11D-4C93-B3C2-63F465B7D7C9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8BAD41BE-042B-4C6C-B92F-AEA4645EA3DD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{AC6A2EE3-6290-42D5-A85B-AC5E50D5A62A}" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |
"{CAD0A3B1-8106-4DB2-8D33-3E83D8394A07}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{37B222CF-E961-4E6D-BC6D-74E6F502AF68}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |
"UDP Query User{D80B2998-A977-4575-ABC2-9384677AED73}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F897E00-83A6-4133-54E1-58F8D35E61C2}" = AMD Catalyst Install Manager
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2FC92BF4-F8BB-755F-755C-D756383C4CF3}" = ccc-utility
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A588B888-30D2-4F16-9139-91FE8836DCE3}" = SOS Online Backup
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Autobahn" = NexDef Plug-in
"Belkin Network USB Hub Control Center" = Belkin Network USB Hub Control Center
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"thinkorswim" = thinkorswim

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/4/2012 12:58:09 AM | Computer Name = Robert-PC | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 8/5/2012 3:41:25 AM | Computer Name = Robert-PC | Source = VSS | ID = 8194
Description =

Error - 8/6/2012 3:41:26 AM | Computer Name = Robert-PC | Source = VSS | ID = 8194
Description =

Error - 8/7/2012 12:02:51 PM | Computer Name = Robert-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/9/2012 3:41:32 AM | Computer Name = Robert-PC | Source = VSS | ID = 8194
Description =

Error - 8/9/2012 10:19:36 AM | Computer Name = Robert-PC | Source = Application Error | ID = 1000
Description = Faulting application IeEmbed.exe, version 0.9.1.0, time stamp 0x45497884,
faulting module jscript.dll, version 5.8.6001.19163, time stamp 0x4e9d1a54, exception
code 0xc0000005, fault offset 0x00014e6f, process id 0x10ac, application start time
0x01cd7639db46ccc5.

Error - 8/9/2012 10:21:42 AM | Computer Name = Robert-PC | Source = Application Hang | ID = 1002
Description = The program thinkorswim.exe version 0.0.0.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1598 Start Time: 01cd7639c7866745 Termination Time: 406

Error - 8/10/2012 3:41:34 AM | Computer Name = Robert-PC | Source = VSS | ID = 8194
Description =

Error - 8/10/2012 11:05:41 AM | Computer Name = Robert-PC | Source = Symantec AntiVirus | ID = 16711754
Description =

Error - 8/10/2012 11:07:12 AM | Computer Name = Robert-PC | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 1/25/2012 4:23:54 PM | Computer Name = Robert-PC | Source = acvpnui | ID = 67108866
Description = Function: ConnectIfc::sendRequest File: .\ConnectIfc.cpp Line: 3036 Invoked
Function: CTransport::SendRequest Return Code: -29949932 (0xFE370014) Description:
CTRANSPORT_ERROR_CONNECT

Error - 1/25/2012 4:23:54 PM | Computer Name = Robert-PC | Source = acvpnui | ID = 67108866
Description = Function: ConnectIfc::connect File: .\ConnectIfc.cpp Line: 452 Invoked
Function: ConnectIfc::sendRequest Return Code: -29949932 (0xFE370014) Description:
CTRANSPORT_ERROR_CONNECT

Error - 1/25/2012 4:23:54 PM | Computer Name = Robert-PC | Source = acvpnui | ID = 67108866
Description = Function: ConnectIfc::TranslateStatusCode File: .\ConnectIfc.cpp Line:
2874 Invoked Function: ConnectIfc::TranslateStatusCode Return Code: -29949932 (0xFE370014)
Description:
CTRANSPORT_ERROR_CONNECT Connection attempt has failed due to network or PC issue.

Error - 1/25/2012 4:23:54 PM | Computer Name = Robert-PC | Source = acvpnui | ID = 67108866
Description = Function: ConnectMgr::doConnectIfcConnect File: .\ConnectMgr.cpp Line:
1867 Invoked Function: ConnectIfc::connect Return Code: -29949932 (0xFE370014) Description:
CTRANSPORT_ERROR_CONNECT

Error - 1/25/2012 4:23:54 PM | Computer Name = Robert-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 2315
Content
type (unknown) received. Response type (failed) from client.vpn.lsu.edu :

Error - 1/25/2012 4:23:54 PM | Computer Name = Robert-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::connect File: .\ConnectMgr.cpp Line: 1922 ConnectMgr::processIfcData
failed

Error - 1/25/2012 4:23:54 PM | Computer Name = Robert-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::initiateConnect File: .\ConnectMgr.cpp Line: 983
Connection
failed.

Error - 1/25/2012 4:23:54 PM | Computer Name = Robert-PC | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::OnIpcMessageReceivedAtDepot File: .\MainThread.cpp
Line:
4315 Invoked Function: CNotifyAgentPreTunnelTlv Return Code: -32374782 (0xFE120002)
Description:
TLV_ERROR_BAD_PARAMETER

Error - 1/25/2012 4:23:56 PM | Computer Name = Robert-PC | Source = acvpnui | ID = 67108866
Description = Function: ConnectMgr::run File: .\ConnectMgr.cpp Line: 568 Invoked Function:
ConnectMgr::initiateConnect Return Code: -29556727 (0xFE3D0009) Description: CONNECTMGR_ERROR_UNEXPECTED


Error - 1/25/2012 4:25:00 PM | Computer Name = Robert-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.

[ System Events ]
Error - 7/11/2012 8:35:01 PM | Computer Name = Robert-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:35:20 PM on 7/11/2012 was unexpected.

Error - 7/19/2012 7:43:05 PM | Computer Name = Robert-PC | Source = DCOM | ID = 10005
Description =

Error - 7/19/2012 7:43:08 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/19/2012 7:43:08 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/19/2012 7:43:23 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 7/19/2012 7:43:23 PM | Computer Name = Robert-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/26/2012 9:53:12 PM | Computer Name = Robert-PC | Source = bowser | ID = 8003
Description =

Error - 8/3/2012 11:13:30 PM | Computer Name = Robert-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:09:25 PM on 8/3/2012 was unexpected.

Error - 8/3/2012 11:16:40 PM | Computer Name = Robert-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:14:30 PM on 8/3/2012 was unexpected.

Error - 8/6/2012 2:18:41 PM | Computer Name = Robert-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:15:43 PM on 8/6/2012 was unexpected.


< End of report >
appreciateshelp
Regular Member
 
Posts: 22
Joined: December 6th, 2011, 4:56 pm

Re: Slow, periodocally shuts down one of multi-monitors

Unread postby askey127 » August 13th, 2012, 7:43 am

appreciateshelp,
Do you use the Windows File Search often? Never?
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    O15 - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\..Trusted Domains: defensivedriving.com ([www] https in Trusted sites)
    IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\..\SearchScopes\{CED4E89A-6302-4BA7-AD9A-B64A0C6926CD}: "URL" = http://websearch.ask.com/custom/java/re ... src=crm&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000
    IE - HKU\S-1-5-21-3824592973-3764995561-3676388105-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

Separate replies for the above tasks are fine.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Slow, periodocally shuts down one of multi-monitors

Unread postby appreciateshelp » August 13th, 2012, 10:39 am

Askey127,
I don't remember using the Windows file search ever. Also, I lost the results after the fix was run in OTL so I ran the scan a second time to get the results. In addition, after the fix was run, the computer failed to boot past the windows screen (progress bar). After about ten minutes I had to manually reset theit so it waould boot.
Here are the results of the Quick scan.........
OTL logfile created on: 8/13/2012 9:32:10 AM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Robert\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.12% Memory free
4.24 Gb Paging File | 2.43 Gb Available in Paging File | 57.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 213.35 Gb Free Space | 71.57% Space Free | Partition Type: NTFS

Computer Name: ROBERT-PC | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/12 03:11:50 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/08/10 13:15:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/05 21:16:24 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/04/05 21:15:50 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/29 18:36:10 | 000,329,824 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/12/02 17:46:24 | 000,045,472 | ---- | M] (SOS Online Backup) -- C:\Program Files\SOS Online Backup\SMessaging.exe
PRC - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\nexdef.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/08/30 01:05:10 | 000,790,609 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 10:39:28 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll
MOD - [2012/06/14 10:38:04 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/14 10:17:52 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 10:17:42 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 10:17:15 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 03:33:28 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 03:41:33 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll
MOD - [2012/05/10 03:40:01 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll
MOD - [2012/05/10 03:40:00 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
MOD - [2012/05/10 03:39:58 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
MOD - [2012/05/10 03:39:57 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
MOD - [2012/05/10 03:39:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 03:39:30 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
MOD - [2012/05/10 03:39:30 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012/05/10 03:39:30 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/10 03:39:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 03:37:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 03:36:52 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012/05/10 03:36:47 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/10 03:36:42 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 03:35:48 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 03:35:37 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 03:35:15 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/04/05 22:00:20 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/04/05 20:09:10 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2011/08/11 10:27:44 | 000,159,744 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
MOD - [2011/08/11 10:27:44 | 000,069,632 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\rt\bin\java.dll
MOD - [2011/08/11 10:27:42 | 015,490,560 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\nexdef.exe
MOD - [2011/08/11 10:27:40 | 000,126,976 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\rt\bin\zip.dll
MOD - [2011/08/11 10:27:40 | 000,020,480 | ---- | M] () -- C:\Users\Robert\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/04/11 01:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/04/10 21:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 23:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/05 21:15:50 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/12 12:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/06 00:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/04/05 20:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/02/23 07:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2009/09/05 15:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/12/17 18:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/07/26 22:03:00 | 000,058,880 | ---- | M] (silex technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2004/08/13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 A5 3E 75 10 C7 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS464
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SMessaging] C:\Program Files\SOS Online Backup\SMessaging.exe (SOS Online Backup)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B940A2B-7D4F-4FCB-BD4F-BD5A072957EC}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/10 13:15:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2012/08/10 10:46:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/08/07 14:07:26 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\thinkorswim
[2012/08/07 11:04:09 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Malwarebytes
[2012/08/07 11:04:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/07 11:04:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/07 11:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/07 11:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/06 23:49:27 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Apps
[2012/08/06 13:22:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Robert\Desktop\dds.scr
[2012/08/06 12:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/06 12:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/08/06 12:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/08/06 12:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/17 12:46:19 | 000,000,000 | ---D | C] -- C:\Users\Robert\Desktop\101 Royal new listing 7.17.12

========== Files - Modified Within 30 Days ==========

[2012/08/13 09:20:09 | 000,639,404 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/13 09:20:09 | 000,117,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/13 09:15:44 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 09:15:44 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 09:15:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/13 03:18:35 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\SOS Online Backup - rsmith@houstonsuburbanrealestate.com.job
[2012/08/12 21:00:59 | 000,009,755 | ---- | M] () -- C:\Users\Robert\Desktop\ultra mon.pdf
[2012/08/10 13:15:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2012/08/10 10:50:07 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/08 11:54:19 | 000,045,051 | ---- | M] () -- C:\Users\Robert\Desktop\AgentInventory.pdf
[2012/08/08 09:12:59 | 000,013,710 | ---- | M] () -- C:\Users\Robert\Desktop\shadowtraderproswing.pdf
[2012/08/07 14:10:29 | 000,001,742 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\thinkorswim.lnk
[2012/08/07 11:04:06 | 000,000,930 | ---- | M] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/07 11:04:06 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/06 13:20:29 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Robert\Desktop\dds.scr
[2012/08/03 15:20:35 | 000,598,666 | ---- | M] () -- C:\Users\Robert\Desktop\Layout1.pdf
[2012/08/03 14:55:49 | 000,305,767 | ---- | M] () -- C:\Users\Robert\Desktop\18 acre tract specifics.jpg
[2012/08/03 14:11:01 | 000,646,323 | ---- | M] () -- C:\Users\Robert\Desktop\Friendswood Comps 8.3.13.pdf
[2012/08/03 14:10:47 | 000,353,038 | ---- | M] () -- C:\Users\Robert\Desktop\Friendswood Comps 8.3.12.jpg
[2012/08/03 14:08:57 | 000,353,038 | ---- | M] () -- C:\Users\Robert\Documents\Friendswood listings.sales 8.3.12.jpg
[2012/08/03 10:59:06 | 000,665,858 | ---- | M] () -- C:\Users\Robert\Desktop\Comps.pdf
[2012/08/03 10:41:01 | 000,207,841 | ---- | M] () -- C:\Users\Robert\Desktop\Friendswood Properties for Sale.pdf
[2012/07/23 18:04:21 | 002,387,130 | ---- | M] () -- C:\Users\Robert\Desktop\1307 Jasmine Survey,Overview,Mls.pdf
[2012/07/23 13:58:31 | 000,183,099 | ---- | M] () -- C:\Users\Robert\Desktop\9 acres Gulf Fwy..pdf
[2012/07/23 13:38:04 | 000,705,982 | ---- | M] () -- C:\Users\Robert\Desktop\Addendum #2 18 acres.JPG
[2012/07/18 12:35:02 | 000,057,954 | ---- | M] () -- C:\Users\Robert\Desktop\FinAddendum.pdf
[2012/07/18 12:18:27 | 000,039,348 | ---- | M] () -- C:\Users\Robert\Desktop\Cma- Fairdale Oaks.pdf
[2012/07/16 14:41:48 | 000,101,048 | ---- | M] () -- C:\Users\Robert\Desktop\Royal 7.16.12.pdf
[2012/07/16 12:22:47 | 000,061,014 | ---- | M] () -- C:\Users\Robert\Desktop\high meadow listing.pdf

========== Files Created - No Company Name ==========

[2012/08/12 21:01:14 | 000,009,755 | ---- | C] () -- C:\Users\Robert\Desktop\ultra mon.pdf
[2012/08/10 10:47:12 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/10 10:46:52 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/08/08 11:54:24 | 000,045,051 | ---- | C] () -- C:\Users\Robert\Desktop\AgentInventory.pdf
[2012/08/08 09:13:04 | 000,013,710 | ---- | C] () -- C:\Users\Robert\Desktop\shadowtraderproswing.pdf
[2012/08/07 14:07:26 | 000,001,742 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\thinkorswim.lnk
[2012/08/07 11:04:06 | 000,000,930 | ---- | C] () -- C:\Users\Robert\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/07 11:04:06 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/03 15:20:49 | 000,598,666 | ---- | C] () -- C:\Users\Robert\Desktop\Layout1.pdf
[2012/08/03 14:55:49 | 000,305,767 | ---- | C] () -- C:\Users\Robert\Desktop\18 acre tract specifics.jpg
[2012/08/03 14:11:20 | 000,646,323 | ---- | C] () -- C:\Users\Robert\Desktop\Friendswood Comps 8.3.13.pdf
[2012/08/03 14:10:47 | 000,353,038 | ---- | C] () -- C:\Users\Robert\Desktop\Friendswood Comps 8.3.12.jpg
[2012/08/03 14:08:57 | 000,353,038 | ---- | C] () -- C:\Users\Robert\Documents\Friendswood listings.sales 8.3.12.jpg
[2012/08/03 10:59:16 | 000,665,858 | ---- | C] () -- C:\Users\Robert\Desktop\Comps.pdf
[2012/08/03 10:40:59 | 000,207,841 | ---- | C] () -- C:\Users\Robert\Desktop\Friendswood Properties for Sale.pdf
[2012/07/23 18:04:21 | 002,387,130 | ---- | C] () -- C:\Users\Robert\Desktop\1307 Jasmine Survey,Overview,Mls.pdf
[2012/07/23 13:58:55 | 000,183,099 | ---- | C] () -- C:\Users\Robert\Desktop\9 acres Gulf Fwy..pdf
[2012/07/23 13:40:06 | 000,705,982 | ---- | C] () -- C:\Users\Robert\Desktop\Addendum #2 18 acres.JPG
[2012/07/18 12:35:13 | 000,057,954 | ---- | C] () -- C:\Users\Robert\Desktop\FinAddendum.pdf
[2012/07/18 12:19:07 | 000,039,348 | ---- | C] () -- C:\Users\Robert\Desktop\Cma- Fairdale Oaks.pdf
[2012/07/16 14:42:08 | 000,101,048 | ---- | C] () -- C:\Users\Robert\Desktop\Royal 7.16.12.pdf
[2012/07/16 12:23:07 | 000,061,014 | ---- | C] () -- C:\Users\Robert\Desktop\high meadow listing.pdf
[2012/04/18 01:34:09 | 000,003,584 | ---- | C] () -- C:\Users\Robert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/05 22:34:22 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/03/25 13:15:24 | 014,776,568 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\SMRBackup250.dat
[2012/01/10 16:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/01/05 13:34:33 | 000,000,367 | ---- | C] () -- C:\Windows\System32\CNCMFP12.INI
[2012/01/02 18:05:43 | 000,125,265 | ---- | C] () -- C:\Users\Robert\3311 Pochivalova.offer.pdf
[2012/01/02 18:04:02 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2012/01/02 17:55:04 | 000,000,088 | ---- | C] () -- C:\Users\Robert\.java.policy
[2011/12/30 11:04:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/12/29 14:03:58 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/12/29 14:03:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/12/29 14:02:37 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/12/29 09:47:11 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2011/12/15 19:08:25 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf
[2011/12/15 18:54:13 | 000,000,072 | ---- | C] () -- C:\Windows\VSWizard.ini
[2011/12/14 16:16:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/14 14:55:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011/12/14 14:55:07 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011/12/14 14:55:05 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2011/12/14 14:55:05 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2011/12/14 14:39:21 | 000,000,680 | ---- | C] () -- C:\Users\Robert\AppData\Local\d3d9caps.dat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/04/20 02:21:02 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll

========== LOP Check ==========

[2011/12/30 13:53:51 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\WinPatrol
[2012/08/13 09:15:33 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/08/13 03:18:35 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\SOS Online Backup - rsmith@houstonsuburbanrealestate.com.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Users\Robert\Desktop\Addendum #2 18 acres.JPG:3or4kl4x13tuuug3Byamue2s4b
< End of report >
I will now down load and run TDSSKiller.
Thank you!
appreciateshelp
Regular Member
 
Posts: 22
Joined: December 6th, 2011, 4:56 pm

Re: Slow, periodocally shuts down one of multi-monitors

Unread postby appreciateshelp » August 13th, 2012, 10:50 am

Askey127,
Here is the TDSSKiller txt file.

09:45:05.0861 5992 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:45:06.0361 5992 ============================================================
09:45:06.0361 5992 Current date / time: 2012/08/13 09:45:06.0361
09:45:06.0361 5992 SystemInfo:
09:45:06.0361 5992
09:45:06.0361 5992 OS Version: 6.0.6002 ServicePack: 2.0
09:45:06.0361 5992 Product type: Workstation
09:45:06.0361 5992 ComputerName: ROBERT-PC
09:45:06.0361 5992 UserName: Robert
09:45:06.0361 5992 Windows directory: C:\Windows
09:45:06.0361 5992 System windows directory: C:\Windows
09:45:06.0361 5992 Processor architecture: Intel x86
09:45:06.0361 5992 Number of processors: 4
09:45:06.0361 5992 Page size: 0x1000
09:45:06.0361 5992 Boot type: Normal boot
09:45:06.0361 5992 ============================================================
09:45:10.0183 5992 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:45:10.0229 5992 ============================================================
09:45:10.0229 5992 \Device\Harddisk0\DR0:
09:45:10.0229 5992 MBR partitions:
09:45:10.0229 5992 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
09:45:10.0229 5992 ============================================================
09:45:10.0307 5992 C: <-> \Device\Harddisk0\DR0\Partition0
09:45:10.0307 5992 ============================================================
09:45:10.0307 5992 Initialize success
09:45:10.0307 5992 ============================================================
09:45:18.0092 4744 ============================================================
09:45:18.0092 4744 Scan started
09:45:18.0092 4744 Mode: Manual;
09:45:18.0092 4744 ============================================================
09:45:18.0466 4744 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:45:18.0466 4744 ACPI - ok
09:45:18.0544 4744 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:45:18.0544 4744 AdobeARMservice - ok
09:45:18.0575 4744 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:45:18.0591 4744 adp94xx - ok
09:45:18.0622 4744 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:45:18.0622 4744 adpahci - ok
09:45:18.0638 4744 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:45:18.0638 4744 adpu160m - ok
09:45:18.0653 4744 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:45:18.0669 4744 adpu320 - ok
09:45:18.0685 4744 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
09:45:18.0685 4744 AeLookupSvc - ok
09:45:18.0731 4744 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:45:18.0731 4744 AFD - ok
09:45:18.0747 4744 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:45:18.0747 4744 agp440 - ok
09:45:18.0794 4744 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:45:18.0794 4744 aic78xx - ok
09:45:18.0794 4744 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
09:45:18.0809 4744 ALG - ok
09:45:18.0809 4744 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
09:45:18.0809 4744 aliide - ok
09:45:18.0856 4744 AMD External Events Utility (50ebbb86e493bd9ab7ddf914a90eef8e) C:\Windows\system32\atiesrxx.exe
09:45:18.0856 4744 AMD External Events Utility - ok
09:45:18.0872 4744 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:45:18.0872 4744 amdagp - ok
09:45:18.0887 4744 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
09:45:18.0887 4744 amdide - ok
09:45:18.0887 4744 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:45:18.0887 4744 AmdK7 - ok
09:45:18.0903 4744 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
09:45:18.0903 4744 AmdK8 - ok
09:45:19.0293 4744 amdkmdag (70eb74785ab7fc603fef19d87b7a7946) C:\Windows\system32\DRIVERS\atikmdag.sys
09:45:19.0449 4744 amdkmdag - ok
09:45:19.0543 4744 amdkmdap (ba99833bbde9c4ff389fc8114fb14843) C:\Windows\system32\DRIVERS\atikmpag.sys
09:45:19.0558 4744 amdkmdap - ok
09:45:19.0574 4744 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
09:45:19.0589 4744 Appinfo - ok
09:45:19.0621 4744 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
09:45:19.0621 4744 AppMgmt - ok
09:45:19.0667 4744 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:45:19.0667 4744 arc - ok
09:45:19.0699 4744 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:45:19.0699 4744 arcsas - ok
09:45:19.0714 4744 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\Windows\system32\drivers\AsIO.sys
09:45:19.0714 4744 AsIO - ok
09:45:19.0745 4744 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:45:19.0745 4744 AsyncMac - ok
09:45:19.0761 4744 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:45:19.0761 4744 atapi - ok
09:45:19.0839 4744 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
09:45:19.0855 4744 athr - ok
09:45:19.0901 4744 AtiHDAudioService (35290682dbdb9cede934b73369f3cede) C:\Windows\system32\drivers\AtihdLH3.sys
09:45:19.0901 4744 AtiHDAudioService - ok
09:45:19.0933 4744 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
09:45:19.0933 4744 AudioEndpointBuilder - ok
09:45:19.0933 4744 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
09:45:19.0933 4744 Audiosrv - ok
09:45:19.0995 4744 AxInstSV (da39e1dd38a39029597c0aaf8749abea) C:\Windows\System32\AxInstSV.dll
09:45:19.0995 4744 AxInstSV - ok
09:45:20.0026 4744 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:45:20.0026 4744 Beep - ok
09:45:20.0057 4744 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
09:45:20.0089 4744 BFE - ok
09:45:20.0151 4744 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
09:45:20.0167 4744 BITS - ok
09:45:20.0167 4744 blbdrive - ok
09:45:20.0198 4744 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:45:20.0198 4744 bowser - ok
09:45:20.0213 4744 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:45:20.0229 4744 BrFiltLo - ok
09:45:20.0229 4744 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:45:20.0229 4744 BrFiltUp - ok
09:45:20.0245 4744 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
09:45:20.0260 4744 Browser - ok
09:45:20.0276 4744 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:45:20.0276 4744 Brserid - ok
09:45:20.0291 4744 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:45:20.0291 4744 BrSerWdm - ok
09:45:20.0291 4744 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:45:20.0291 4744 BrUsbMdm - ok
09:45:20.0291 4744 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:45:20.0307 4744 BrUsbSer - ok
09:45:20.0323 4744 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:45:20.0323 4744 BTHMODEM - ok
09:45:20.0354 4744 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:45:20.0354 4744 cdfs - ok
09:45:20.0369 4744 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:45:20.0385 4744 cdrom - ok
09:45:20.0416 4744 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
09:45:20.0416 4744 CertPropSvc - ok
09:45:20.0416 4744 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:45:20.0416 4744 circlass - ok
09:45:20.0447 4744 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:45:20.0447 4744 CLFS - ok
09:45:20.0494 4744 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:45:20.0494 4744 clr_optimization_v2.0.50727_32 - ok
09:45:20.0541 4744 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:45:20.0541 4744 clr_optimization_v4.0.30319_32 - ok
09:45:20.0557 4744 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
09:45:20.0557 4744 cmdide - ok
09:45:20.0557 4744 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
09:45:20.0557 4744 Compbatt - ok
09:45:20.0572 4744 COMSysApp - ok
09:45:20.0572 4744 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:45:20.0572 4744 crcdisk - ok
09:45:20.0588 4744 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:45:20.0588 4744 Crusoe - ok
09:45:20.0619 4744 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
09:45:20.0619 4744 CryptSvc - ok
09:45:20.0666 4744 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
09:45:20.0697 4744 CSC - ok
09:45:20.0744 4744 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
09:45:20.0744 4744 CscService - ok
09:45:20.0806 4744 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
09:45:20.0822 4744 DcomLaunch - ok
09:45:20.0853 4744 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:45:20.0853 4744 DfsC - ok
09:45:20.0962 4744 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
09:45:20.0993 4744 DFSR - ok
09:45:21.0103 4744 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
09:45:21.0103 4744 Dhcp - ok
09:45:21.0134 4744 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:45:21.0134 4744 disk - ok
09:45:21.0149 4744 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
09:45:21.0165 4744 Dnscache - ok
09:45:21.0196 4744 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
09:45:21.0196 4744 dot3svc - ok
09:45:21.0227 4744 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
09:45:21.0243 4744 DPS - ok
09:45:21.0274 4744 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:45:21.0274 4744 drmkaud - ok
09:45:21.0321 4744 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:45:21.0321 4744 DXGKrnl - ok
09:45:21.0352 4744 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:45:21.0352 4744 E1G60 - ok
09:45:21.0383 4744 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
09:45:21.0383 4744 EapHost - ok
09:45:21.0430 4744 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:45:21.0430 4744 Ecache - ok
09:45:21.0493 4744 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
09:45:21.0493 4744 ehRecvr - ok
09:45:21.0524 4744 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
09:45:21.0524 4744 ehSched - ok
09:45:21.0555 4744 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
09:45:21.0555 4744 ehstart - ok
09:45:21.0586 4744 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:45:21.0617 4744 elxstor - ok
09:45:21.0695 4744 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
09:45:21.0695 4744 EMDMgmt - ok
09:45:21.0742 4744 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
09:45:21.0742 4744 EventSystem - ok
09:45:21.0773 4744 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:45:21.0789 4744 exfat - ok
09:45:21.0805 4744 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:45:21.0805 4744 fastfat - ok
09:45:21.0851 4744 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
09:45:21.0867 4744 Fax - ok
09:45:21.0883 4744 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
09:45:21.0883 4744 fdc - ok
09:45:21.0898 4744 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
09:45:21.0898 4744 fdPHost - ok
09:45:21.0914 4744 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
09:45:21.0914 4744 FDResPub - ok
09:45:21.0929 4744 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:45:21.0945 4744 FileInfo - ok
09:45:21.0961 4744 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:45:21.0961 4744 Filetrace - ok
09:45:21.0976 4744 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
09:45:21.0976 4744 flpydisk - ok
09:45:21.0992 4744 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:45:22.0007 4744 FltMgr - ok
09:45:22.0070 4744 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
09:45:22.0085 4744 FontCache - ok
09:45:22.0132 4744 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:45:22.0132 4744 FontCache3.0.0.0 - ok
09:45:22.0148 4744 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
09:45:22.0148 4744 Fs_Rec - ok
09:45:22.0163 4744 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
09:45:22.0163 4744 fvevol - ok
09:45:22.0195 4744 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:45:22.0195 4744 gagp30kx - ok
09:45:22.0241 4744 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
09:45:22.0257 4744 gpsvc - ok
09:45:22.0335 4744 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:45:22.0335 4744 gupdate - ok
09:45:22.0351 4744 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:45:22.0351 4744 gupdatem - ok
09:45:22.0366 4744 gusvc (5d4bc124faae6730ac002cdb67bf1a1c) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:45:22.0382 4744 gusvc - ok
09:45:22.0413 4744 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
09:45:22.0429 4744 HdAudAddService - ok
09:45:22.0460 4744 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:45:22.0475 4744 HDAudBus - ok
09:45:22.0491 4744 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:45:22.0491 4744 HidBth - ok
09:45:22.0491 4744 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:45:22.0507 4744 HidIr - ok
09:45:22.0507 4744 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
09:45:22.0507 4744 hidserv - ok
09:45:22.0522 4744 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:45:22.0522 4744 HidUsb - ok
09:45:22.0538 4744 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
09:45:22.0538 4744 hkmsvc - ok
09:45:22.0553 4744 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:45:22.0553 4744 HpCISSs - ok
09:45:22.0585 4744 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:45:22.0600 4744 HTTP - ok
09:45:22.0631 4744 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:45:22.0631 4744 i2omp - ok
09:45:22.0678 4744 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:45:22.0678 4744 i8042prt - ok
09:45:22.0694 4744 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:45:22.0709 4744 iaStorV - ok
09:45:22.0787 4744 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:45:22.0803 4744 idsvc - ok
09:45:22.0819 4744 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:45:22.0819 4744 iirsp - ok
09:45:22.0865 4744 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
09:45:22.0881 4744 IKEEXT - ok
09:45:22.0897 4744 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
09:45:22.0897 4744 intelide - ok
09:45:22.0928 4744 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:45:22.0928 4744 intelppm - ok
09:45:22.0943 4744 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
09:45:22.0943 4744 IPBusEnum - ok
09:45:22.0975 4744 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:45:22.0975 4744 IpFilterDriver - ok
09:45:22.0990 4744 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
09:45:23.0006 4744 iphlpsvc - ok
09:45:23.0006 4744 IpInIp - ok
09:45:23.0053 4744 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:45:23.0068 4744 IPMIDRV - ok
09:45:23.0084 4744 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:45:23.0084 4744 IPNAT - ok
09:45:23.0099 4744 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:45:23.0099 4744 IRENUM - ok
09:45:23.0131 4744 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:45:23.0131 4744 isapnp - ok
09:45:23.0162 4744 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:45:23.0162 4744 iScsiPrt - ok
09:45:23.0177 4744 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:45:23.0177 4744 iteatapi - ok
09:45:23.0193 4744 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:45:23.0193 4744 iteraid - ok
09:45:23.0209 4744 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:45:23.0209 4744 kbdclass - ok
09:45:23.0224 4744 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:45:23.0224 4744 kbdhid - ok
09:45:23.0240 4744 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:45:23.0240 4744 KeyIso - ok
09:45:23.0287 4744 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
09:45:23.0302 4744 KSecDD - ok
09:45:23.0349 4744 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
09:45:23.0349 4744 KtmRm - ok
09:45:23.0380 4744 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
09:45:23.0380 4744 LanmanServer - ok
09:45:23.0411 4744 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
09:45:23.0411 4744 LanmanWorkstation - ok
09:45:23.0427 4744 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:45:23.0427 4744 lltdio - ok
09:45:23.0458 4744 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
09:45:23.0474 4744 lltdsvc - ok
09:45:23.0489 4744 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
09:45:23.0505 4744 lmhosts - ok
09:45:23.0521 4744 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:45:23.0521 4744 LSI_FC - ok
09:45:23.0536 4744 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:45:23.0536 4744 LSI_SAS - ok
09:45:23.0552 4744 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:45:23.0552 4744 LSI_SCSI - ok
09:45:23.0567 4744 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:45:23.0583 4744 luafv - ok
09:45:23.0599 4744 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
09:45:23.0599 4744 MBAMProtector - ok
09:45:23.0661 4744 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:45:23.0661 4744 MBAMService - ok
09:45:23.0692 4744 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
09:45:23.0692 4744 Mcx2Svc - ok
09:45:23.0708 4744 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:45:23.0708 4744 megasas - ok
09:45:23.0755 4744 Microsoft SharePoint Workspace Audit Service - ok
09:45:23.0786 4744 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:45:23.0786 4744 MMCSS - ok
09:45:23.0801 4744 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:45:23.0801 4744 Modem - ok
09:45:23.0833 4744 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:45:23.0833 4744 monitor - ok
09:45:23.0848 4744 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:45:23.0848 4744 mouclass - ok
09:45:23.0864 4744 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:45:23.0864 4744 mouhid - ok
09:45:23.0879 4744 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:45:23.0879 4744 MountMgr - ok
09:45:23.0926 4744 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
09:45:23.0926 4744 MpFilter - ok
09:45:23.0942 4744 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:45:23.0957 4744 mpio - ok
09:45:24.0004 4744 MpKsle9d1f6d1 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD051A4F-AA0E-4338-8DB4-34DF1BD546CF}\MpKsle9d1f6d1.sys
09:45:24.0004 4744 MpKsle9d1f6d1 - ok
09:45:24.0020 4744 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:45:24.0020 4744 mpsdrv - ok
09:45:24.0067 4744 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
09:45:24.0067 4744 MpsSvc - ok
09:45:24.0082 4744 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:45:24.0098 4744 Mraid35x - ok
09:45:24.0113 4744 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:45:24.0113 4744 MRxDAV - ok
09:45:24.0145 4744 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:45:24.0145 4744 mrxsmb - ok
09:45:24.0160 4744 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:45:24.0176 4744 mrxsmb10 - ok
09:45:24.0191 4744 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:45:24.0191 4744 mrxsmb20 - ok
09:45:24.0191 4744 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
09:45:24.0207 4744 msahci - ok
09:45:24.0223 4744 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:45:24.0223 4744 msdsm - ok
09:45:24.0238 4744 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
09:45:24.0238 4744 MSDTC - ok
09:45:24.0269 4744 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:45:24.0269 4744 Msfs - ok
09:45:24.0285 4744 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:45:24.0285 4744 msisadrv - ok
09:45:24.0316 4744 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
09:45:24.0316 4744 MSiSCSI - ok
09:45:24.0316 4744 msiserver - ok
09:45:24.0332 4744 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:45:24.0332 4744 MSKSSRV - ok
09:45:24.0379 4744 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:45:24.0379 4744 MsMpSvc - ok
09:45:24.0394 4744 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:45:24.0394 4744 MSPCLOCK - ok
09:45:24.0425 4744 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:45:24.0425 4744 MSPQM - ok
09:45:24.0457 4744 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:45:24.0457 4744 MsRPC - ok
09:45:24.0472 4744 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:45:24.0472 4744 mssmbios - ok
09:45:24.0488 4744 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:45:24.0488 4744 MSTEE - ok
09:45:24.0503 4744 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
09:45:24.0503 4744 MTsensor - ok
09:45:24.0535 4744 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:45:24.0535 4744 Mup - ok
09:45:24.0550 4744 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
09:45:24.0613 4744 napagent - ok
09:45:24.0659 4744 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:45:24.0659 4744 NativeWifiP - ok
09:45:24.0706 4744 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:45:24.0706 4744 NDIS - ok
09:45:24.0737 4744 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:45:24.0737 4744 NdisTapi - ok
09:45:24.0753 4744 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:45:24.0753 4744 Ndisuio - ok
09:45:24.0769 4744 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:45:24.0769 4744 NdisWan - ok
09:45:24.0800 4744 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:45:24.0800 4744 NDProxy - ok
09:45:24.0815 4744 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:45:24.0815 4744 NetBIOS - ok
09:45:24.0847 4744 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:45:24.0862 4744 netbt - ok
09:45:24.0862 4744 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:45:24.0862 4744 Netlogon - ok
09:45:24.0925 4744 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
09:45:24.0940 4744 Netman - ok
09:45:24.0987 4744 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
09:45:25.0003 4744 netprofm - ok
09:45:25.0049 4744 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:45:25.0049 4744 NetTcpPortSharing - ok
09:45:25.0081 4744 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:45:25.0081 4744 nfrd960 - ok
09:45:25.0096 4744 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
09:45:25.0096 4744 NisDrv - ok
09:45:25.0159 4744 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
09:45:25.0159 4744 NisSrv - ok
09:45:25.0190 4744 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
09:45:25.0190 4744 NlaSvc - ok
09:45:25.0205 4744 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:45:25.0205 4744 Npfs - ok
09:45:25.0221 4744 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
09:45:25.0221 4744 nsi - ok
09:45:25.0252 4744 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:45:25.0252 4744 nsiproxy - ok
09:45:25.0315 4744 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:45:25.0330 4744 Ntfs - ok
09:45:25.0346 4744 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:45:25.0346 4744 ntrigdigi - ok
09:45:25.0361 4744 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:45:25.0361 4744 Null - ok
09:45:25.0377 4744 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
09:45:25.0377 4744 nvraid - ok
09:45:25.0393 4744 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
09:45:25.0393 4744 nvstor - ok
09:45:25.0408 4744 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:45:25.0408 4744 nv_agp - ok
09:45:25.0408 4744 NwlnkFlt - ok
09:45:25.0408 4744 NwlnkFwd - ok
09:45:25.0439 4744 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
09:45:25.0439 4744 ohci1394 - ok
09:45:25.0486 4744 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:45:25.0486 4744 ose - ok
09:45:25.0720 4744 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:45:25.0751 4744 osppsvc - ok
09:45:25.0876 4744 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:45:25.0892 4744 p2pimsvc - ok
09:45:25.0892 4744 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:45:25.0892 4744 p2psvc - ok
09:45:25.0939 4744 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
09:45:25.0939 4744 Parport - ok
09:45:25.0970 4744 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
09:45:25.0970 4744 partmgr - ok
09:45:25.0970 4744 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
09:45:25.0970 4744 Parvdm - ok
09:45:26.0001 4744 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
09:45:26.0001 4744 PcaSvc - ok
09:45:26.0017 4744 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:45:26.0017 4744 pci - ok
09:45:26.0048 4744 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
09:45:26.0048 4744 pciide - ok
09:45:26.0063 4744 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:45:26.0063 4744 pcmcia - ok
09:45:26.0126 4744 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:45:26.0141 4744 PEAUTH - ok
09:45:26.0235 4744 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
09:45:26.0266 4744 pla - ok
09:45:26.0329 4744 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
09:45:26.0329 4744 PlugPlay - ok
09:45:26.0375 4744 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:45:26.0375 4744 PNRPAutoReg - ok
09:45:26.0391 4744 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
09:45:26.0391 4744 PNRPsvc - ok
09:45:26.0453 4744 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
09:45:26.0469 4744 PolicyAgent - ok
09:45:26.0531 4744 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:45:26.0531 4744 PptpMiniport - ok
09:45:26.0547 4744 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:45:26.0547 4744 Processor - ok
09:45:26.0578 4744 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
09:45:26.0594 4744 ProfSvc - ok
09:45:26.0609 4744 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:45:26.0609 4744 ProtectedStorage - ok
09:45:26.0641 4744 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:45:26.0641 4744 PSched - ok
09:45:26.0703 4744 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:45:26.0719 4744 ql2300 - ok
09:45:26.0734 4744 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:45:26.0734 4744 ql40xx - ok
09:45:26.0781 4744 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
09:45:26.0781 4744 QWAVE - ok
09:45:26.0797 4744 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:45:26.0797 4744 QWAVEdrv - ok
09:45:26.0812 4744 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:45:26.0812 4744 RasAcd - ok
09:45:26.0843 4744 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
09:45:26.0843 4744 RasAuto - ok
09:45:26.0875 4744 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:45:26.0875 4744 Rasl2tp - ok
09:45:26.0906 4744 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
09:45:26.0906 4744 RasMan - ok
09:45:26.0953 4744 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:45:26.0953 4744 RasPppoe - ok
09:45:26.0984 4744 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:45:26.0984 4744 RasSstp - ok
09:45:26.0999 4744 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:45:26.0999 4744 rdbss - ok
09:45:27.0031 4744 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:45:27.0031 4744 RDPCDD - ok
09:45:27.0046 4744 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
09:45:27.0062 4744 rdpdr - ok
09:45:27.0062 4744 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:45:27.0062 4744 RDPENCDD - ok
09:45:27.0093 4744 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
09:45:27.0109 4744 RDPWD - ok
09:45:27.0140 4744 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
09:45:27.0140 4744 RemoteAccess - ok
09:45:27.0155 4744 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
09:45:27.0171 4744 RemoteRegistry - ok
09:45:27.0187 4744 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
09:45:27.0187 4744 RpcLocator - ok
09:45:27.0218 4744 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
09:45:27.0233 4744 RpcSs - ok
09:45:27.0249 4744 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:45:27.0249 4744 rspndr - ok
09:45:27.0249 4744 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
09:45:27.0265 4744 SamSs - ok
09:45:27.0280 4744 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:45:27.0280 4744 sbp2port - ok
09:45:27.0296 4744 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
09:45:27.0296 4744 SCardSvr - ok
09:45:27.0327 4744 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
09:45:27.0358 4744 Schedule - ok
09:45:27.0358 4744 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
09:45:27.0358 4744 SCPolicySvc - ok
09:45:27.0389 4744 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
09:45:27.0389 4744 SDRSVC - ok
09:45:27.0405 4744 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:45:27.0405 4744 secdrv - ok
09:45:27.0421 4744 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
09:45:27.0421 4744 seclogon - ok
09:45:27.0436 4744 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
09:45:27.0436 4744 SENS - ok
09:45:27.0452 4744 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
09:45:27.0452 4744 Serenum - ok
09:45:27.0467 4744 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
09:45:27.0483 4744 Serial - ok
09:45:27.0499 4744 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:45:27.0499 4744 sermouse - ok
09:45:27.0530 4744 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
09:45:27.0530 4744 SessionEnv - ok
09:45:27.0545 4744 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
09:45:27.0545 4744 sffdisk - ok
09:45:27.0561 4744 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
09:45:27.0561 4744 sffp_mmc - ok
09:45:27.0577 4744 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
09:45:27.0577 4744 sffp_sd - ok
09:45:27.0608 4744 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:45:27.0608 4744 sfloppy - ok
09:45:27.0623 4744 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
09:45:27.0623 4744 SharedAccess - ok
09:45:27.0655 4744 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
09:45:27.0670 4744 ShellHWDetection - ok
09:45:27.0701 4744 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:45:27.0701 4744 sisagp - ok
09:45:27.0701 4744 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:45:27.0717 4744 SiSRaid2 - ok
09:45:27.0717 4744 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:45:27.0733 4744 SiSRaid4 - ok
09:45:27.0920 4744 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
09:45:27.0982 4744 slsvc - ok
09:45:28.0076 4744 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
09:45:28.0076 4744 SLUINotify - ok
09:45:28.0107 4744 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:45:28.0107 4744 Smb - ok
09:45:28.0123 4744 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
09:45:28.0123 4744 SNMPTRAP - ok
09:45:28.0138 4744 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:45:28.0138 4744 spldr - ok
09:45:28.0154 4744 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
09:45:28.0154 4744 Spooler - ok
09:45:28.0201 4744 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:45:28.0201 4744 srv - ok
09:45:28.0216 4744 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:45:28.0232 4744 srv2 - ok
09:45:28.0247 4744 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:45:28.0247 4744 srvnet - ok
09:45:28.0263 4744 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
09:45:28.0279 4744 SSDPSRV - ok
09:45:28.0310 4744 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
09:45:28.0325 4744 SstpSvc - ok
09:45:28.0357 4744 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
09:45:28.0372 4744 stisvc - ok
09:45:28.0388 4744 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:45:28.0388 4744 swenum - ok
09:45:28.0419 4744 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
09:45:28.0435 4744 swprv - ok
09:45:28.0466 4744 sxuptp (ba85c804a15a300b6fbe0d6daa17f0d2) C:\Windows\system32\DRIVERS\sxuptp.sys
09:45:28.0466 4744 sxuptp - ok
09:45:28.0481 4744 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:45:28.0481 4744 Symc8xx - ok
09:45:28.0497 4744 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:45:28.0497 4744 Sym_hi - ok
09:45:28.0513 4744 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:45:28.0513 4744 Sym_u3 - ok
09:45:28.0544 4744 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
09:45:28.0575 4744 SysMain - ok
09:45:28.0591 4744 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
09:45:28.0591 4744 TabletInputService - ok
09:45:28.0622 4744 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
09:45:28.0637 4744 TapiSrv - ok
09:45:28.0669 4744 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
09:45:28.0669 4744 TBS - ok
09:45:28.0731 4744 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
09:45:28.0747 4744 Tcpip - ok
09:45:28.0762 4744 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
09:45:28.0762 4744 Tcpip6 - ok
09:45:28.0778 4744 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
09:45:28.0778 4744 tcpipreg - ok
09:45:28.0793 4744 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:45:28.0793 4744 TDPIPE - ok
09:45:28.0809 4744 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:45:28.0825 4744 TDTCP - ok
09:45:28.0840 4744 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:45:28.0840 4744 tdx - ok
09:45:28.0871 4744 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:45:28.0871 4744 TermDD - ok
09:45:28.0903 4744 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
09:45:28.0918 4744 TermService - ok
09:45:28.0949 4744 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
09:45:28.0949 4744 Themes - ok
09:45:28.0965 4744 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
09:45:28.0965 4744 THREADORDER - ok
09:45:28.0996 4744 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
09:45:28.0996 4744 TrkWks - ok
09:45:29.0027 4744 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
09:45:29.0027 4744 TrustedInstaller - ok
09:45:29.0043 4744 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:45:29.0043 4744 tssecsrv - ok
09:45:29.0074 4744 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:45:29.0074 4744 tunmp - ok
09:45:29.0090 4744 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:45:29.0090 4744 tunnel - ok
09:45:29.0121 4744 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:45:29.0121 4744 uagp35 - ok
09:45:29.0152 4744 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:45:29.0168 4744 udfs - ok
09:45:29.0199 4744 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
09:45:29.0199 4744 UI0Detect - ok
09:45:29.0215 4744 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:45:29.0215 4744 uliagpkx - ok
09:45:29.0230 4744 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:45:29.0246 4744 uliahci - ok
09:45:29.0261 4744 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:45:29.0261 4744 UlSata - ok
09:45:29.0277 4744 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:45:29.0277 4744 ulsata2 - ok
09:45:29.0308 4744 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:45:29.0308 4744 umbus - ok
09:45:29.0339 4744 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
09:45:29.0355 4744 UmRdpService - ok
09:45:29.0386 4744 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
09:45:29.0386 4744 upnphost - ok
09:45:29.0417 4744 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:45:29.0417 4744 usbccgp - ok
09:45:29.0433 4744 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:45:29.0449 4744 usbcir - ok
09:45:29.0464 4744 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:45:29.0464 4744 usbehci - ok
09:45:29.0480 4744 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:45:29.0495 4744 usbhub - ok
09:45:29.0511 4744 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:45:29.0511 4744 usbohci - ok
09:45:29.0542 4744 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:45:29.0542 4744 usbprint - ok
09:45:29.0558 4744 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:45:29.0558 4744 usbscan - ok
09:45:29.0573 4744 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:45:29.0573 4744 USBSTOR - ok
09:45:29.0589 4744 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:45:29.0589 4744 usbuhci - ok
09:45:29.0589 4744 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
09:45:29.0605 4744 UxSms - ok
09:45:29.0636 4744 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
09:45:29.0636 4744 vds - ok
09:45:29.0667 4744 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:45:29.0683 4744 vga - ok
09:45:29.0698 4744 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:45:29.0698 4744 VgaSave - ok
09:45:29.0714 4744 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:45:29.0714 4744 viaagp - ok
09:45:29.0729 4744 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:45:29.0729 4744 ViaC7 - ok
09:45:29.0745 4744 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
09:45:29.0745 4744 viaide - ok
09:45:29.0761 4744 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:45:29.0761 4744 volmgr - ok
09:45:29.0776 4744 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:45:29.0792 4744 volmgrx - ok
09:45:29.0823 4744 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:45:29.0839 4744 volsnap - ok
09:45:29.0854 4744 vpnva - ok
09:45:29.0885 4744 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:45:29.0885 4744 vsmraid - ok
09:45:29.0948 4744 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
09:45:29.0963 4744 VSS - ok
09:45:29.0995 4744 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
09:45:30.0010 4744 W32Time - ok
09:45:30.0057 4744 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:45:30.0057 4744 WacomPen - ok
09:45:30.0073 4744 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:45:30.0073 4744 Wanarp - ok
09:45:30.0073 4744 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:45:30.0073 4744 Wanarpv6 - ok
09:45:30.0135 4744 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
09:45:30.0166 4744 wbengine - ok
09:45:30.0197 4744 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
09:45:30.0213 4744 wcncsvc - ok
09:45:30.0229 4744 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
09:45:30.0229 4744 WcsPlugInService - ok
09:45:30.0244 4744 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
09:45:30.0244 4744 Wd - ok
09:45:30.0275 4744 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:45:30.0291 4744 Wdf01000 - ok
09:45:30.0307 4744 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:45:30.0307 4744 WdiServiceHost - ok
09:45:30.0307 4744 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
09:45:30.0307 4744 WdiSystemHost - ok
09:45:30.0338 4744 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
09:45:30.0353 4744 WebClient - ok
09:45:30.0385 4744 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
09:45:30.0385 4744 Wecsvc - ok
09:45:30.0400 4744 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
09:45:30.0416 4744 wercplsupport - ok
09:45:30.0447 4744 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
09:45:30.0447 4744 WerSvc - ok
09:45:30.0494 4744 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
09:45:30.0509 4744 WinDefend - ok
09:45:30.0509 4744 WinHttpAutoProxySvc - ok
09:45:30.0541 4744 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
09:45:30.0541 4744 Winmgmt - ok
09:45:30.0619 4744 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
09:45:30.0634 4744 WinRM - ok
09:45:30.0681 4744 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
09:45:30.0712 4744 Wlansvc - ok
09:45:30.0728 4744 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
09:45:30.0728 4744 WmiAcpi - ok
09:45:30.0759 4744 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
09:45:30.0759 4744 wmiApSrv - ok
09:45:30.0821 4744 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:45:30.0837 4744 WMPNetworkSvc - ok
09:45:30.0853 4744 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
09:45:30.0853 4744 WPCSvc - ok
09:45:30.0884 4744 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
09:45:30.0884 4744 WPDBusEnum - ok
09:45:30.0977 4744 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:45:30.0993 4744 WPFFontCache_v0400 - ok
09:45:31.0009 4744 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:45:31.0009 4744 ws2ifsl - ok
09:45:31.0040 4744 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
09:45:31.0040 4744 wscsvc - ok
09:45:31.0040 4744 WSearch - ok
09:45:31.0149 4744 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
09:45:31.0165 4744 wuauserv - ok
09:45:31.0243 4744 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:45:31.0243 4744 WUDFRd - ok
09:45:31.0274 4744 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
09:45:31.0274 4744 wudfsvc - ok
09:45:31.0336 4744 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
09:45:31.0336 4744 yukonwlh - ok
09:45:31.0352 4744 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:45:31.0508 4744 \Device\Harddisk0\DR0 - ok
09:45:31.0508 4744 Boot (0x1200) (490224c4476c90b115fd5f40265591ad) \Device\Harddisk0\DR0\Partition0
09:45:31.0508 4744 \Device\Harddisk0\DR0\Partition0 - ok
09:45:31.0508 4744 ============================================================
09:45:31.0508 4744 Scan finished
09:45:31.0508 4744 ============================================================
09:45:31.0523 3348 Detected object count: 0
09:45:31.0523 3348 Actual detected object count: 0
09:45:58.0792 3744 Deinitialize success
appreciateshelp
Regular Member
 
Posts: 22
Joined: December 6th, 2011, 4:56 pm

Re: Slow, periodocally shuts down one of multi-monitors

Unread postby askey127 » August 13th, 2012, 11:17 am

appreciateshelp,
-----------------------------------------
Check hard Drive for Errors
Open Notepad... then copy and paste the following line into Notepad:
(Notepad is in Start, Programs, Accessories)
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"

Now Save the NotePad file like this:
  • Click on File from the top menu bar.
  • Select Save As, use Filename: testhd.bat and Save As Type: All Files.
  • Choose Desktop as the location
  • Click Save.
Right click on testhd.bat on your desktop and select Run As Administrator to run it. OK the UAC.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the checkhd.txt file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Slow, periodocally shuts down one of multi-monitors

Unread postby appreciateshelp » August 13th, 2012, 12:48 pm

Askey127,

System did not request UAC OK. Ran chkdsk, here is log.
Thank you.

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
477 large file records processed.

0 bad file records processed.

2 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
21403 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

312568831 KB total disk space.
90543196 KB in 102397 files.
65648 KB in 21404 indexes.
0 KB in bad sectors.
441255 KB in use by the system.
65536 KB occupied by the log file.
221518732 KB available on disk.

4096 bytes in each allocation unit.
78142207 total allocation units on disk.
55379683 allocation units available on disk.
appreciateshelp
Regular Member
 
Posts: 22
Joined: December 6th, 2011, 4:56 pm

Re: Slow, periodocally shuts down one of multi-monitors

Unread postby askey127 » August 13th, 2012, 2:11 pm

appreciateshelp,
This is sort of a detective story..
I am still in the process of analyzing your last log, but your machine does not seem to be reporting any software reason for the shutdowns.

We will check the integrity of RAM memory: see below.....
This type of failure can also be caused by a defective graphics card or power supply as well.

But first, be aware that all Central Processors are designed to shut down, without warning, when their operating temperature limit is exceeded.
This means that your symptoms can be easily caused by Fan air holes blocked with dust, or a fan that has stopped working inside the case.
It's common for any fan on the side ior back of the case to have restricted airflow from dust.
You should probably unplug the PC, remove the case or cover and carefully vacuum out the inside, along with all the air vent holes. The round brush is good for this.
While the case is open, check that any cards plugged into main board sockets are firmly seated.
Then plug in the AC Poewer again, with the case or cover still off, and check that all the fan(s) are running.

---------------------------------------------------------------
Test Memory Chips for Problems
This test restarts the machine, so when you run it, make sure all other programs are closed first.
Go to Start and type mdsched into the box.
Choose "Memory Diagnostics Tool" or "Diagnose Your Computer's Memory Problems" above, if necessary.
OK the User Account Control ,if required.
At the popup, choose Restart Now and Check For Problems (recommended)
The computer will shut down and begin the Memory test as it restarts.
This test may take 5-10 minutes to complete.
You can watch the screen to see whether it detects any problems.
When it is finished, it will Reboot the machine automatically. Sign in to your usual account.
There will be a small popup in the Notification Area (Lower right near the clock) verifying the results.

Let me know how it goes, and what you see.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Slow, periodocally shuts down one of multi-monitors

Unread postby askey127 » August 16th, 2012, 1:03 pm

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 74 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware