Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow start up, cpu power draining for no reason.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 24th, 2010, 8:01 pm

Hello deltalima! Thanks alot for all your help!

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"

This dosnt seem to work the black window disappears in 1 second and no checkhd file is created.
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm
Advertisement
Register to Remove

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 24th, 2010, 8:21 pm

It may be a language issue. Please replace desktop with the word for desktop in your language and try again.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 25th, 2010, 12:46 am

Hello deltalima :) Merry Christmas again and thanks for all your help here is the log!


Cmd chkdsk scan:


Filsystemet „r av typen NTFS.

Varning! Parametern /F har inte angetts.
CHKDSK k”rs i skrivskyddat l„ge.

CHKDSK verifierar filer (steg 1 av 3)...
0 procent klart.
1 procent klart.
2 procent klart.
3 procent klart.
4 procent klart.
5 procent klart.
6 procent klart.
7 procent klart.
8 procent klart.
9 procent klart.
10 procent klart.
11 procent klart.
12 procent klart.
13 procent klart.
14 procent klart.
15 procent klart.
16 procent klart.
17 procent klart.
18 procent klart.
19 procent klart.
20 procent klart.
21 procent klart.
22 procent klart.
23 procent klart.
24 procent klart.
25 procent klart.
CHKDSK verifierar index (steg 2 av 3)...
0 procent klart.
1 procent klart.
2 procent klart.
3 procent klart.
4 procent klart.
5 procent klart.
6 procent klart.
7 procent klart.
8 procent klart.
9 procent klart.
10 procent klart.
11 procent klart.
12 procent klart.
13 procent klart.
14 procent klart.
15 procent klart.
16 procent klart.
17 procent klart.
18 procent klart.
19 procent klart.
20 procent klart.
21 procent klart.
22 procent klart.
23 procent klart.
24 procent klart.
25 procent klart.
Tar bort indexposten SESSIO~1.JS i indexet $I30 i filen 41596.
70 procent klart.
71 procent klart.
72 procent klart.
73 procent klart.
74 procent klart.
75 procent klart.
76 procent klart.
77 procent klart.
78 procent klart.
79 procent klart.
80 procent klart.
81 procent klart.
82 procent klart.
Tar bort indexposten f404b885175aea566a3c4de152dfe1091637c303.file i indexet $I30 i filen 97946.
Tar bort indexposten F404B8~1.FI~ i indexet $I30 i filen 97946.
83 procent klart.
84 procent klart.
85 procent klart.
86 procent klart.
Tar bort indexposten 304db9c9ea79c06312cc9cdc6795567e5e8fe9ba.file i indexet $I30 i filen 122100.
Tar bort indexposten 304DB9~1.FI~ i indexet $I30 i filen 122100.
87 procent klart.
88 procent klart.
89 procent klart.
90 procent klart.
91 procent klart.
92 procent klart.
93 procent klart.
94 procent klart.
Tar bort indexposten e12c674cf07ef78d3797f10f236706aa55046620.file i indexet $I30 i filen 152498.
Tar bort indexposten E12C67~1.FI~ i indexet $I30 i filen 152498.
Tar bort indexposten e3be2beed7350fc1cb155ac6fb3368686144aeb0.file i indexet $I30 i filen 157726.
Tar bort indexposten E3BE2B~1.FI~ i indexet $I30 i filen 157726.
95 procent klart.
Tar bort indexposten f751dc2299ebf0c0269115d915e468a25f2f49fa.file i indexet $I30 i filen 160410.
Tar bort indexposten F751DC~1.FI~ i indexet $I30 i filen 160410.
96 procent klart.
97 procent klart.
98 procent klart.
99 procent klart.
100 procent klart.
Indexverifieringen „r klar.

CHKDSK hittade fel och kan inte forts„tta i skrivskyddat l„ge.
Filsystemet „r av typen NTFS.
Volymetiketten „r WD 640.

Varning! Parametern /F har inte angetts.
CHKDSK k”rs i skrivskyddat l„ge.

CHKDSK verifierar filer (steg 1 av 3)...
0 procent klart.
1 procent klart.
2 procent klart.
3 procent klart.
4 procent klart.
5 procent klart.
6 procent klart.
7 procent klart.
8 procent klart.
9 procent klart.
10 procent klart.
11 procent klart.
12 procent klart.
13 procent klart.
14 procent klart.
15 procent klart.
16 procent klart.
17 procent klart.
18 procent klart.
19 procent klart.
20 procent klart.
21 procent klart.
22 procent klart.
23 procent klart.
24 procent klart.
25 procent klart.
CHKDSK verifierar index (steg 2 av 3)...
0 procent klart.
1 procent klart.
2 procent klart.
3 procent klart.
4 procent klart.
5 procent klart.
6 procent klart.
7 procent klart.
8 procent klart.
9 procent klart.
10 procent klart.
11 procent klart.
12 procent klart.
13 procent klart.
14 procent klart.
15 procent klart.
16 procent klart.
17 procent klart.
18 procent klart.
19 procent klart.
20 procent klart.
21 procent klart.
22 procent klart.
23 procent klart.
24 procent klart.
25 procent klart.
CHKDSK verifierar s„kerhetsbeskrivningar (steg 3 av 3)...
0 procent klart.
1 procent klart.
2 procent klart.
3 procent klart.
4 procent klart.
5 procent klart.
6 procent klart.
7 procent klart.
8 procent klart.
9 procent klart.
10 procent klart.
11 procent klart.
12 procent klart.
13 procent klart.
14 procent klart.
15 procent klart.
16 procent klart.
17 procent klart.
18 procent klart.
19 procent klart.
20 procent klart.
21 procent klart.
22 procent klart.
23 procent klart.
24 procent klart.
25 procent klart.

625129280 kB diskutrymme totalt.
596939960 kB i 4086 filer.
3168 kB i 358 index.
0 kB i skadade sektorer.
91712 kB anv„nds av operativsystemet.
65536 kB h†rddisksutrymme anv„nds av loggfilen.
28094440 kB ledigt utrymme.

4096 byte i varje allokeringsenhet.
156282320 allokeringsenheter finns totalt p† disken.
7023610 allokeringsenheter „r tillg„ngliga p† disken.
Filsystemet „r av typen NTFS.
Volymetiketten „r WD 1TB.

Varning! Parametern /F har inte angetts.
CHKDSK k”rs i skrivskyddat l„ge.

CHKDSK verifierar filer (steg 1 av 3)...
0 procent klart.
1 procent klart.
2 procent klart.
3 procent klart.
4 procent klart.
5 procent klart.
6 procent klart.
7 procent klart.
8 procent klart.
9 procent klart.
10 procent klart.
11 procent klart.
12 procent klart.
13 procent klart.
14 procent klart.
15 procent klart.
16 procent klart.
17 procent klart.
18 procent klart.
19 procent klart.
20 procent klart.
21 procent klart.
22 procent klart.
23 procent klart.
24 procent klart.
25 procent klart.
CHKDSK verifierar index (steg 2 av 3)...
0 procent klart.
1 procent klart.
2 procent klart.
3 procent klart.
4 procent klart.
5 procent klart.
6 procent klart.
7 procent klart.
8 procent klart.
9 procent klart.
10 procent klart.
11 procent klart.
12 procent klart.
13 procent klart.
14 procent klart.
15 procent klart.
16 procent klart.
17 procent klart.
18 procent klart.
19 procent klart.
20 procent klart.
21 procent klart.
22 procent klart.
23 procent klart.
24 procent klart.
25 procent klart.
CHKDSK verifierar s„kerhetsbeskrivningar (steg 3 av 3)...
0 procent klart.
1 procent klart.
2 procent klart.
3 procent klart.
4 procent klart.
5 procent klart.
6 procent klart.
7 procent klart.
8 procent klart.
9 procent klart.
10 procent klart.
11 procent klart.
12 procent klart.
13 procent klart.
14 procent klart.
15 procent klart.
16 procent klart.
17 procent klart.
18 procent klart.
19 procent klart.
20 procent klart.
21 procent klart.
22 procent klart.
23 procent klart.
24 procent klart.
25 procent klart.

976760000 kB diskutrymme totalt.
947542516 kB i 3212 filer.
2176 kB i 458 index.
0 kB i skadade sektorer.
100808 kB anv„nds av operativsystemet.
65536 kB h†rddisksutrymme anv„nds av loggfilen.
29114500 kB ledigt utrymme.

4096 byte i varje allokeringsenhet.
244190000 allokeringsenheter finns totalt p† disken.
7278625 allokeringsenheter „r tillg„ngliga p† disken.
Filsystemet „r av typen NTFS.
Volymetiketten „r WD 2TB G.

Varning! Parametern /F har inte angetts.
CHKDSK k”rs i skrivskyddat l„ge.

CHKDSK verifierar filer (steg 1 av 3)...
0 procent klart.
1 procent klart.
2 procent klart.
3 procent klart.
4 procent klart.
5 procent klart.
6 procent klart.
7 procent klart.
8 procent klart.
9 procent klart.
10 procent klart.
11 procent klart.
12 procent klart.
13 procent klart.
14 procent klart.
15 procent klart.
16 procent klart.
17 procent klart.
18 procent klart.
19 procent klart.
20 procent klart.
21 procent klart.
22 procent klart.
23 procent klart.
24 procent klart.
25 procent klart.
CHKDSK verifierar index (steg 2 av 3)...
0 procent klart.
1 procent klart.
2 procent klart.
3 procent klart.
4 procent klart.
5 procent klart.
6 procent klart.
7 procent klart.
8 procent klart.
9 procent klart.
10 procent klart.
11 procent klart.
12 procent klart.
13 procent klart.
14 procent klart.
15 procent klart.
16 procent klart.
17 procent klart.
18 procent klart.
19 procent klart.
20 procent klart.
21 procent klart.
22 procent klart.
23 procent klart.
24 procent klart.
25 procent klart.
CHKDSK verifierar s„kerhetsbeskrivningar (steg 3 av 3)...
0 procent klart.
1 procent klart.
2 procent klart.
3 procent klart.
4 procent klart.
5 procent klart.
6 procent klart.
7 procent klart.
8 procent klart.
9 procent klart.
10 procent klart.
11 procent klart.
12 procent klart.
13 procent klart.
14 procent klart.
15 procent klart.
16 procent klart.
17 procent klart.
18 procent klart.
19 procent klart.
20 procent klart.
21 procent klart.
22 procent klart.
23 procent klart.
24 procent klart.
25 procent klart.

1953512000 kB diskutrymme totalt.
1261344188 kB i 5266 filer.
2956 kB i 478 index.
0 kB i skadade sektorer.
131348 kB anv„nds av operativsystemet.
65536 kB h†rddisksutrymme anv„nds av loggfilen.
692033508 kB ledigt utrymme.

4096 byte i varje allokeringsenhet.
488378000 allokeringsenheter finns totalt p† disken.
173008377 allokeringsenheter „r tillg„ngliga p† disken.
Filsystemet „r av typen NTFS.
Volymetiketten „r WD.

Varning! Parametern /F har inte angetts.
CHKDSK k”rs i skrivskyddat l„ge.

CHKDSK verifierar filer (steg 1 av 3)...
0 procent klart.
1 procent klart.
2 procent klart.
3 procent klart.
4 procent klart.
5 procent klart.
6 procent klart.
7 procent klart.
8 procent klart.
9 procent klart.
10 procent klart.
11 procent klart.
12 procent klart.
13 procent klart.
14 procent klart.
15 procent klart.
16 procent klart.
17 procent klart.
18 procent klart.
19 procent klart.
20 procent klart.
21 procent klart.
22 procent klart.
23 procent klart.
24 procent klart.
25 procent klart.
CHKDSK verifierar index (steg 2 av 3)...
0 procent klart.
1 procent klart.
2 procent klart.
3 procent klart.
4 procent klart.
5 procent klart.
6 procent klart.
7 procent klart.
8 procent klart.
9 procent klart.
10 procent klart.
11 procent klart.
12 procent klart.
13 procent klart.
14 procent klart.
15 procent klart.
16 procent klart.
17 procent klart.
18 procent klart.
19 procent klart.
20 procent klart.
21 procent klart.
22 procent klart.
23 procent klart.
24 procent klart.
25 procent klart.
CHKDSK verifierar s„kerhetsbeskrivningar (steg 3 av 3)...
0 procent klart.
1 procent klart.
2 procent klart.
3 procent klart.
4 procent klart.
5 procent klart.
6 procent klart.
7 procent klart.
8 procent klart.
9 procent klart.
10 procent klart.
11 procent klart.
12 procent klart.
13 procent klart.
14 procent klart.
15 procent klart.
16 procent klart.
17 procent klart.
18 procent klart.
19 procent klart.
20 procent klart.
21 procent klart.
22 procent klart.
23 procent klart.
24 procent klart.
25 procent klart.

354177022 kB diskutrymme totalt.
315517212 kB i 12189 filer.
5660 kB i 510 index.
0 kB i skadade sektorer.
89714 kB anv„nds av operativsystemet.
65536 kB h†rddisksutrymme anv„nds av loggfilen.
38564436 kB ledigt utrymme.

4096 byte i varje allokeringsenhet.
88544255 allokeringsenheter finns totalt p† disken.
9641109 allokeringsenheter „r tillg„ngliga p† disken.

Over and out!
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 25th, 2010, 5:45 am

Hi Jacob A,

Those look good to me, but I have trouble with the language. Please give me a summary of the results and if anything other than indexing problems were detected.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 25th, 2010, 9:28 am

Hello deltalima all other harddrives then c: looks ok will translate some things from that log!

The first harddrive c: looks like it didnt run the whole scan:

Filsystemet „r av typen NTFS.

Varning! Parametern /F har inte angetts.

Warning! Parameter /F has not been given.

CHKDSK k”rs i skrivskyddat l„ge.

CHKDSK is running in write protect mode.

CHKDSK verifierar filer (steg 1 av 3)...
0 procent klart.
1 procent klart.
2 procent klart.
3 procent klart.
4 procent klart.
5 procent klart.
6 procent klart.
7 procent klart.
8 procent klart.
9 procent klart.
10 procent klart.
11 procent klart.
12 procent klart.
13 procent klart.
14 procent klart.
15 procent klart.
16 procent klart.
17 procent klart.
18 procent klart.
19 procent klart.
20 procent klart.
21 procent klart.
22 procent klart.
23 procent klart.
24 procent klart.
25 procent klart.
CHKDSK verifierar index (steg 2 av 3)...
0 procent klart.
1 procent klart.
2 procent klart.
3 procent klart.
4 procent klart.
5 procent klart.
6 procent klart.
7 procent klart.
8 procent klart.
9 procent klart.
10 procent klart.
11 procent klart.
12 procent klart.
13 procent klart.
14 procent klart.
15 procent klart.
16 procent klart.
17 procent klart.
18 procent klart.
19 procent klart.
20 procent klart.
21 procent klart.
22 procent klart.
23 procent klart.
24 procent klart.
25 procent klart.
Tar bort indexposten SESSIO~1.JS i indexet $I30 i filen 41596.
70 procent klart.
71 procent klart.
72 procent klart.
73 procent klart.
74 procent klart.
75 procent klart.
76 procent klart.
77 procent klart.
78 procent klart.
79 procent klart.
80 procent klart.
81 procent klart.
82 procent klart.
Tar bort indexposten f404b885175aea566a3c4de152dfe1091637c303.file i indexet $I30 i filen 97946.
Tar bort indexposten F404B8~1.FI~ i indexet $I30 i filen 97946.
83 procent klart.
84 procent klart.
85 procent klart.
86 procent klart.
Tar bort indexposten 304db9c9ea79c06312cc9cdc6795567e5e8fe9ba.file i indexet $I30 i filen 122100.
Tar bort indexposten 304DB9~1.FI~ i indexet $I30 i filen 122100.
87 procent klart.
88 procent klart.
89 procent klart.
90 procent klart.
91 procent klart.
92 procent klart.
93 procent klart.
94 procent klart.
Tar bort indexposten e12c674cf07ef78d3797f10f236706aa55046620.file i indexet $I30 i filen 152498.
Tar bort indexposten E12C67~1.FI~ i indexet $I30 i filen 152498.
Tar bort indexposten e3be2beed7350fc1cb155ac6fb3368686144aeb0.file i indexet $I30 i filen 157726.
Tar bort indexposten E3BE2B~1.FI~ i indexet $I30 i filen 157726.
95 procent klart.
Tar bort indexposten f751dc2299ebf0c0269115d915e468a25f2f49fa.file i indexet $I30 i filen 160410.
Tar bort indexposten F751DC~1.FI~ i indexet $I30 i filen 160410.
96 procent klart.
97 procent klart.
98 procent klart.
99 procent klart.
100 procent klart.
Indexverifieringen „r klar.

CHKDSK hittade fel och kan inte forts„tta i skrivskyddat l„ge.

CHKDSK found errors and can not continue in write protect mode.

Over and out!
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 25th, 2010, 5:12 pm

Hi Jacob A,

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight Ask Toolbar
    click Remove
    highlight Java(TM) 6 Update 7
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 26th, 2010, 10:00 am

Hello deltalima removed the programs and here you have the log!

Had to delete the files text content since : Your message contains 438222 characters. The maximum number of allowed characters is 100000.
All of them were hidden files in World of Warcraft folder.


RkU Scan:


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB3129000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 5894144 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xA1F16000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 5226496 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBD241000 C:\WINDOWS\System32\ati3duag.dll 3985408 bytes (ATI Technologies Inc. , ati3duag.dll)
0xBD60E000 C:\WINDOWS\System32\ativvaxx.dll 2670592 bytes (Advanced Micro Devices, Inc. , Radeon Video Acceleration Universal Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT:s kernel och system)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Win32-drivrutin för flera användare)
0xB7EAE000 PCI_PNP1272 1019904 bytes
0xB7EAE000 spgv.sys 1019904 bytes
0xB7EAE000 sptd 1019904 bytes
0xBD060000 C:\WINDOWS\System32\ati2cqag.dll 765952 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBD11B000 C:\WINDOWS\System32\atikvmag.dll 716800 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xB7CDB000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBD1CA000 C:\WINDOWS\System32\atiok3x2.dll 487424 bytes (Advanced Micro Devices, Inc., Ring 0 x2 component)
0xA1D5B000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAE454000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA1E66000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9DD9F000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBD012000 C:\WINDOWS\System32\ati2dvag.dll 319488 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9D8B5000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAE52D000 C:\WINDOWS\System32\Drivers\ao7imjj1.SYS 233472 bytes (Promise Technology, Inc., Promise FastTrak TX4650/2650 Driver for Windows family)
0xB7DC4000 FTT3.sys 221184 bytes (Promise Technology, Inc., Promise FastTrak TX4650/2650 Driver for Windows family)
0xAE4D5000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB7E68000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI-drivrutin för NT)
0x9E104000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB7CAE000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x991F5000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA1DCB000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xAE566000 C:\WINDOWS\system32\DRIVERS\m4cxwxp.sys 172032 bytes (D-Link Corporation, NDIS5.1 Miniport Driver for D-Link DGE-530T Gigabit Ethernet Adapter)
0xAE5B4000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA1E3E000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0x9D513000 C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys 159744 bytes (Norman ASA, NVC MiniFilter)
0xB7E12000 dmio.sys 155648 bytes (Microsoft Corporation, Veritas Software, I/O-drivrutin för NT-diskhanterare)
0xA1E18000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA1EF2000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xAE590000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xAE4B2000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA1DF6000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x9DC16000 C:\Program\CyberLink\PowerDVD8\000.fcl 135168 bytes (Cyberlink Corp., FCL Driver)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB7DA4000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB7E38000 ftdisk.sys 126976 bytes (Microsoft Corporation, Drivrutin för FT Disk)
0xB7C94000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB7DFA000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA1D1B000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB7E96000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB7D7B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xAE516000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9DFFF000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0x9D487000 C:\Program\MSI\DualCoreCenter\RushTop.sys 81920 bytes (Your Corporation, Description string for RushTop driver)
0xAE5DC000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA1EBF000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB7D68000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB7D92000 sr.sys 73728 bytes (Microsoft Corporation, Filterdrivrutin för Systemåterställning)
0xB7E57000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI-uppräknare)
0xAE505000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB2A7B000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB82A8000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB8218000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xB80B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB8298000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Seriell drivrutin)
0xB8178000 C:\WINDOWS\system32\DRIVERS\AmdLLD.sys 61440 bytes (AMD, Inc., AMD Low Level Device Driver)
0xB24D4000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB8238000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB82C8000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Drivrutin för Redbook-ljudfilter)
0x9E0BC000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB8268000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB80C8000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB82D8000 C:\WINDOWS\System32\DRIVERS\AmdK8.sys 57344 bytes (Advanced Micro Devices, AMD Processor Driver)
0xB8108000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB2818000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, Drivrutin för i8042 Port)
0xB3758000 C:\Norman\Ngs\Bin\nprosec.sys 53248 bytes (Norman ASA, Norman Process Security Driver)
0xAE64E000 C:\Program\MSI\DualCoreCenter\NTGLM7X.sys 53248 bytes (MICRO-STAR INT'L CO., LTD., NTGLM7X.sys)
0xB2848000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB80E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Drivrutin för ögonblicksbilder av volymer)
0xB81F8000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xB8198000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB24B4000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Drivrutin för FIPS-krypto)
0xB80D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB2838000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xB80A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bussdrivrutin)
0xB8228000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB8118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB81D8000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB80F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB2E51000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB81E8000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB2494000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9D609000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB8258000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB8430000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB8440000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB83C0000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB84A0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xB12AD000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Tangentbordsklassdrivrutin)
0xB8328000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB16CA000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xAE6D6000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Musklassdrivrutin)
0xB83A8000 C:\WINDOWS\system32\DRIVERS\seehcri.sys 24576 bytes (Sony Ericsson Mobile Communications, seehcri Driver)
0xB84B0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB8348000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xAE6EE000 C:\WINDOWS\system32\DRIVERS\hamachi.sys 20480 bytes (LogMeIn, Inc., Hamachi Virtual Network Interface Driver)
0xB8480000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xB1D43000 c:\norman\ngs\bin\ngs.sys 20480 bytes (Norman ASA, Norman General Security Driver)
0xB8330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xAE716000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xAE6F6000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xAE6E6000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xB1D3B000 C:\WINDOWS\System32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xB8400000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0x9E155000 C:\WINDOWS\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0x9BE36000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xB85A4000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA1BE2000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB857C000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB84B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB2DF5000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB7C54000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB12E7000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, Filterdrivrutin för HID-mus)
0xA18A2000 C:\Norman\Nse\bin\NDISKIO.SYS 12288 bytes (Norman ASA, Low-level disk I/O driver for Windows NT)
0xB38AB000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB8588000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB8558000 C:\WINDOWS\System32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB861E000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xB85AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xB8668000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xB861C000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xB85A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xB8620000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xB8662000 C:\WINDOWS\nvoclock.sys 8192 bytes (NVidia Corp., NVidia System Utility Driver)
0xB8624000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xB8612000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB8614000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xB85AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xB8671000 amdide.sys 4096 bytes (Advanced Micro Devices, AMD PCI SATA/IDE Bus Driver)
0xB171F000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xB2E14000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xAE72B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xB8670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE-bussdrivrutin)
0x8A8DE1F8 unknown_irp_handler 3592 bytes
0x8A8DF1F8 unknown_irp_handler 3592 bytes
0x8A8E01F8 unknown_irp_handler 3592 bytes
0x8A9541F8 unknown_irp_handler 3592 bytes
0x8A498470 unknown_irp_handler 2960 bytes
0x8A4CB470 unknown_irp_handler 2960 bytes
0x8A492470 unknown_irp_handler 2960 bytes
0x8A494470 unknown_irp_handler 2960 bytes
0x8A48C470 unknown_irp_handler 2960 bytes
0x8A507470 unknown_irp_handler 2960 bytes
0x8A4DF470 unknown_irp_handler 2960 bytes
==============================================
>Stealth
==============================================
0x06490000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Wizard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 102400 bytes
0x07120000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 102400 bytes
0x01010000 Hidden Image-->CLI.Component.Eeu.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 1069056 bytes
0x01230000 Hidden Image-->CLI.Foundation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 110592 bytes
0x05090000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 110592 bytes
0x06320000 Hidden Image-->Branding.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 110592 bytes
0x00D20000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x89D08568 ] PID: 1152, 118784 bytes
0x03890000 Hidden Image-->MOM.Implementation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 118784 bytes
0x06DE0000 Hidden Image-->CLI.Component.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 1232896 bytes
0x049E0000 Hidden Image-->CLI.Caste.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 167936 bytes
0x068A0000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Wizard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 1748992 bytes
0x07520000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 192512 bytes
0x06130000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 208896 bytes
0x06A50000 Hidden Image-->CLI.Aspect.InfoCentre.Graphics.Wizard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 217088 bytes
0x070D0000 Hidden Image-->CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 282624 bytes
0x012C0000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x89D08568 ] PID: 1152, 28672 bytes
0x03600000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x89D08568 ] PID: 1152, 28672 bytes
0x01220000 Hidden Image-->MOM.Foundation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x01250000 Hidden Image-->LOG.Foundation.Implementation.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04140000 Hidden Image-->CLI.Component.Runtime.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04450000 Hidden Image-->AEM.Plugin.WinMessages.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x043F0000 Hidden Image-->AEM.Server.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04410000 Hidden Image-->AEM.Plugin.DPPE.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04430000 Hidden Image-->AEM.Plugin.Hotkeys.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04580000 Hidden Image-->DEM.Foundation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x045A0000 Hidden Image-->DEM.Graphics.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04A20000 Hidden Image-->DEM.Graphics.I0709.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04A50000 Hidden Image-->AEM.Plugin.GD.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04A60000 Hidden Image-->AEM.Actions.CCAA.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04A90000 Hidden Image-->ResourceManagement.Foundation.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04BC0000 Hidden Image-->DEM.Graphics.I0804.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x04F40000 Hidden Image-->CLI.Caste.Graphics.Runtime.Shared.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05000000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05100000 Hidden Image-->DEM.Graphics.I0906.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x051A0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05320000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x052C0000 Hidden Image-->CLI.Aspect.HotkeysHandling.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05380000 Hidden Image-->DEM.Graphics.I0706.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05360000 Hidden Image-->DEM.Graphics.I0912.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05390000 Hidden Image-->DEM.Graphics.I0712.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x053F0000 Hidden Image-->DEM.Graphics.I0812.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05410000 Hidden Image-->DEM.Graphics.I0805.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05470000 Hidden Image-->DEM.Graphics.I0703.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05530000 Hidden Image-->atixclib.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05A60000 Hidden Image-->CLI.Caste.HydraVision.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05A90000 Hidden Image-->APM.Foundation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05D00000 Hidden Image-->CLI.Component.Runtime.Extension.EEU.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05CF0000 Hidden Image-->AEM.Plugin.REG.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x05E30000 Hidden Image-->AEM.Plugin.EEU.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x06070000 Hidden Image-->CLI.Component.Wizard.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x06060000 Hidden Image-->CLI.Component.Client.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x060C0000 Hidden Image-->CLI.Component.Dashboard.Shared.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x06100000 Hidden Image-->CLI.Caste.Graphics.Dashboard.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x06350000 Hidden Image-->CLI.Caste.Graphics.Wizard.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x065C0000 Hidden Image-->CLI.Caste.HydraVision.Wizard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x06F10000 Hidden Image-->CLI.Caste.HydraVision.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 28672 bytes
0x03CA0000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x89D08568 ] PID: 1152, 36864 bytes
0x01150000 Hidden Image-->CLI.Aspect.MultiVPU4.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x01170000 Hidden Image-->CLI.Aspect.ALICrossfire.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x01190000 Hidden Image-->CLI.Aspect.PowerXpress.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x038D0000 Hidden Image-->CLI.Foundation.XManifest.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x03990000 Hidden Image-->AxInterop.WBOCXLib.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x03A60000 Hidden Image-->Interop.WBOCXLib.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x041B0000 Hidden Image-->NEWAEM.Foundation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x04F50000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x04FE0000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x04FF0000 Hidden Image-->CLI.Aspect.CustomFormats.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x05020000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x05160000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x05150000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x05A50000 Hidden Image-->CLI.Caste.HydraVision.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x06080000 Hidden Image-->CLI.Component.Wizard.Shared.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x060A0000 Hidden Image-->CLI.Component.Dashboard.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 36864 bytes
0x071B0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 389120 bytes
0x04960000 Hidden Image-->CLI.Caste.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 397312 bytes
0x07140000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 405504 bytes
0x07220000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 405504 bytes
0x05FF0000 Hidden Image-->CLI.Component.Wizard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 413696 bytes
0x06540000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Wizard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 421888 bytes
0x07010000 Hidden Image-->CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 421888 bytes
0x01220000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x89D08568 ] PID: 1152, 45056 bytes
0x01290000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x89D08568 ] PID: 1152, 45056 bytes
0x03C90000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x89D08568 ] PID: 1152, 45056 bytes
0x00D20000 Hidden Image-->CCC.Implementation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 45056 bytes
0x01210000 Hidden Image-->LOG.Foundation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 45056 bytes
0x01290000 Hidden Image-->LOG.Foundation.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 45056 bytes
0x04150000 Hidden Image-->ATICCCom.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 45056 bytes
0x04F80000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 45056 bytes
0x04F90000 Hidden Image-->CLI.Aspect.DeviceLCD.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 45056 bytes
0x045B0000 Hidden Image-->ATIDEMGX.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 462848 bytes
0x03C30000 Hidden Image-->CLI.Foundation.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x041A0000 Hidden Image-->AEM.Server.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x04400000 Hidden Image-->AEM.Plugin.Source.Kit.Server.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x04570000 Hidden Image-->DEM.Graphics.I0601.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x04F10000 Hidden Image-->CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x04F20000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x04F70000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x05190000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x052F0000 Hidden Image-->CLI.Aspect.TransCode.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x05EE0000 Hidden Image-->CLI.Component.Client.Shared.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x06340000 Hidden Image-->CLI.Caste.Graphics.Wizard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 53248 bytes
0x07290000 Hidden Image-->CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 585728 bytes
0x05E40000 Hidden Image-->CLI.Component.Systemtray.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 593920 bytes
0x03C20000 Hidden Image-->CLI.Component.Runtime.Shared.Private.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 61440 bytes
0x04FD0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 61440 bytes
0x053D0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 61440 bytes
0x052B0000 Hidden Image-->CLI.Aspect.DeviceCRT.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 61440 bytes
0x053A0000 Hidden Image-->CLI.Aspect.DeviceProperty.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 61440 bytes
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
0x07570000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 684032 bytes
0x038B0000 Hidden Image-->CLI.Component.SkinFactory.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 69632 bytes
0x03BF0000 Hidden Image-->CLI.Component.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 69632 bytes
0x052D0000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 69632 bytes
0x05A70000 Hidden Image-->APM.Server.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 69632 bytes
0x07550000 Hidden Image-->CLI.Aspect.VPURecover.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 69632 bytes
0x06260000 Hidden Image-->ResourceManagement.Foundation.Implementation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 749568 bytes
0x012A0000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x89D08568 ] PID: 1152, 77824 bytes
0x01260000 Hidden Image-->LOG.Foundation.Implementation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 77824 bytes
0x04FB0000 Hidden Image-->CLI.Aspect.DeviceDFP.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 77824 bytes
0x050B0000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 77824 bytes
0x050D0000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 77824 bytes
0x05130000 Hidden Image-->CLI.Aspect.DeviceCV.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 77824 bytes
0x05330000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Shared.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 77824 bytes
0x06110000 Hidden Image-->CLI.Aspect.Welcome.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 77824 bytes
0x05050000 Hidden Image-->CLI.Aspect.Radeon3D.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 86016 bytes
0x05170000 Hidden Image-->CLI.Aspect.DeviceTV.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 86016 bytes
0x060E0000 Hidden Image-->CLI.Caste.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 86016 bytes
0x07410000 Hidden Image-->CLI.Aspect.MMVideo.Graphics.Dashboard.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 888832 bytes
0x04180000 Hidden Image-->ADL.Foundation.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 94208 bytes
0x05030000 Hidden Image-->CLI.Aspect.OverDrive5.Graphics.Runtime.dll [ EPROCESS 0x89CDC020 ] PID: 3752, 94208 bytes
==============================================
>Files
==============================================
Deleted.
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D53C, Type: Inline - RelativeJump 0x8050453C-->805044F7 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D884, Type: Inline - RelativeJump 0x80504884-->8050483F [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D8D4, Type: Inline - RelativeJump 0x805048D4-->8050488F [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
[1220]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[1256]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DC1218-->00000000 [shimeng.dll]
[1256]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1256]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1256]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1256]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->00000000 [shimeng.dll]
[1256]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x40C114B0-->00000000 [shimeng.dll]
[1256]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AA109C-->00000000 [shimeng.dll]
[1508]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E3B531E-->00000000 [xul.dll]
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 26th, 2010, 10:27 am

Hi Jacob A,

Although we have removed some minor malware and remnants of a previous infection all of your latest logs have come back clean. This indicates that the slowness of the computer is not caused by malware.

As this is a dedicated Malware Removal site I think those issues are best left to experts elsewhere.
Here are some excellent Tech sites (in no particular order) that may be able to help with these problems:


Let's remove the files deleted by OTL and clean up the tools we used

Remove GMER

Delete the GMER icon from your desktop.

Uninstall ComboFix

  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Jacob A » December 27th, 2010, 11:08 am

Hello deltalima! Yes hopefully I can find a solution in one of the other forums anyway just wanted to say thanks for all your help and dedication to my problem and not to mention you doing this for free every day your truly a wonderful person and im sure somehow you'll get something from all this within or from other persons!

Thank you one more time and good luck with whatever your doing in the future!

Sincerely Jacob
Jacob A
Regular Member
 
Posts: 26
Joined: December 2nd, 2008, 7:08 pm

Re: Slow start up, cpu power draining for no reason.

Unread postby deltalima » December 27th, 2010, 11:27 am

You're welcome!

Hope you manage to find a solution.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Slow start up, cpu power draining for no reason.

Unread postby Wingman » December 27th, 2010, 11:57 am

As your problems do not appear to be Malware related, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 281 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware