Solved TCP Open Ports - Rootkit

broni · 2010/11/30

This is eating up your CPU cycles:
sqlservr.exe 2004 26.26% 108,360 K 15,088 K SQL Server Windows NT - 64 Bit Microsoft Corporation "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS

Disable its service, or uninstall it altogether, if you don't use it.

I can see these in Add\Remove:
Microsoft SQL Server 2008 Browser
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Database Publishing Wizard 1.3

lpdrummer · 2010/11/30

So I can go into Add/Remove programs and delete all of those? I'm not sure what any of those are, so I really doubt that I use them.

broni · 2010/11/30

I assume, you mean "uninstall ", when you say "delete ".
If so, yes.

When done, restart computer and post new Process Explorer log.

lpdrummer · 2010/12/01

Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 8.48 0 K 24 K
Interrupts n/a 1.41 0 K 0 K Hardware Interrupts
DPCs n/a 1.41 0 K 0 K Deferred Procedure Calls
System 4 1.41 112 K 620 K
smss.exe 428 500 K 1,140 K
csrss.exe 560 1,944 K 3,924 K
wininit.exe 660 1,764 K 4,420 K
services.exe 708 9,084 K 13,252 K
svchost.exe 900 2.12 4,592 K 9,392 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe 988 4,320 K 7,984 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe 612 3.53 15,260 K 14,980 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 1088 16,292 K 16,568 K
svchost.exe 772 2.83 10,608 K 19,172 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
dwm.exe 1456 2.12 26,080 K 20,580 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe "
WUDFHost.exe 3560 0.47 2,040 K 6,072 K
svchost.exe 1004 27.55 18,392 K 32,968 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k netsvcs
taskeng.exe 1568 2,168 K 6,156 K Task Scheduler Engine Microsoft Corporation taskeng.exe {75B44590-9227-419C-AB9F-5EF50948C136}
svchost.exe 1128 1.41 6,604 K 11,848 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 1208 2.12 10,364 K 15,008 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
AvastSvc.exe 1332 10,200 K 11,212 K avast! Service AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "
avast.setup 1064 4,536 K 11,992 K
spoolsv.exe 1252 8,772 K 14,960 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
taskhost.exe 1288 0.71 3,156 K 6,900 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe "
svchost.exe 1384 4.95 13,904 K 18,480 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe 1728 4,052 K 8,560 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k apphost
mDNSResponder.exe 2024 5.65 2,024 K 5,660 K Bonjour Service Apple Inc. "C:\Program Files (x86)\Bonjour\mDNSResponder.exe "
svchost.exe 1060 7,452 K 14,508 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
sqlservr.exe 2116 120,840 K 66,016 K SQL Server Windows NT - 64 Bit Microsoft Corporation "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
sqlwriter.exe 2280 2,080 K 6,332 K SQL Server VSS Writer - 64 Bit Microsoft Corporation "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "
svchost.exe 2312 4,008 K 7,468 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
svchost.exe 2376 6,128 K 9,640 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k iissvcs
WLIDSVC.EXE 2420 4,308 K 12,580 K "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "
WLIDSVCM.EXE 2992 1,212 K 3,128 K
alg.exe 2908 1,512 K 4,916 K Application Layer Gateway Service Microsoft Corporation C:\Windows\System32\alg.exe
SearchIndexer.exe 2904 2.12 19,324 K 15,296 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
wmpnetwk.exe 3788 0.47 2,120 K 6,492 K
lsass.exe 720 0.71 4,660 K 11,688 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 728 2,312 K 3,988 K
csrss.exe 676 2,056 K 4,688 K
winlogon.exe 820 2,972 K 6,892 K
explorer.exe 1468 0.71 29,196 K 42,788 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
GoogleUpdate.exe 1680 1,860 K 1,224 K Google Installer Google Inc. "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /c
GoogleCrashHandler.exe 1720 1,704 K 1,132 K Google Installer Google Inc. "C:\Users\Alex\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe" /crashhandler
procexp.exe 2916 1,928 K 6,196 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Alex\Desktop\procexp.exe"
procexp64.exe 3028 7.06 17,324 K 34,212 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Alex\Desktop\procexp.exe"
wmpnscfg.exe 3388 6.36 3,048 K 9,748 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnscfg.exe "
wmpnscfg.exe 3476 1.54 2,680 K 7,360 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnscfg.exe "
wmpnscfg.exe 3656 1.66 2,840 K 8,832 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnscfg.exe "
wmpnscfg.exe 3664 1.90 2,996 K 9,256 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnscfg.exe "
wmpnscfg.exe 3672 1.90 2,848 K 8,840 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnscfg.exe "
wmpnscfg.exe 3680 1.66 2,848 K 8,840 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnscfg.exe "
wmpnscfg.exe 3692 0.95 2,028 K 6,036 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnscfg.exe "
wmpnscfg.exe 3828 0.83 1,996 K 6,000 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnscfg.exe "
AvastUI.exe 1992 4,380 K 2,852 K avast! Antivirus AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
reader_sl.exe 2000 1,396 K 4,184 K Adobe Acrobat SpeedLauncher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe "

broni · 2010/12/01

I still can see it running:
sqlservr.exe 2116 120,840 K 66,016 K SQL Server Windows NT - 64 Bit Microsoft Corporation "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
sqlwriter.exe 2280 2,080 K 6,332 K SQL Server VSS Writer - 64 Bit Microsoft Corporation "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "

Did you uninstall all 4 items and restart computer?

lpdrummer · 2010/12/01

Yes, they are all removed and I have restarted. Actually, I see the files are still in the folder, let me delete those as well.
I just went in as admin and ended both process trees, but I'm wondering what caused them to come back after I uninstalled them.

Looking in Add/Remove programs, I still have
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server 2008 VSS Writer

Should I uninstall these as well?

broni · 2010/12/01

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Paste the content into your next reply.

lpdrummer · 2010/12/01

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms " " " " " " "
+ "rdpclip " " " " " "File not found: rdpclip "
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run " " " " " " "
+ "Adobe ARM " "Adobe Reader and Acrobat Manager " "Adobe Systems Incorporated " "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe "
+ "Adobe Reader Speed Launcher " "Adobe Acrobat SpeedLauncher " "Adobe Systems Incorporated " "c:\program files (x86)\adobe\reader 10.0\reader\reader_sl.exe "
+ "avast5 " "avast! Antivirus " "AVAST Software " "c:\program files\alwil software\avast5\avastui.exe "
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run " " " " " " "
+ "Google Update " "Google Installer " "Google Inc. " "c:\users\alex\appdata\local\google\update\googleupdate.exe "
"HKLM\SOFTWARE\Classes\Protocols\Filter " " " " " " "
+ "text/xml " "Microsoft Office XML MIME Filter " "Microsoft Corporation " "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll "
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components " " " " " " "
+ "Microsoft Windows " "Windows Mail " "Microsoft Corporation " "c:\program files\windows mail\winmail.exe "
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components " " " " " " "
+ "Microsoft Windows " "Windows Mail " "Microsoft Corporation " "c:\program files (x86)\windows mail\winmail.exe "
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers " " " " " " "
+ "avast " "avast! Shell Extension " "AVAST Software " "c:\program files\alwil software\avast5\ashsha64.dll "
+ "avast " "avast! Shell Extension " "AVAST Software " "c:\program files\alwil software\avast5\ashshell.dll "
+ "Fix-It Menu " "Fix-It Context Menus " "Avanquest North America, Inc. " "c:\program files (x86)\avanquest\fix-it\mxctxmnu.dll "
+ "WinRAR32 " " " " " "c:\program files\winrar\rarext.dll "
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers " " " " " " "
+ "MBAMShlExt " "Malwarebytes' Anti-Malware " "Malwarebytes Corporation " "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll "
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers " " " " " " "
+ "Fix-It Menu " "Fix-It Context Menus " "Avanquest North America, Inc. " "c:\program files (x86)\avanquest\fix-it\mxctxmnu.dll "
+ "MagicISO " "MagicISO Shell Extension Module " "MagicISO, Inc. " "c:\program files (x86)\magiciso\misosh64.dll "
+ "PowerISO " "PowerISOShell DLL " "PowerISO Computing, Inc. " "c:\program files\poweriso\pwrisosh.dll "
+ "WinRAR " " " " " "c:\program files\winrar\rarext64.dll "
+ "WinRAR32 " " " " " "c:\program files\winrar\rarext.dll "
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers " " " " " " "
+ "WinRAR " " " " " "c:\program files\winrar\rarext64.dll "
"HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers " " " " " " "
+ "WinRAR32 " " " " " "c:\program files\winrar\rarext.dll "
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers " " " " " " "
+ "Gadgets " "Sidebar droptarget " "Microsoft Corporation " "c:\program files\windows sidebar\sbdrop.dll "
+ "Gadgets " "Sidebar droptarget " "Microsoft Corporation " "c:\program files (x86)\windows sidebar\sbdrop.dll "
+ "NvCplDesktopContext " " " "NVIDIA Corporation " "c:\windows\system32\nvshext.dll "
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers " " " " " " "
+ "PDF Shell Extension " "PDF Shell Extension " "Adobe Systems, Inc. " "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll "
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers " " " " " " "
+ "avast " "avast! Shell Extension " "AVAST Software " "c:\program files\alwil software\avast5\ashsha64.dll "
+ "avast " "avast! Shell Extension " "AVAST Software " "c:\program files\alwil software\avast5\ashshell.dll "
+ "Create ISO Image from directory " "ISO Recorder " "Alex Feinman " "c:\program files\iso recorder\isorecorder.dll "
+ "WinRAR32 " " " " " "c:\program files\winrar\rarext.dll "
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers " " " " " " "
+ "WinRAR32 " " " " " "c:\program files\winrar\rarext.dll "
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects " " " " " " "
+ "Java(tm) Plug-In 2 SSV Helper " "Java(TM) Platform SE binary " "Sun Microsystems, Inc. " "c:\program files\java\jre6\bin\jp2ssv.dll "
+ "Windows Live ID Sign-in Helper " "Microsoft® Windows Live ID Login Helper " "Microsoft Corporation " "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll "
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects " " " " " " "
+ "Adobe PDF Link Helper " "Adobe PDF Helper for Internet Explorer " "Adobe Systems Incorporated " "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll "
+ "Java(tm) Plug-In 2 SSV Helper " "Java(TM) Platform SE binary " "Sun Microsystems, Inc. " "c:\program files (x86)\java\jre6\bin\jp2ssv.dll "
+ "Windows Live ID Sign-in Helper " "Microsoft® Windows Live ID Login Helper " "Microsoft Corporation " "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll "
"Task Scheduler " " " " " " "
+ "\GoogleUpdateTaskUserS-1-5-21-201300541-1120052678-3394950442-1000Core " "Google Installer " "Google Inc. " "c:\users\alex\appdata\local\google\update\googleupdate.exe "
+ "\GoogleUpdateTaskUserS-1-5-21-201300541-1120052678-3394950442-1000UA " "Google Installer " "Google Inc. " "c:\users\alex\appdata\local\google\update\googleupdate.exe "
+ "\Microsoft\Windows Defender\MP Scheduled Scan " "Microsoft Malware Protection Command Line Utility " "Microsoft Corporation " "c:\program files\windows defender\mpcmdrun.exe "
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo " " " " " "c:\windows\system32\gathernetworkinfo.vbs "
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary " "Windows Media Player Network Sharing Service Configuration Application " "Microsoft Corporation " "c:\program files\windows media player\wmpnscfg.exe "
+ "\Microsoft\Windows\Wired\GatherWiredInfo " " " " " "File not found: C:\Windows\system32\gatherWiredInfo.vbs "
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo " " " " " "File not found: C:\Windows\system32\gatherWirelessInfo.vbs "
"HKLM\System\CurrentControlSet\Services " " " " " " "
+ "avast! Antivirus " "Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler. " "AVAST Software " "c:\program files\alwil software\avast5\avastsvc.exe "
+ "avast! Mail Scanner " "Implements mail scanning for avast! antivirus. " "AVAST Software " "c:\program files\alwil software\avast5\avastsvc.exe "
+ "avast! Web Scanner " "Implements web (HTTP) scanning for avast! antivirus. " "AVAST Software " "c:\program files\alwil software\avast5\avastsvc.exe "
+ "Bonjour Service " "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence. " "Apple Inc. " "c:\program files (x86)\bonjour\mdnsresponder.exe "
+ "iPod Service " "iPod hardware management services " "Apple Inc. " "c:\program files\ipod\bin\ipodservice.exe "
+ "MSSQL$SQLEXPRESS " "Provides storage, processing and controlled access of data, and rapid transaction processing. " " " "File not found: c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe "
+ "odserv " "Run portions of Microsoft Office Diagnostics. " "Microsoft Corporation " "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe "
+ "ose " "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports. " "Microsoft Corporation " "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe "
+ "SQLWriter " "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure. " " " "File not found: c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "
+ "WinDefend " "Protection against spyware and potentially unwanted software " "Microsoft Corporation " "c:\program files\windows defender\mpsvc.dll "
+ "wlidsvc " "Enables Windows Live ID authentication. " "Microsoft Corporation " "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe "
+ "WMPNetworkSvc " "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play " "Microsoft Corporation " "c:\program files\windows media player\wmpnetwk.exe "
"HKLM\System\CurrentControlSet\Services " " " " " " "
+ "adp94xx " "Adaptec Windows SAS/SATA Storport Driver " "Adaptec, Inc. " "c:\windows\system32\drivers\adp94xx.sys "
+ "adpahci " "Adaptec Windows SATA Storport Driver " "Adaptec, Inc. " "c:\windows\system32\drivers\adpahci.sys "
+ "adpu320 " "Adaptec StorPort Ultra320 SCSI Driver (X64) " "Adaptec, Inc. " "c:\windows\system32\drivers\adpu320.sys "
+ "aliide " "ALi mini IDE Driver " "Acer Laboratories Inc. " "c:\windows\system32\drivers\aliide.sys "
+ "amdsata " "AHCI 1.2 Device Driver " "Advanced Micro Devices " "c:\windows\system32\drivers\amdsata.sys "
+ "amdsbs " "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform " "AMD Technologies Inc. " "c:\windows\system32\drivers\amdsbs.sys "
+ "amdxata " "Storage Filter Driver " "Advanced Micro Devices " "c:\windows\system32\drivers\amdxata.sys "
+ "arc " "Adaptec RAID Storport Driver " "Adaptec, Inc. " "c:\windows\system32\drivers\arc.sys "
+ "arcsas " "Adaptec SAS RAID WS03 Driver " "Adaptec, Inc. " "c:\windows\system32\drivers\arcsas.sys "
+ "aswFsBlk " "avast! mini-filter driver (aswFsBlk) " "AVAST Software " "c:\windows\system32\drivers\aswfsblk.sys "
+ "aswMonFlt " "avast! mini-filter driver (aswMonFlt) " "AVAST Software " "c:\windows\system32\drivers\aswmonflt.sys "
+ "aswRdr " "avast! TDI Redirect driver " "AVAST Software " "c:\windows\system32\drivers\aswrdr.sys "
+ "aswSP " "avast! Self Protection " "AVAST Software " "c:\windows\system32\drivers\aswsp.sys "
+ "aswTdi " "avast! Network Shield TDI driver " "AVAST Software " "c:\windows\system32\drivers\aswtdi.sys "
+ "b06bdrv " "Broadcom NetXtreme II GigE VBD " "Broadcom Corporation " "c:\windows\system32\drivers\bxvbda.sys "
+ "b57nd60a " "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver. " "Broadcom Corporation " "c:\windows\system32\drivers\b57nd60a.sys "
+ "BrFiltLo " "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver " "Brother Industries, Ltd. " "c:\windows\system32\drivers\brfiltlo.sys "
+ "BrFiltUp " "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver " "Brother Industries, Ltd. " "c:\windows\system32\drivers\brfiltup.sys "
+ "Brserid " "Brotehr Serial I/F Driver (WDM) " "Brother Industries Ltd. " "c:\windows\system32\drivers\brserid.sys "
+ "BrSerWdm " "Brother Serial driver (WDM version) " "Brother Industries Ltd. " "c:\windows\system32\drivers\brserwdm.sys "
+ "BrUsbMdm " "Brother USB MDM Driver " "Brother Industries Ltd. " "c:\windows\system32\drivers\brusbmdm.sys "
+ "BrUsbSer " "Brother USB Serial Driver " "Brother Industries Ltd. " "c:\windows\system32\drivers\brusbser.sys "
+ "cmdide " "CMD PCI IDE Bus Driver " "CMD Technology, Inc. " "c:\windows\system32\drivers\cmdide.sys "
+ "DKbFltr " "Dritek 64-bit PS/2 Keyboard Filter Driver " "Dritek System Inc. " "c:\windows\syswow64\drivers\dkbfltr.sys "
+ "ebdrv " "Broadcom NetXtreme II 10 GigE VBD " "Broadcom Corporation " "c:\windows\system32\drivers\evbda.sys "
+ "elxstor " "Storport Miniport Driver for LightPulse HBAs " "Emulex " "c:\windows\system32\drivers\elxstor.sys "
+ "GEARAspiWDM " "CD DVD Filter " "GEAR Software Inc. " "c:\windows\system32\drivers\gearaspiwdm.sys "
+ "hamachi " "Hamachi Virtual Network Interface Driver " "LogMeIn, Inc. " "c:\windows\system32\drivers\hamachi.sys "
+ "hcw85cir " "Hauppauge WinTV 885 Consumer IR Driver for eHome " "Hauppauge Computer Works, Inc. " "c:\windows\system32\drivers\hcw85cir.sys "
+ "HpSAMD " "Smart Array SAS/SATA Controller Media Driver " "Hewlett-Packard Company " "c:\windows\system32\drivers\hpsamd.sys "
+ "iaStor " "Intel Matrix Storage Manager driver - x64 " "Intel Corporation " "c:\windows\system32\drivers\iastor.sys "
+ "iaStorV " "Intel Matrix Storage Manager driver - x64 " "Intel Corporation " "c:\windows\system32\drivers\iastorv.sys "
+ "iirsp " "Intel/ICP Raid Storport Driver " "Intel Corp./ICP vortex GmbH " "c:\windows\system32\drivers\iirsp.sys "
+ "IntcAzAudAddService " "Realtek(r) High Definition Audio Function Driver " "Realtek Semiconductor Corp. " "c:\windows\system32\drivers\rtkvhd64.sys "
+ "LHidFilt " "Logitech HID Filter Driver. " "Logitech, Inc. " "c:\windows\system32\drivers\lhidfilt.sys "
+ "LMouFilt " "Logitech Mouse Filter Driver. " "Logitech, Inc. " "c:\windows\system32\drivers\lmoufilt.sys "
+ "LSI_FC " "LSI Fusion-MPT FC Driver (StorPort) " "LSI Corporation " "c:\windows\system32\drivers\lsi_fc.sys "
+ "LSI_SAS " "LSI Fusion-MPT SAS Driver (StorPort) " "LSI Corporation " "c:\windows\system32\drivers\lsi_sas.sys "
+ "LSI_SAS2 " "LSI SAS Gen2 Driver (StorPort) " "LSI Corporation " "c:\windows\system32\drivers\lsi_sas2.sys "
+ "LSI_SCSI " "LSI Fusion-MPT SCSI Driver (StorPort) " "LSI Corporation " "c:\windows\system32\drivers\lsi_scsi.sys "
+ "megasas " "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64 " "LSI Corporation " "c:\windows\system32\drivers\megasas.sys "
+ "MegaSR " "LSI MegaRAID Software RAID Driver " "LSI Corporation, Inc. " "c:\windows\system32\drivers\megasr.sys "
+ "netw5v64 " "Intel® Wireless WiFi Link Driver " "Intel Corporation " "c:\windows\system32\drivers\netw5v64.sys "
+ "nfrd960 " "IBM ServeRAID Controller Driver " "IBM Corporation " "c:\windows\system32\drivers\nfrd960.sys "
+ "nvlddmkm " "NVIDIA Windows Kernel Mode Driver, Version 186.03 " "NVIDIA Corporation " "c:\windows\system32\drivers\nvlddmkm.sys "
+ "nvraid " "NVIDIA® nForce(TM) RAID Driver " "NVIDIA Corporation " "c:\windows\system32\drivers\nvraid.sys "
+ "nvstor " "NVIDIA® nForce(TM) Sata Performance Driver " "NVIDIA Corporation " "c:\windows\system32\drivers\nvstor.sys "
+ "ql2300 " "QLogic Fibre Channel Stor Miniport Driver " "QLogic Corporation " "c:\windows\system32\drivers\ql2300.sys "
+ "ql40xx " "QLogic iSCSI Storport Miniport Driver " "QLogic Corporation " "c:\windows\system32\drivers\ql40xx.sys "
+ "rismxdp " "RICOH xD SM Driver " "REDC " "c:\windows\system32\drivers\rixdpx64.sys "
+ "SCDEmu " "PowerISO Virtual Drive " "PowerISO Computing, Inc. " "c:\windows\system32\drivers\scdemu.sys "
+ "secdrv " "Macrovision SECURITY Driver " "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. " "c:\windows\system32\drivers\secdrv.sys "
+ "SiSRaid2 " "SiS RAID Stor Miniport Driver " "Silicon Integrated Systems Corp. " "c:\windows\system32\drivers\sisraid2.sys "
+ "SiSRaid4 " "SiS AHCI Stor-Miniport Driver " "Silicon Integrated Systems " "c:\windows\system32\drivers\sisraid4.sys "
+ "snapman " "Acronis Snapshot API " "Acronis " "c:\windows\system32\drivers\snapman.sys "
+ "SNP2UVC " "UVC Camera Streaming Driver " " " "c:\windows\system32\drivers\snp2uvc.sys "
+ "sptd " "SCSI Pass Through Direct Host " "Duplex Secure Ltd. " "c:\windows\system32\drivers\sptd.sys "
+ "SrvHsfHDA " "HSF_HWAZL WDM driver " "Conexant Systems, Inc. " "c:\windows\system32\drivers\vstazl6.sys "
+ "SrvHsfV92 " "HSF_DP driver " "Conexant Systems, Inc. " "c:\windows\system32\drivers\vstdpv6.sys "
+ "SrvHsfWinac " "HSF_CNXT driver " "Conexant Systems, Inc. " "c:\windows\system32\drivers\vstcnxt6.sys "
+ "stexstor " "Promise SuperTrak EX Series Driver for Windows " "Promise Technology " "c:\windows\system32\drivers\stexstor.sys "
+ "SynTP " "Synaptics Touchpad Driver " "Synaptics, Inc. " "c:\windows\system32\drivers\syntp.sys "
+ "USBAAPL64 " "Apple Mobile Device USB Driver " "Apple, Inc. " "c:\windows\system32\drivers\usbaapl64.sys "
+ "viaide " "VIA Generic PCI IDE Bus Driver " "VIA Technologies, Inc. " "c:\windows\system32\drivers\viaide.sys "
+ "vsmraid " "VIA RAID DRIVER FOR AMD-X86-64 " "VIA Technologies Inc.,Ltd " "c:\windows\system32\drivers\vsmraid.sys "
+ "winbondcir " "Winbond MCE CIR Port Driver " "Winbond Electronics Corporation " "c:\windows\system32\drivers\winbondcir.sys "
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 " " " " " " "
+ "msacm.l3acm " "MPEG Layer-3 Audio Codec for MSACM " "Fraunhofer Institut Integrierte Schaltungen IIS " "c:\windows\system32\l3codeca.acm "
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32 " " " " " " "
+ "msacm.ac3acm " "AC-3 ACM Codec " "fccHandler " "c:\windows\syswow64\ac3acm.acm "
+ "msacm.l3acm " "MPEG Layer-3 Audio Codec for MSACM " "Fraunhofer Institut Integrierte Schaltungen IIS " "c:\windows\syswow64\l3codeca.acm "
+ "msacm.lameacm " "Lame MP3 codec engine " "http://www.mp3dev.org/ " "c:\windows\syswow64\lameacm.acm "
+ "msacm.vorbis " "Ogg Vorbis CODEC for MSACM " "HMS http://hp.vector.co.jp/authors/VA012897/ " "c:\windows\syswow64\vorbis.acm "
+ "vidc.cvid " "Cinepak® Codec " "Radius Inc. " "c:\windows\syswow64\iccvid.dll "
+ "VIDC.FFDS " " " " " "c:\windows\syswow64\ff_vfw.dll "
+ "VIDC.XVID " " " " " "c:\windows\syswow64\xvidvfw.dll "
+ "VIDC.YV12 " "Helix YV12 YUV Codec " "www.helixcommunity.org " "c:\windows\syswow64\yv12vfw.dll "
"HKLM\Software\Classes\Filter " " " " " " "
+ "IL FL Studio DXi " " " "Image-Line bvba " "c:\program files\image-line\fl studio 8\system\plugin\dxi\fl studio dxi.dll "
+ "IL Multi FL Studio DXi " " " "Image-Line bvba " "c:\program files\image-line\fl studio 8\system\plugin\dxi\fl studio dxi (multi).dll "
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance " " " " " " "
+ "9x8Resize " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "AC3File " " " " " "c:\program files (x86)\k-lite codec pack\filters\ac3file.ax "
+ "Allocator Fix " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "Bitmap " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "DC-Bass Source " "DirectShow™ Audio Decoder " "http://www.dsp-worx.de " "c:\program files (x86)\k-lite codec pack\filters\dcbasssource.ax "
+ "DirectVobSub " "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth " "Gabest " "c:\program files (x86)\k-lite codec pack\filters\vsfilter.dll "
+ "DirectVobSub (auto-loading version) " "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth " "Gabest " "c:\program files (x86)\k-lite codec pack\filters\vsfilter.dll "
+ "ffdshow Audio Decoder " "DirectShow and VFW video and audio decoding/encoding/processing filter " " " "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax "
+ "ffdshow Audio Processor " "DirectShow and VFW video and audio decoding/encoding/processing filter " " " "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax "
+ "ffdshow DXVA Video Decoder " "DirectShow and VFW video and audio decoding/encoding/processing filter " " " "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax "
+ "ffdshow raw video filter " "DirectShow and VFW video and audio decoding/encoding/processing filter " " " "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax "
+ "ffdshow subtitles filter " "DirectShow and VFW video and audio decoding/encoding/processing filter " " " "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax "
+ "ffdshow Video Decoder " "DirectShow and VFW video and audio decoding/encoding/processing filter " " " "c:\program files (x86)\k-lite codec pack\ffdshow\ffdshow.ax "
+ "File Source (Monkey Audio) " " " " " "c:\program files (x86)\k-lite codec pack\filters\monkeysource.ax "
+ "Frame Eater " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "Haali Matroska Muxer " "Haali Media Splitter " " " "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax "
+ "Haali Media Splitter " "Haali Media Splitter " " " "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax "
+ "Haali Media Splitter (AR) " "Haali Media Splitter " " " "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax "
+ "Haali Simple Media Splitter " "Haali Media Splitter " " " "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax "
+ "Haali Video Renderer " " " " " "c:\program files (x86)\k-lite codec pack\filters\haali\dxr.dll "
+ "Haali Video Sink " "Haali Media Splitter " " " "c:\program files (x86)\k-lite codec pack\filters\haali\splitter.ax "
+ "madFlac Decoder " "DirectShow FLAC Decoder " "www.madshi.net " "c:\program files (x86)\k-lite codec pack\filters\madflac.ax "
+ "madFlac Source " "DirectShow FLAC Decoder " "www.madshi.net " "c:\program files (x86)\k-lite codec pack\filters\madflac.ax "
+ "MONOGRAM AMR Decoder " "AMR Filter Pack " "MONOGRAM Multimedia, s.r.o. " "c:\program files (x86)\k-lite codec pack\filters\mmamr.ax "
+ "MONOGRAM AMR Encoder " "AMR Filter Pack " "MONOGRAM Multimedia, s.r.o. " "c:\program files (x86)\k-lite codec pack\filters\mmamr.ax "
+ "MONOGRAM AMR Mux " "AMR Filter Pack " "MONOGRAM Multimedia, s.r.o. " "c:\program files (x86)\k-lite codec pack\filters\mmamr.ax "
+ "MONOGRAM AMR Splitter " "AMR Filter Pack " "MONOGRAM Multimedia, s.r.o. " "c:\program files (x86)\k-lite codec pack\filters\mmamr.ax "
+ "MONOGRAM Musepack Decoder " "mmmpcdec " " " "c:\program files (x86)\k-lite codec pack\filters\mmmpcdec.ax "
+ "MONOGRAM Musepack Splitter " "mmmpcdmx " " " "c:\program files (x86)\k-lite codec pack\filters\mmmpcdmx.ax "
+ "MPC - FLV Source (Gabest) " "FLV Splitter " "MPC-HC Team " "c:\program files (x86)\k-lite codec pack\filters\flvsplitter.ax "
+ "MPC - FLV Splitter (Gabest) " "FLV Splitter " "MPC-HC Team " "c:\program files (x86)\k-lite codec pack\filters\flvsplitter.ax "
+ "MPC - MP4 Source " "MP4 Splitter " "MPC-HC Team " "c:\program files (x86)\k-lite codec pack\filters\mp4splitter.ax "
+ "MPC - MP4 Splitter " "MP4 Splitter " "MPC-HC Team " "c:\program files (x86)\k-lite codec pack\filters\mp4splitter.ax "
+ "MPC - Mpeg Source (Gabest) " "Mpeg Splitter " "MPC-HC Team " "c:\program files (x86)\k-lite codec pack\filters\mpegsplitter.ax "
+ "MPC - Mpeg Splitter (Gabest) " "Mpeg Splitter " "MPC-HC Team " "c:\program files (x86)\k-lite codec pack\filters\mpegsplitter.ax "
+ "MPC - MPEG4 Video Source " "MP4 Splitter " "MPC-HC Team " "c:\program files (x86)\k-lite codec pack\filters\mp4splitter.ax "
+ "MPC - MPEG4 Video Splitter " "MP4 Splitter " "MPC-HC Team " "c:\program files (x86)\k-lite codec pack\filters\mp4splitter.ax "
+ "MPC - RealAudio Decoder " "RealMedia Splitter " "MPC-HC Team " "c:\program files (x86)\k-lite codec pack\filters\realmediasplitter.ax "
+ "MPC - RealMedia Source " "RealMedia Splitter " "MPC-HC Team " "c:\program files (x86)\k-lite codec pack\filters\realmediasplitter.ax "
+ "MPC - RealMedia Splitter " "RealMedia Splitter " "MPC-HC Team " "c:\program files (x86)\k-lite codec pack\filters\realmediasplitter.ax "
+ "MPC - RealVideo Decoder " "RealMedia Splitter " "MPC-HC Team " "c:\program files (x86)\k-lite codec pack\filters\realmediasplitter.ax "
+ "Record Queue " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "ShotDetect " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "Stetch " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "T " "VP7 Decompression Filter " "On2.com Inc. " "c:\program files (x86)\k-lite codec pack\filters\vp7dec.ax "
+ "WavPack Audio Decoder " "WavPack Audio DirectShow Decoder " "- " "c:\program files (x86)\k-lite codec pack\filters\wavpackdsdecoder.ax "
+ "WavPack Audio Splitter " "WavPack Audio DirectShow Splitter " "- " "c:\program files (x86)\k-lite codec pack\filters\wavpackdssplitter.ax "
+ "WM VIH2 Fix " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "WMT Audio Analyzer " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "WMT Audio Mixer " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "WMT Black Frame Generator " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "WMT DirectX Transform Wrapper " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "WMT DV Extract " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "WMT Format Conversion " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "WMT Import Filter " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "WMT Interlacer " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "WMT Log Filter " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "WMT MuxDeMux Filter " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "WMT Sample Info Filter " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "WMT Screen Capture filter " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "WMT Switch Filter " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "WMT Virtual Renderer " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "WMT Virtual Source " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
+ "WMT Volume " "Movie Maker Filters " "Microsoft Corporation " "c:\program files (x86)\movie maker 2.6\wmm2filt.dll "
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers " " " " " " "
+ "WLIDCredentialProvider " "Microsoft® Windows Live ID Credential Provider " "Microsoft Corporation " "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll "
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify " " " " " " "
+ "LBTWlgn " "Logitech Bluetooth Service " "Logitech, Inc. " "c:\program files\common files\logishrd\bluetooth\lbtwlgn.dll "
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries " " " " " " "
+ "mdnsNSP " "Bonjour Namespace Provider " "Apple Inc. " "c:\program files (x86)\bonjour\mdnsnsp.dll "
+ "WindowsLive Local NSP " "Microsoft® Windows Live ID Namespace Provider " "Microsoft Corporation " "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll "
+ "WindowsLive NSP " "Microsoft® Windows Live ID Namespace Provider " "Microsoft Corporation " "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll "
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64 " " " " " " "
+ "mdnsNSP " "Bonjour Namespace Provider " "Apple Inc. " "c:\program files\bonjour\mdnsnsp.dll "
+ "WindowsLive Local NSP " "Microsoft® Windows Live ID Namespace Provider " "Microsoft Corporation " "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll "
+ "WindowsLive NSP " "Microsoft® Windows Live ID Namespace Provider " "Microsoft Corporation " "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll "
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors " " " " " " "
+ "Canon BJ Language Monitor MP160 " "IJ Language Monitor " "CANON INC. " "c:\windows\system32\cnmlm83.dll "
+ "PCL hpz3l4v2 " "LanguageMonitor " "Hewlett-Packard Company " "c:\windows\system32\hpz3l4v2.dll "
+ "PCL hpz3llhn " "LanguageMonitor " "Hewlett-Packard Company " "c:\windows\system32\hpz3llhn.dll "
+ "PCL hpz3lwn7 " "LanguageMonitor " "Hewlett-Packard Company " "c:\windows\system32\hpz3lwn7.dll "

I also went in and manually removed those two files from their respective folders
(sqlservr.exe 2116 120,840 K 66,016 K SQL Server Windows NT - 64 Bit Microsoft Corporation "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
and
sqlwriter.exe 2280 2,080 K 6,332 K SQL Server VSS Writer - 64 Bit Microsoft Corporation "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "
)

broni · 2010/12/01

Re-run Autoruns.
Scroll down to "Task Scheduler" section and UN-check these two items:
+ "MSSQL$SQLEXPRESS " "Provides storage, processing and controlled access of data, and rapid transaction processing." " " "File not found: c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe "
+ "SQLWriter " "Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure." " " "File not found: c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "

Restart computer.
Post fresh Process Explorer log.

lpdrummer · 2010/12/01

Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 65.76 0 K 24 K
Interrupts n/a 0 K 0 K Hardware Interrupts
DPCs n/a 2.17 0 K 0 K Deferred Procedure Calls
System 4 112 K 296 K
smss.exe 392 464 K 1,116 K
csrss.exe 520 0.14 1,924 K 3,884 K
wininit.exe 620 1,560 K 4,396 K
services.exe 668 12.50 8,168 K 10,400 K
svchost.exe 804 0.70 4,292 K 9,128 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
WmiPrvSE.exe 3968 1.83 3,172 K 6,680 K
dllhost.exe 3740 1,184 K 3,332 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
svchost.exe 888 0.84 4,204 K 7,944 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe 948 1.40 18,332 K 19,856 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 1048 16,308 K 16,512 K
svchost.exe 276 0.28 63,648 K 73,280 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
dwm.exe 1448 0.14 27,032 K 21,528 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe "
WUDFHost.exe 1824 2,012 K 6,048 K
svchost.exe 536 8.15 19,596 K 33,324 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe 2188 2,040 K 5,904 K Task Scheduler Engine Microsoft Corporation taskeng.exe {2FBF5BD5-3A57-4B45-B36D-E28700F8D391}
svchost.exe 1088 1.83 10,020 K 17,116 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 1184 6.04 15,804 K 17,920 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
AvastSvc.exe 1308 1.40 16,496 K 25,828 K avast! Service AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "
avast.setup 2292 0.56 3,040 K 9,280 K
spoolsv.exe 1964 8,880 K 15,088 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
taskhost.exe 1976 3,144 K 6,728 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe "
svchost.exe 2028 1.40 13,944 K 18,428 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe 1428 3,832 K 8,344 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k apphost
mDNSResponder.exe 1524 2,012 K 5,652 K Bonjour Service Apple Inc. "C:\Program Files (x86)\Bonjour\mDNSResponder.exe "
svchost.exe 1728 4.21 8,104 K 15,036 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
svchost.exe 1692 4,216 K 7,644 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
svchost.exe 2080 6,200 K 9,676 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k iissvcs
WLIDSVC.EXE 2116 4,368 K 12,652 K "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "
WLIDSVCM.EXE 2748 1,220 K 3,136 K
alg.exe 2864 1,548 K 4,924 K Application Layer Gateway Service Microsoft Corporation C:\Windows\System32\alg.exe
SearchIndexer.exe 2916 0.28 18,840 K 8,472 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
SearchProtocolHost.exe 3784 1,924 K 5,144 K
SearchFilterHost.exe 3804 1,896 K 5,112 K
wmpnetwk.exe 3312 10,272 K 25,552 K Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe "
svchost.exe 2452 0.28 328 K 108 K
lsass.exe 688 2.39 3,736 K 10,068 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 696 2,316 K 4,068 K
csrss.exe 636 0.56 2,028 K 4,564 K
winlogon.exe 976 3,080 K 6,852 K
explorer.exe 1472 1.69 29,796 K 42,640 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
procexp.exe 3156 1,912 K 6,188 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Alex\Desktop\procexp.exe"
procexp64.exe 3180 3.23 16,880 K 32,520 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Alex\Desktop\procexp.exe"
GoogleCrashHandler.exe 1892 1,692 K 1,080 K Google Installer Google Inc. "C:\Users\Alex\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe" /crashhandler
AvastUI.exe 2248 4,276 K 2,004 K avast! Antivirus AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
reader_sl.exe 2316 1,392 K 4,176 K Adobe Acrobat SpeedLauncher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe "

broni · 2010/12/01

It looks better, but it's still not right.
Several svchost.exe processes are using too much of your CPU.
System Idle Process (CPU not used) is listed at 65.76%.
It should be running at at least 90%, or so.

I need to go to bed, but you do this (I'll stay up for another 5 mins, or so).

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

lpdrummer · 2010/12/01

Here it is:

2010/12/01 01:56:38.0687 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56
2010/12/01 01:56:38.0687 ================================================================================
2010/12/01 01:56:38.0687 SystemInfo:
2010/12/01 01:56:38.0687
2010/12/01 01:56:38.0687 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/01 01:56:38.0687 Product type: Workstation
2010/12/01 01:56:38.0687 ComputerName: ALEX-LAPTOP
2010/12/01 01:56:38.0687 UserName: Alex
2010/12/01 01:56:38.0687 Windows directory: C:\Windows
2010/12/01 01:56:38.0687 System windows directory: C:\Windows
2010/12/01 01:56:38.0687 Running under WOW64
2010/12/01 01:56:38.0687 Processor architecture: Intel x64
2010/12/01 01:56:38.0687 Number of processors: 2
2010/12/01 01:56:38.0687 Page size: 0x1000
2010/12/01 01:56:38.0687 Boot type: Normal boot
2010/12/01 01:56:38.0687 ================================================================================
2010/12/01 01:56:38.0687 Utility is running under WOW64
2010/12/01 01:56:39.0030 Initialize success
2010/12/01 01:56:40.0169 ================================================================================
2010/12/01 01:56:40.0169 Scan started
2010/12/01 01:56:40.0169 Mode: Manual;
2010/12/01 01:56:40.0169 ================================================================================
2010/12/01 01:56:41.0011 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/12/01 01:56:41.0089 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
2010/12/01 01:56:41.0152 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/12/01 01:56:41.0308 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/12/01 01:56:41.0401 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/12/01 01:56:41.0464 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/12/01 01:56:41.0620 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/12/01 01:56:41.0713 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/12/01 01:56:41.0760 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/12/01 01:56:41.0947 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/12/01 01:56:41.0963 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/12/01 01:56:42.0025 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/01 01:56:42.0041 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/12/01 01:56:42.0103 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/12/01 01:56:42.0275 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/12/01 01:56:42.0322 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/12/01 01:56:42.0415 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/12/01 01:56:42.0649 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/12/01 01:56:42.0681 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/12/01 01:56:42.0774 aswFsBlk (b76182f203e0bd5eb6a5f6538f0faee4) C:\Windows\system32\drivers\aswFsBlk.sys
2010/12/01 01:56:42.0946 aswMonFlt (a88e9544edda1ce83825dd22d6a8b5f9) C:\Windows\system32\drivers\aswMonFlt.sys
2010/12/01 01:56:43.0008 aswRdr (cfad2fb33b22e7039c9dc233baacbf8b) C:\Windows\system32\drivers\aswRdr.sys
2010/12/01 01:56:43.0055 aswSP (594365e887f4a5ad3970870b352eb887) C:\Windows\system32\drivers\aswSP.sys
2010/12/01 01:56:43.0258 aswTdi (4ba0a0e1d36f88f536180ffe5efd8b7c) C:\Windows\system32\drivers\aswTdi.sys
2010/12/01 01:56:43.0336 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/01 01:56:43.0383 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/12/01 01:56:43.0632 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
2010/12/01 01:56:43.0741 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/12/01 01:56:43.0804 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/12/01 01:56:43.0975 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/12/01 01:56:44.0053 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/12/01 01:56:44.0241 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/01 01:56:44.0303 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/12/01 01:56:44.0334 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/12/01 01:56:44.0381 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
2010/12/01 01:56:44.0412 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
2010/12/01 01:56:44.0584 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/12/01 01:56:44.0631 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/12/01 01:56:44.0662 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/12/01 01:56:44.0693 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/12/01 01:56:44.0724 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/12/01 01:56:44.0911 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/01 01:56:44.0974 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/01 01:56:45.0036 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/12/01 01:56:45.0130 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/12/01 01:56:45.0364 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/01 01:56:45.0411 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/12/01 01:56:45.0473 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/12/01 01:56:45.0535 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/01 01:56:45.0691 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/12/01 01:56:45.0738 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/12/01 01:56:45.0816 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/12/01 01:56:45.0863 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/12/01 01:56:46.0035 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/12/01 01:56:46.0128 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2010/12/01 01:56:46.0175 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/12/01 01:56:46.0222 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/12/01 01:56:46.0393 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/12/01 01:56:46.0456 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/01 01:56:46.0737 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/12/01 01:56:46.0955 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/12/01 01:56:47.0002 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/12/01 01:56:47.0080 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/12/01 01:56:47.0127 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/12/01 01:56:47.0298 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/01 01:56:47.0361 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/12/01 01:56:47.0407 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/12/01 01:56:47.0454 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/01 01:56:47.0517 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/12/01 01:56:47.0688 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/12/01 01:56:47.0719 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/01 01:56:47.0782 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/12/01 01:56:47.0844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/12/01 01:56:48.0016 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/01 01:56:48.0109 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
2010/12/01 01:56:48.0172 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/12/01 01:56:48.0219 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/01 01:56:48.0375 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/12/01 01:56:48.0421 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/12/01 01:56:48.0468 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/12/01 01:56:48.0515 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/01 01:56:48.0577 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/12/01 01:56:48.0765 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/12/01 01:56:48.0889 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/12/01 01:56:48.0983 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/01 01:56:49.0077 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2010/12/01 01:56:49.0295 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/12/01 01:56:49.0389 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/12/01 01:56:49.0545 IntcAzAudAddService (04c6489a44e340574daae64a6062541c) C:\Windows\system32\drivers\RTKVHD64.sys
2010/12/01 01:56:49.0701 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/12/01 01:56:49.0747 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/01 01:56:49.0794 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/01 01:56:49.0841 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/12/01 01:56:49.0872 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/12/01 01:56:50.0075 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/12/01 01:56:50.0122 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/12/01 01:56:50.0184 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/01 01:56:50.0247 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/01 01:56:50.0403 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/01 01:56:50.0449 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/01 01:56:50.0496 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/12/01 01:56:50.0527 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/12/01 01:56:50.0761 LHidFilt (0a7d6ed578d85f0c35353424ee3f5245) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/12/01 01:56:50.0839 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/01 01:56:50.0886 LMouFilt (6542e2e6db58118fbb1b82a68ce3aff9) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/12/01 01:56:50.0949 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/12/01 01:56:51.0089 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/12/01 01:56:51.0120 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/12/01 01:56:51.0167 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/12/01 01:56:51.0214 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/12/01 01:56:51.0261 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/12/01 01:56:51.0307 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/12/01 01:56:51.0479 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/12/01 01:56:51.0526 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/01 01:56:51.0573 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/01 01:56:51.0619 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/01 01:56:51.0651 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/12/01 01:56:51.0807 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/12/01 01:56:51.0838 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/01 01:56:51.0885 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/01 01:56:51.0931 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/01 01:56:51.0978 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/01 01:56:52.0041 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/01 01:56:52.0197 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/12/01 01:56:52.0228 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/12/01 01:56:52.0321 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
2010/12/01 01:56:52.0368 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/12/01 01:56:52.0399 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/12/01 01:56:52.0555 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/12/01 01:56:52.0618 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/01 01:56:52.0665 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/01 01:56:52.0680 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/12/01 01:56:52.0727 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/12/01 01:56:52.0914 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/01 01:56:52.0977 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/12/01 01:56:53.0039 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/12/01 01:56:53.0211 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/12/01 01:56:53.0289 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/01 01:56:53.0367 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/12/01 01:56:53.0538 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/12/01 01:56:53.0601 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/01 01:56:53.0647 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/01 01:56:53.0679 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/01 01:56:53.0725 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/12/01 01:56:53.0897 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/01 01:56:53.0928 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/01 01:56:54.0225 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2010/12/01 01:56:54.0412 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/12/01 01:56:54.0459 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/12/01 01:56:54.0505 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/01 01:56:54.0599 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/12/01 01:56:54.0771 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/12/01 01:56:55.0207 nvlddmkm (adfd5c7fe0e9b73ed7916ec930fd4237) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/01 01:56:55.0457 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/12/01 01:56:55.0504 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/01 01:56:55.0566 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/12/01 01:56:55.0597 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/01 01:56:55.0660 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/12/01 01:56:55.0816 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/12/01 01:56:55.0878 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/12/01 01:56:55.0909 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/12/01 01:56:55.0941 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/01 01:56:55.0956 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/12/01 01:56:56.0003 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/12/01 01:56:56.0253 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/01 01:56:56.0299 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/12/01 01:56:56.0362 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/01 01:56:56.0455 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/12/01 01:56:56.0627 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/12/01 01:56:56.0674 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/01 01:56:56.0721 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/01 01:56:56.0799 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/12/01 01:56:56.0830 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/01 01:56:56.0986 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/01 01:56:57.0048 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/01 01:56:57.0095 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/01 01:56:57.0126 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/12/01 01:56:57.0157 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/01 01:56:57.0329 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/01 01:56:57.0360 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/12/01 01:56:57.0423 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/12/01 01:56:57.0469 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/12/01 01:56:57.0563 rismxdp (2a43f9e6dbde12bc0c104785c3b3f5df) C:\Windows\system32\DRIVERS\rixdpx64.sys
2010/12/01 01:56:57.0766 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys
2010/12/01 01:56:57.0844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/01 01:56:57.0906 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/12/01 01:56:57.0969 SCDEmu (7fb7a7448d6d3609724c3e5bd7a90f8e) C:\Windows\system32\drivers\SCDEmu.sys
2010/12/01 01:56:58.0109 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/12/01 01:56:58.0218 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/01 01:56:58.0281 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/12/01 01:56:58.0327 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/12/01 01:56:58.0483 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/12/01 01:56:58.0530 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/12/01 01:56:58.0577 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/01 01:56:58.0608 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/12/01 01:56:58.0624 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/01 01:56:58.0655 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/12/01 01:56:58.0702 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/12/01 01:56:58.0733 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/12/01 01:56:58.0905 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/12/01 01:56:59.0014 snapman (c28319bee124ed218839d3e3593968e9) C:\Windows\system32\DRIVERS\snapman.sys
2010/12/01 01:56:59.0170 SNP2UVC (602d86ff59a8d12264afba1b8b0a4a6b) C:\Windows\system32\DRIVERS\snp2uvc.sys
2010/12/01 01:56:59.0326 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/12/01 01:56:59.0435 sptd (9ab59cf736981ed1f83c6ab5faa8ba5c) C:\Windows\system32\Drivers\sptd.sys
2010/12/01 01:56:59.0638 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2010/12/01 01:56:59.0700 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/01 01:56:59.0778 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2010/12/01 01:56:59.0856 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2010/12/01 01:57:00.0059 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2010/12/01 01:57:00.0121 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/01 01:57:00.0324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/12/01 01:57:00.0387 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/01 01:57:00.0480 SynTP (572438150fc79e41a0348e3dc56b1dd2) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/01 01:57:00.0730 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/12/01 01:57:00.0948 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/01 01:57:01.0104 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/01 01:57:01.0151 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/12/01 01:57:01.0198 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/12/01 01:57:01.0245 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/01 01:57:01.0260 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/01 01:57:01.0447 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/01 01:57:01.0494 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/01 01:57:01.0525 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/12/01 01:57:01.0572 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/01 01:57:01.0744 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/12/01 01:57:01.0791 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/01 01:57:01.0822 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/01 01:57:01.0915 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2010/12/01 01:57:02.0071 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2010/12/01 01:57:02.0134 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/01 01:57:02.0181 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/12/01 01:57:02.0212 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/01 01:57:02.0259 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/01 01:57:02.0415 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/01 01:57:02.0461 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/01 01:57:02.0508 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/01 01:57:02.0539 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/01 01:57:02.0571 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/01 01:57:02.0617 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/12/01 01:57:02.0789 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/01 01:57:02.0836 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/12/01 01:57:02.0883 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/12/01 01:57:02.0914 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/12/01 01:57:02.0945 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/12/01 01:57:02.0992 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/12/01 01:57:03.0148 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/12/01 01:57:03.0226 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/12/01 01:57:03.0273 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/12/01 01:57:03.0335 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/12/01 01:57:03.0507 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/01 01:57:03.0522 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/01 01:57:03.0631 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/12/01 01:57:03.0678 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/01 01:57:03.0943 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/12/01 01:57:03.0975 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/12/01 01:57:04.0053 winbondcir (54d68b92dc59fbba95919c804a7c3e07) C:\Windows\system32\DRIVERS\winbondcir.sys
2010/12/01 01:57:04.0255 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/12/01 01:57:04.0365 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/12/01 01:57:04.0427 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/01 01:57:04.0489 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/12/01 01:57:04.0521 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/01 01:57:04.0630 ================================================================================
2010/12/01 01:57:04.0630 Scan finished
2010/12/01 01:57:04.0630 ================================================================================

Thanks for your help tonight!!

broni · 2010/12/01

Nothing there. Hold on...let me think for a moment...

broni · 2010/12/01

OK, I have to go to bed, but I'll leave you with a homework.

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Post fresh Process Explorer log.

IMPORTANT! Since I won't be able to check your results tonight, go back to "msconfig" and RE-enable all items, you just disabled.
That was for testing purposes only and you can't safely run your computer with the above settings.
I'll check on you tomorrow.

lpdrummer · 2010/12/01

Thanks alot!

lpdrummer · 2010/12/01

Here's the most recent log:

Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 74.16 0 K 24 K
Interrupts n/a 0.67 0 K 0 K Hardware Interrupts
DPCs n/a 0.67 0 K 0 K Deferred Procedure Calls
System 4 112 K 296 K
smss.exe 396 480 K 1,140 K
csrss.exe 524 2,060 K 3,980 K
wininit.exe 616 1,536 K 4,372 K
services.exe 672 7,612 K 10,604 K
svchost.exe 808 4,356 K 9,136 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
WmiPrvSE.exe 3444 3,176 K 6,612 K
dllhost.exe 3796 2,600 K 7,036 K
dllhost.exe 2720 0.67 2,044 K 5,808 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
svchost.exe 880 0.34 3,860 K 7,712 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe 952 18,392 K 20,400 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
audiodg.exe 1056 16,336 K 16,536 K
svchost.exe 984 2.68 67,464 K 79,608 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
dwm.exe 1436 2.35 25,984 K 20,500 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe "
WUDFHost.exe 2952 2,008 K 6,056 K
svchost.exe 108 22,400 K 38,408 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
taskeng.exe 2532 2,120 K 5,932 K Task Scheduler Engine Microsoft Corporation taskeng.exe {BBE88B1A-142A-4AD2-9E7E-CC2BE68B0F4F}
svchost.exe 1104 10,904 K 17,656 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 1184 16,116 K 18,460 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
AvastSvc.exe 1304 16,368 K 29,360 K avast! Service AVAST Software "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe "
spoolsv.exe 1728 8,636 K 14,960 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
svchost.exe 1756 14,968 K 19,740 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe 1852 3,888 K 8,388 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k apphost
svchost.exe 1888 8,508 K 15,636 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
svchost.exe 2044 4,084 K 7,532 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
svchost.exe 1208 6,196 K 9,688 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k iissvcs
WLIDSVC.EXE 1456 4,264 K 12,584 K "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "
WLIDSVCM.EXE 2884 1,168 K 3,128 K
taskhost.exe 2060 3,116 K 6,856 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe "
SearchIndexer.exe 2540 21,468 K 9,356 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
SearchProtocolHost.exe 2708 2,452 K 7,428 K
SearchFilterHost.exe 3088 1,880 K 5,132 K
alg.exe 2812 1,564 K 4,984 K Application Layer Gateway Service Microsoft Corporation C:\Windows\System32\alg.exe
wmpnetwk.exe 3432 2.68 13,840 K 31,528 K Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe "
svchost.exe 3652 9,308 K 12,808 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServicePeerNet
lsass.exe 688 0.67 6,024 K 12,776 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 696 2,464 K 4,124 K
csrss.exe 648 1,924 K 4,340 K
winlogon.exe 584 3,100 K 6,784 K
explorer.exe 1460 1.01 30,244 K 42,788 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
SynTPEnh.exe 3336 8,052 K 16,032 K Synaptics TouchPad Enhancements Synaptics, Inc. "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
SynTPHelper.exe 3820 1,172 K 3,152 K
procexp.exe 1032 1,928 K 6,192 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Alex\Desktop\procexp.exe"
procexp64.exe 3380 14.09 16,624 K 32,396 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Alex\Desktop\procexp.exe "

broni · 2010/12/01

We have:
System Idle Process at 74.16% and procexp64.exe (which normally wouldn't be running) at 14.09%.
That makes over 88% of CPU cycles NOT used.
I'd call it acceptable, but, if it was my computer, I wouldn't be totally happy.
With almost everything disabled, System Idle Process should be well over 90%.

Now...
In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
Post a link to this topic, so possible helpers can see what's going on.

IMHO, you may have some hardware issue(s), overheating.
I simply don't have enough time to investigate it further in malware forum, which is designed for....well, malware removal.

Since your computer is clean, I'll mark this thread as resolved (malware-wise).

Good luck

lpdrummer · 2010/12/01

That's fine, I really appreciate your help! Thanks again!

broni · 2010/12/01

Sure thing

Log in or Sign up

Solved TCP Open Ports - Rootkit

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved TCP Open Ports - Rootkit

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

lpdrummer Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches