Tech Support banner

Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
13 Posts
Discussion Starter #1
I have a Toshiba laptop and it keeps shutting off every few minutes. I've researched a bit and found that these laptops have an overheating problem, and I have it on a fan so I don't think that's the problem. This problem comes and goes and I'm wondering now if it might be due to some virus. I tried to follow the directions for what I should do prior to posting a hijackthis log, but my computer won't stay on long enough to do that.

Here is my result log from the hijackthis analyzer. Any help/advice would be appreciated.

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 9:24:45 PM, on 11/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\hj\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=fox17
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v42/blockwerx/blockwerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1101351311394
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127785615648
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://traf2.murfreesborotn.gov/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


End of KRC HijackThis Analyzer Log.
====================================================================
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Is this laptop new to you? Is the issue recent or ongoing?

I know this seems oversimplified, but have you checked the power saving settings? Laptops are set up to shut down swiftly if left unused for even a few minutes.

Start>Control Panel>Power Options>Power Schemes

There are several to choose from, the default in most has a short time before it shuts down. Check your setting.

Is the laptop's own fan blowing warm air out of the case?

If this is not the issue, as I'm not seeing anything in that log, it may be difficult to check with most of our scanners, as they take some length of time.

Here is one scanner which takes a short time to run, although it sees different things than an online virus scan would:

Download StartDreck http://www.greyknight17.com/spy/StartDreck.zip

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.
 

·
Registered
Joined
·
13 Posts
Discussion Starter #3
Toshiba Laptop

This is not a new laptop and the problem has been going on for about a year on and off. I inherited this laptop from a friend and I'm not sure how long he had it or if it gave him the same problem.

1. When I click on Power Options, it says "To adjust power management settings, close Microsoft Windows XP Power Options and use TOSHIBA Power Saver." However, when I double click on Toshiba Power Saver, nothing happens. It doesn't open or anything. The Windows XP Power Options is all greyed out, but the settings are all set for "after 30 minutes."

The laptop shuts down right while I'm working, so even though something is obviously wrong here with me not being able to access it, I'm not sure that's what's causing it to shut off.

2. The laptop's own case gets very warm on the bottom, but I wouldn't say it was blowing warm air. It just gets warm, if that makes sense.

3. Below is the log from the scan - the problem seems to have slowed down a bit today, so if you want to post other scans for me to try, I can probably accomplish those! The Toshiba gods are apparently occupied somewhere else today and are leaving me alone!!

StartDreck (build 2.1.7 public stable) - 2005-11-07 @ 21:32:01 (GMT -06:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Karen at TOSHIBA-USER

»Registry
»Run Keys
»Current User
»Run
»RunOnce
»Default User
»Run
*AVG7_Run=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
»RunOnce
»Local Machine
»Run
*AVG7_CC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
*iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
*SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\System32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /s
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
+Address Book 5/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\System32\ie4uinit.exe
+Fax/{8b15971b-5355-4c82-8c07-7e181ea07608}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
+CRLUpdate/{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
*StubPath=%SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
*SpywareGuardDLBLOCK.CBrowserHelper/{4A368E80-174F-4872-96B5-0B27DDD11DB2}
`InprocServer32=C:\Program Files\SpywareGuard\dlprotect.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHelper.dll
*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
`InprocServer32=c:\program files\google\googletoolbar2.dll
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Bar=http://www.toshiba.com/search
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.my.yahoo.com/
+SearchUrl
*provider=
»Default User
*Default_Search_URL=http://home.microsoft.com/search/lobby/search.asp
*Local Page=C:\WINDOWS\SYSTEM\blank.htm
*Search Bar=http://home.microsoft.com/search/lobby/search.asp
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.toshiba.com
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Bar=
*Search Page=http://ie.search.msn.com
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
+SearchUrl
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\System32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\System32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=explorer.exe
*Userinit=C:\WINDOWS\System32\Userinit.exe
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Karen\Start Menu\Programs\Startup\desktop.ini
»Default User
*C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla***
`127.0.0.1 www.searchforit.com # ***Inserted By STOPzilla***
`127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
`127.0.0.1 www.nude-teens-bodies.com # ***Inserted By STOPzilla***
`127.0.0.1 www.bundleware.com # ***Inserted By STOPzilla***
`127.0.0.1 www.on-search.com # ***Inserted By STOPzilla***
`127.0.0.1 www.search4www.com # ***Inserted By STOPzilla***
`127.0.0.1 www.teen-biz.com # ***Inserted By STOPzilla***
`127.0.0.1 searchx.cc # ***Inserted By STOPzilla***
`127.0.0.1 www.all-websearch.com # ***Inserted By STOPzilla***
`127.0.0.1 localhost # ***Inserted By STOPzilla***
`127.0.0.1 www.zonebest.com # ***Inserted By STOPzilla***
`127.0.0.1 0websearch.com # ***Inserted By STOPzilla***
`127.0.0.1 www.sp2admin.biz # ***Inserted By STOPzilla***
`127.0.0.1 www.heretofind.com # ***Inserted By STOPzilla***
`127.0.0.1 www.teenygirlshome.com # ***Inserted By STOPzilla***
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\chcp.com
*C:\WINDOWS\system32\chcp.com
+C:\WINDOWS\system32\command.com
*C:\WINDOWS\system32\command.com
+C:\WINDOWS\system32\diskcomp.com
*C:\WINDOWS\system32\diskcomp.com
+C:\WINDOWS\system32\diskcopy.com
*C:\WINDOWS\system32\diskcopy.com
+C:\WINDOWS\system32\edit.com
*C:\WINDOWS\system32\edit.com
+C:\WINDOWS\system32\format.com
*C:\WINDOWS\system32\format.com
+C:\WINDOWS\system32\graftabl.com
*C:\WINDOWS\system32\graftabl.com
+C:\WINDOWS\system32\graphics.com
*C:\WINDOWS\system32\graphics.com
+C:\WINDOWS\system32\kb16.com
*C:\WINDOWS\system32\kb16.com
+C:\WINDOWS\system32\loadfix.com
*C:\WINDOWS\system32\loadfix.com
+C:\WINDOWS\system32\mode.com
*C:\WINDOWS\system32\mode.com
+C:\WINDOWS\system32\more.com
*C:\WINDOWS\system32\more.com
+C:\WINDOWS\system32\tree.com
*C:\WINDOWS\system32\tree.com
+C:\WINDOWS\system32\win.com
*C:\WINDOWS\system32\win.com
+C:\WINDOWS\system32\00THotkey.exe
*C:\WINDOWS\system32\00THotkey.exe
+C:\WINDOWS\system32\accwiz.exe
*C:\WINDOWS\system32\accwiz.exe
+C:\WINDOWS\system32\actmovie.exe
*C:\WINDOWS\system32\actmovie.exe
+C:\WINDOWS\system32\adbltzun.exe
*C:\WINDOWS\system32\adbltzun.exe
+C:\WINDOWS\system32\ahui.exe
*C:\WINDOWS\system32\ahui.exe
+C:\WINDOWS\system32\alg.exe
*C:\WINDOWS\system32\alg.exe
+C:\WINDOWS\system32\ALiSndMg.exe
*C:\WINDOWS\system32\ALiSndMg.exe
+C:\WINDOWS\system32\append.exe
*C:\WINDOWS\system32\append.exe
+C:\WINDOWS\system32\aprxdist.exe
*C:\WINDOWS\system32\aprxdist.exe
+C:\WINDOWS\system32\arp.exe
*C:\WINDOWS\system32\arp.exe
+C:\WINDOWS\system32\at.exe
*C:\WINDOWS\system32\at.exe
+C:\WINDOWS\system32\atcliun.exe
*C:\WINDOWS\system32\atcliun.exe
+C:\WINDOWS\system32\atmadm.exe
*C:\WINDOWS\system32\atmadm.exe
+C:\WINDOWS\system32\attrib.exe
*C:\WINDOWS\system32\attrib.exe
+C:\WINDOWS\system32\auditusr.exe
*C:\WINDOWS\system32\auditusr.exe
+C:\WINDOWS\system32\autochk.exe
*C:\WINDOWS\system32\autochk.exe
+C:\WINDOWS\system32\autoconv.exe
*C:\WINDOWS\system32\autoconv.exe
+C:\WINDOWS\system32\autofmt.exe
*C:\WINDOWS\system32\autofmt.exe
+C:\WINDOWS\system32\autolfn.exe
*C:\WINDOWS\system32\autolfn.exe
+C:\WINDOWS\system32\blastcln.exe
*C:\WINDOWS\system32\blastcln.exe
+C:\WINDOWS\system32\bootok.exe
*C:\WINDOWS\system32\bootok.exe
+C:\WINDOWS\system32\bootvrfy.exe
*C:\WINDOWS\system32\bootvrfy.exe
+C:\WINDOWS\system32\bsva-egihsg52.exe
*C:\WINDOWS\system32\bsva-egihsg52.exe
+C:\WINDOWS\system32\btnetw3_venturahot_246765.exe
*C:\WINDOWS\system32\btnetw3_venturahot_246765.exe
+C:\WINDOWS\system32\cacls.exe
*C:\WINDOWS\system32\cacls.exe
+C:\WINDOWS\system32\calc.exe
*C:\WINDOWS\system32\calc.exe
+C:\WINDOWS\system32\charmap.exe
*C:\WINDOWS\system32\charmap.exe
+C:\WINDOWS\system32\chkdsk.exe
*C:\WINDOWS\system32\chkdsk.exe
+C:\WINDOWS\system32\chkntfs.exe
*C:\WINDOWS\system32\chkntfs.exe
+C:\WINDOWS\system32\cidaemon.exe
*C:\WINDOWS\system32\cidaemon.exe
+C:\WINDOWS\system32\cisvc.exe
*C:\WINDOWS\system32\cisvc.exe
+C:\WINDOWS\system32\ckcnv.exe
*C:\WINDOWS\system32\ckcnv.exe
+C:\WINDOWS\system32\cleanmgr.exe
*C:\WINDOWS\system32\cleanmgr.exe
+C:\WINDOWS\system32\cliconfg.exe
*C:\WINDOWS\system32\cliconfg.exe
+C:\WINDOWS\system32\clipbrd.exe
*C:\WINDOWS\system32\clipbrd.exe
+C:\WINDOWS\system32\clipsrv.exe
*C:\WINDOWS\system32\clipsrv.exe
+C:\WINDOWS\system32\clspack.exe
*C:\WINDOWS\system32\clspack.exe
+C:\WINDOWS\system32\cmd.exe
*C:\WINDOWS\system32\cmd.exe
+C:\WINDOWS\system32\cmdl32.exe
*C:\WINDOWS\system32\cmdl32.exe
+C:\WINDOWS\system32\cmmon32.exe
*C:\WINDOWS\system32\cmmon32.exe
+C:\WINDOWS\system32\cmstp.exe
*C:\WINDOWS\system32\cmstp.exe
+C:\WINDOWS\system32\comp.exe
*C:\WINDOWS\system32\comp.exe
+C:\WINDOWS\system32\compact.exe
*C:\WINDOWS\system32\compact.exe
+C:\WINDOWS\system32\conime.exe
*C:\WINDOWS\system32\conime.exe
+C:\WINDOWS\system32\control.exe
*C:\WINDOWS\system32\control.exe
+C:\WINDOWS\system32\convert.exe
*C:\WINDOWS\system32\convert.exe
+C:\WINDOWS\system32\cscript.exe
*C:\WINDOWS\system32\cscript.exe
+C:\WINDOWS\system32\cselect.exe
*C:\WINDOWS\system32\cselect.exe
+C:\WINDOWS\system32\csrss.exe
*C:\WINDOWS\system32\csrss.exe
+C:\WINDOWS\system32\ctfmon.exe
*C:\WINDOWS\system32\ctfmon.exe
+C:\WINDOWS\system32\dcomcnfg.exe
*C:\WINDOWS\system32\dcomcnfg.exe
+C:\WINDOWS\system32\ddeshare.exe
*C:\WINDOWS\system32\ddeshare.exe
+C:\WINDOWS\system32\debug.exe
*C:\WINDOWS\system32\debug.exe
+C:\WINDOWS\system32\defrag.exe
*C:\WINDOWS\system32\defrag.exe
+C:\WINDOWS\system32\dfrgfat.exe
*C:\WINDOWS\system32\dfrgfat.exe
+C:\WINDOWS\system32\dfrgntfs.exe
*C:\WINDOWS\system32\dfrgntfs.exe
+C:\WINDOWS\system32\diantz.exe
*C:\WINDOWS\system32\diantz.exe
+C:\WINDOWS\system32\diskpart.exe
*C:\WINDOWS\system32\diskpart.exe
+C:\WINDOWS\system32\diskperf.exe
*C:\WINDOWS\system32\diskperf.exe
+C:\WINDOWS\system32\dllhost.exe
*C:\WINDOWS\system32\dllhost.exe
+C:\WINDOWS\system32\dllhst3g.exe
*C:\WINDOWS\system32\dllhst3g.exe
+C:\WINDOWS\system32\dmadmin.exe
*C:\WINDOWS\system32\dmadmin.exe
+C:\WINDOWS\system32\dmremote.exe
*C:\WINDOWS\system32\dmremote.exe
+C:\WINDOWS\system32\doskey.exe
*C:\WINDOWS\system32\doskey.exe
+C:\WINDOWS\system32\dosx.exe
*C:\WINDOWS\system32\dosx.exe
+C:\WINDOWS\system32\dplaysvr.exe
*C:\WINDOWS\system32\dplaysvr.exe
+C:\WINDOWS\system32\dpnsvr.exe
*C:\WINDOWS\system32\dpnsvr.exe
+C:\WINDOWS\system32\dpvsetup.exe
*C:\WINDOWS\system32\dpvsetup.exe
+C:\WINDOWS\system32\drwatson.exe
*C:\WINDOWS\system32\drwatson.exe
+C:\WINDOWS\system32\drwtsn32.exe
*C:\WINDOWS\system32\drwtsn32.exe
+C:\WINDOWS\system32\dumprep.exe
*C:\WINDOWS\system32\dumprep.exe
+C:\WINDOWS\system32\dvdplay.exe
*C:\WINDOWS\system32\dvdplay.exe
+C:\WINDOWS\system32\dvdupgrd.exe
*C:\WINDOWS\system32\dvdupgrd.exe
+C:\WINDOWS\system32\dwwin.exe
*C:\WINDOWS\system32\dwwin.exe
+C:\WINDOWS\system32\dxdiag.exe
*C:\WINDOWS\system32\dxdiag.exe
+C:\WINDOWS\system32\edlin.exe
*C:\WINDOWS\system32\edlin.exe
+C:\WINDOWS\system32\esentutl.exe
*C:\WINDOWS\system32\esentutl.exe
+C:\WINDOWS\system32\eudcedit.exe
*C:\WINDOWS\system32\eudcedit.exe
+C:\WINDOWS\system32\eventvwr.exe
*C:\WINDOWS\system32\eventvwr.exe
+C:\WINDOWS\system32\exe2bin.exe
*C:\WINDOWS\system32\exe2bin.exe
+C:\WINDOWS\system32\expand.exe
*C:\WINDOWS\system32\expand.exe
+C:\WINDOWS\system32\extrac32.exe
*C:\WINDOWS\system32\extrac32.exe
+C:\WINDOWS\system32\fastopen.exe
*C:\WINDOWS\system32\fastopen.exe
+C:\WINDOWS\system32\faxpatch.exe
*C:\WINDOWS\system32\faxpatch.exe
+C:\WINDOWS\system32\fc.exe
*C:\WINDOWS\system32\fc.exe
+C:\WINDOWS\system32\find.exe
*C:\WINDOWS\system32\find.exe
+C:\WINDOWS\system32\findstr.exe
*C:\WINDOWS\system32\findstr.exe
+C:\WINDOWS\system32\finger.exe
*C:\WINDOWS\system32\finger.exe
+C:\WINDOWS\system32\fixmapi.exe
*C:\WINDOWS\system32\fixmapi.exe
+C:\WINDOWS\system32\fltmc.exe
*C:\WINDOWS\system32\fltmc.exe
+C:\WINDOWS\system32\fontview.exe
*C:\WINDOWS\system32\fontview.exe
+C:\WINDOWS\system32\forcedos.exe
*C:\WINDOWS\system32\forcedos.exe
+C:\WINDOWS\system32\freecell.exe
*C:\WINDOWS\system32\freecell.exe
+C:\WINDOWS\system32\fsquirt.exe
*C:\WINDOWS\system32\fsquirt.exe
+C:\WINDOWS\system32\fsutil.exe
*C:\WINDOWS\system32\fsutil.exe
+C:\WINDOWS\system32\ftp.exe
*C:\WINDOWS\system32\ftp.exe
+C:\WINDOWS\system32\fxsclnt.exe
*C:\WINDOWS\system32\fxsclnt.exe
+C:\WINDOWS\system32\fxscover.exe
*C:\WINDOWS\system32\fxscover.exe
+C:\WINDOWS\system32\fxssend.exe
*C:\WINDOWS\system32\fxssend.exe
+C:\WINDOWS\system32\fxssvc.exe
*C:\WINDOWS\system32\fxssvc.exe
+C:\WINDOWS\system32\gdi.exe
*C:\WINDOWS\system32\gdi.exe
+C:\WINDOWS\system32\grpconv.exe
*C:\WINDOWS\system32\grpconv.exe
+C:\WINDOWS\system32\GSM3-0511.exe
*C:\WINDOWS\system32\GSM3-0511.exe
+C:\WINDOWS\system32\help.exe
*C:\WINDOWS\system32\help.exe
+C:\WINDOWS\system32\hostname.exe
*C:\WINDOWS\system32\hostname.exe
+C:\WINDOWS\system32\ie4uinit.exe
*C:\WINDOWS\system32\ie4uinit.exe
+C:\WINDOWS\system32\iexpress.exe
*C:\WINDOWS\system32\iexpress.exe
+C:\WINDOWS\system32\imapi.exe
*C:\WINDOWS\system32\imapi.exe
+C:\WINDOWS\system32\ImapiRox.exe
*C:\WINDOWS\system32\ImapiRox.exe
+C:\WINDOWS\system32\InstallerV3.exe
*C:\WINDOWS\system32\InstallerV3.exe
+C:\WINDOWS\system32\ipconfig.exe
*C:\WINDOWS\system32\ipconfig.exe
+C:\WINDOWS\system32\ipsec6.exe
*C:\WINDOWS\system32\ipsec6.exe
+C:\WINDOWS\system32\ipv6.exe
*C:\WINDOWS\system32\ipv6.exe
+C:\WINDOWS\system32\ipxroute.exe
*C:\WINDOWS\system32\ipxroute.exe
+C:\WINDOWS\system32\irftp.exe
*C:\WINDOWS\system32\irftp.exe
+C:\WINDOWS\system32\java.exe
*C:\WINDOWS\system32\java.exe
+C:\WINDOWS\system32\javaw.exe
*C:\WINDOWS\system32\javaw.exe
+C:\WINDOWS\system32\javaws.exe
*C:\WINDOWS\system32\javaws.exe
+C:\WINDOWS\system32\jdbgmgr.exe
*C:\WINDOWS\system32\jdbgmgr.exe
+C:\WINDOWS\system32\jre116.exe
*C:\WINDOWS\system32\jre116.exe
+C:\WINDOWS\system32\jview.exe
*C:\WINDOWS\system32\jview.exe
+C:\WINDOWS\system32\krnl386.exe
*C:\WINDOWS\system32\krnl386.exe
+C:\WINDOWS\system32\label.exe
*C:\WINDOWS\system32\label.exe
+C:\WINDOWS\system32\lights.exe
*C:\WINDOWS\system32\lights.exe
+C:\WINDOWS\system32\lnkstub.exe
*C:\WINDOWS\system32\lnkstub.exe
+C:\WINDOWS\system32\locator.exe
*C:\WINDOWS\system32\locator.exe
+C:\WINDOWS\system32\lodctr.exe
*C:\WINDOWS\system32\lodctr.exe
+C:\WINDOWS\system32\logagent.exe
*C:\WINDOWS\system32\logagent.exe
+C:\WINDOWS\system32\logman.exe
*C:\WINDOWS\system32\logman.exe
+C:\WINDOWS\system32\logoff.exe
*C:\WINDOWS\system32\logoff.exe
+C:\WINDOWS\system32\logonui.exe
*C:\WINDOWS\system32\logonui.exe
+C:\WINDOWS\system32\lpq.exe
*C:\WINDOWS\system32\lpq.exe
+C:\WINDOWS\system32\lpr.exe
*C:\WINDOWS\system32\lpr.exe
+C:\WINDOWS\system32\lsass.exe
*C:\WINDOWS\system32\lsass.exe
+C:\WINDOWS\system32\magnify.exe
*C:\WINDOWS\system32\magnify.exe
+C:\WINDOWS\system32\makecab.exe
*C:\WINDOWS\system32\makecab.exe
+C:\WINDOWS\system32\MAPISRVR.EXE
*C:\WINDOWS\system32\MAPISRVR.EXE
+C:\WINDOWS\system32\mem.exe
*C:\WINDOWS\system32\mem.exe
+C:\WINDOWS\system32\migpwd.exe
*C:\WINDOWS\system32\migpwd.exe
+C:\WINDOWS\system32\mmc.exe
*C:\WINDOWS\system32\mmc.exe
+C:\WINDOWS\system32\mnmsrvc.exe
*C:\WINDOWS\system32\mnmsrvc.exe
+C:\WINDOWS\system32\mobsync.exe
*C:\WINDOWS\system32\mobsync.exe
+C:\WINDOWS\system32\mountvol.exe
*C:\WINDOWS\system32\mountvol.exe
+C:\WINDOWS\system32\mplay32.exe
*C:\WINDOWS\system32\mplay32.exe
+C:\WINDOWS\system32\mpnotify.exe
*C:\WINDOWS\system32\mpnotify.exe
+C:\WINDOWS\system32\mrinfo.exe
*C:\WINDOWS\system32\mrinfo.exe
+C:\WINDOWS\system32\MRT.exe
*C:\WINDOWS\system32\MRT.exe
+C:\WINDOWS\system32\mscdexnt.exe
*C:\WINDOWS\system32\mscdexnt.exe
+C:\WINDOWS\system32\msdtc.exe
*C:\WINDOWS\system32\msdtc.exe
+C:\WINDOWS\system32\msg.exe
*C:\WINDOWS\system32\msg.exe
+C:\WINDOWS\system32\mshearts.exe
*C:\WINDOWS\system32\mshearts.exe
+C:\WINDOWS\system32\mshta.exe
*C:\WINDOWS\system32\mshta.exe
+C:\WINDOWS\system32\msiexec.exe
*C:\WINDOWS\system32\msiexec.exe
+C:\WINDOWS\system32\mspaint.exe
*C:\WINDOWS\system32\mspaint.exe
+C:\WINDOWS\system32\MsPMSPSv.exe
*C:\WINDOWS\system32\MsPMSPSv.exe
+C:\WINDOWS\system32\msswchx.exe
*C:\WINDOWS\system32\msswchx.exe
+C:\WINDOWS\system32\mstinit.exe
*C:\WINDOWS\system32\mstinit.exe
+C:\WINDOWS\system32\mstsc.exe
*C:\WINDOWS\system32\mstsc.exe
+C:\WINDOWS\system32\narrator.exe
*C:\WINDOWS\system32\narrator.exe
+C:\WINDOWS\system32\nbtstat.exe
*C:\WINDOWS\system32\nbtstat.exe
+C:\WINDOWS\system32\nddeapir.exe
*C:\WINDOWS\system32\nddeapir.exe
+C:\WINDOWS\system32\net.exe
*C:\WINDOWS\system32\net.exe
+C:\WINDOWS\system32\net1.exe
*C:\WINDOWS\system32\net1.exe
+C:\WINDOWS\system32\netdde.exe
*C:\WINDOWS\system32\netdde.exe
+C:\WINDOWS\system32\netsetup.exe
*C:\WINDOWS\system32\netsetup.exe
+C:\WINDOWS\system32\netsh.exe
*C:\WINDOWS\system32\netsh.exe
+C:\WINDOWS\system32\netstat.exe
*C:\WINDOWS\system32\netstat.exe
+C:\WINDOWS\system32\nlsfunc.exe
*C:\WINDOWS\system32\nlsfunc.exe
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\notepad.exe
*C:\WINDOWS\system32\notepad.exe
+C:\WINDOWS\system32\nslookup.exe
*C:\WINDOWS\system32\nslookup.exe
+C:\WINDOWS\system32\ntkrnlpa.exe
*C:\WINDOWS\system32\ntkrnlpa.exe
+C:\WINDOWS\system32\ntoskrnl.exe
*C:\WINDOWS\system32\ntoskrnl.exe
+C:\WINDOWS\system32\ntsd.exe
*C:\WINDOWS\system32\ntsd.exe
+C:\WINDOWS\system32\ntvdm.exe
*C:\WINDOWS\system32\ntvdm.exe
+C:\WINDOWS\system32\odbcad32.exe
*C:\WINDOWS\system32\odbcad32.exe
+C:\WINDOWS\system32\odbcconf.exe
*C:\WINDOWS\system32\odbcconf.exe
+C:\WINDOWS\system32\osk.exe
*C:\WINDOWS\system32\osk.exe
+C:\WINDOWS\system32\osuninst.exe
*C:\WINDOWS\system32\osuninst.exe
+C:\WINDOWS\system32\packager.exe
*C:\WINDOWS\system32\packager.exe
+C:\WINDOWS\system32\pathping.exe
*C:\WINDOWS\system32\pathping.exe
+C:\WINDOWS\system32\pentnt.exe
*C:\WINDOWS\system32\pentnt.exe
+C:\WINDOWS\system32\perfmon.exe
*C:\WINDOWS\system32\perfmon.exe
+C:\WINDOWS\system32\ping.exe
*C:\WINDOWS\system32\ping.exe
+C:\WINDOWS\system32\ping6.exe
*C:\WINDOWS\system32\ping6.exe
+C:\WINDOWS\system32\powercfg.exe
*C:\WINDOWS\system32\powercfg.exe
+C:\WINDOWS\system32\print.exe
*C:\WINDOWS\system32\print.exe
+C:\WINDOWS\system32\progman.exe
*C:\WINDOWS\system32\progman.exe
+C:\WINDOWS\system32\proquota.exe
*C:\WINDOWS\system32\proquota.exe
+C:\WINDOWS\system32\proxycfg.exe
*C:\WINDOWS\system32\proxycfg.exe
+C:\WINDOWS\system32\qappsrv.exe
*C:\WINDOWS\system32\qappsrv.exe
+C:\WINDOWS\system32\qprocess.exe
*C:\WINDOWS\system32\qprocess.exe
+C:\WINDOWS\system32\qwinsta.exe
*C:\WINDOWS\system32\qwinsta.exe
+C:\WINDOWS\system32\rasautou.exe
*C:\WINDOWS\system32\rasautou.exe
+C:\WINDOWS\system32\rasdial.exe
*C:\WINDOWS\system32\rasdial.exe
+C:\WINDOWS\system32\rasphone.exe
*C:\WINDOWS\system32\rasphone.exe
+C:\WINDOWS\system32\rcimlby.exe
*C:\WINDOWS\system32\rcimlby.exe
+C:\WINDOWS\system32\rcp.exe
*C:\WINDOWS\system32\rcp.exe
+C:\WINDOWS\system32\rdpclip.exe
*C:\WINDOWS\system32\rdpclip.exe
+C:\WINDOWS\system32\rdsaddin.exe
*C:\WINDOWS\system32\rdsaddin.exe
+C:\WINDOWS\system32\rdshost.exe
*C:\WINDOWS\system32\rdshost.exe
+C:\WINDOWS\system32\recover.exe
*C:\WINDOWS\system32\recover.exe
+C:\WINDOWS\system32\redir.exe
*C:\WINDOWS\system32\redir.exe
+C:\WINDOWS\system32\reg.exe
*C:\WINDOWS\system32\reg.exe
+C:\WINDOWS\system32\regedt32.exe
*C:\WINDOWS\system32\regedt32.exe
+C:\WINDOWS\system32\regini.exe
*C:\WINDOWS\system32\regini.exe
+C:\WINDOWS\system32\regsvr32.exe
*C:\WINDOWS\system32\regsvr32.exe
+C:\WINDOWS\system32\regwiz.exe
*C:\WINDOWS\system32\regwiz.exe
+C:\WINDOWS\system32\remove.exe
*C:\WINDOWS\system32\remove.exe
+C:\WINDOWS\system32\replace.exe
*C:\WINDOWS\system32\replace.exe
+C:\WINDOWS\system32\reset.exe
*C:\WINDOWS\system32\reset.exe
+C:\WINDOWS\system32\rexec.exe
*C:\WINDOWS\system32\rexec.exe
+C:\WINDOWS\system32\route.exe
*C:\WINDOWS\system32\route.exe
+C:\WINDOWS\system32\routemon.exe
*C:\WINDOWS\system32\routemon.exe
+C:\WINDOWS\system32\rsh.exe
*C:\WINDOWS\system32\rsh.exe
+C:\WINDOWS\system32\rsm.exe
*C:\WINDOWS\system32\rsm.exe
+C:\WINDOWS\system32\rsmsink.exe
*C:\WINDOWS\system32\rsmsink.exe
+C:\WINDOWS\system32\rsmui.exe
*C:\WINDOWS\system32\rsmui.exe
+C:\WINDOWS\system32\rsvp.exe
*C:\WINDOWS\system32\rsvp.exe
+C:\WINDOWS\system32\rtcshare.exe
*C:\WINDOWS\system32\rtcshare.exe
+C:\WINDOWS\system32\runas.exe
*C:\WINDOWS\system32\runas.exe
+C:\WINDOWS\system32\rundll32.exe
*C:\WINDOWS\system32\rundll32.exe
+C:\WINDOWS\system32\runonce.exe
*C:\WINDOWS\system32\runonce.exe
+C:\WINDOWS\system32\rwinsta.exe
*C:\WINDOWS\system32\rwinsta.exe
+C:\WINDOWS\system32\savedump.exe
*C:\WINDOWS\system32\savedump.exe
+C:\WINDOWS\system32\sc.exe
*C:\WINDOWS\system32\sc.exe
+C:\WINDOWS\system32\scardsvr.exe
*C:\WINDOWS\system32\scardsvr.exe
+C:\WINDOWS\system32\sdbinst.exe
*C:\WINDOWS\system32\sdbinst.exe
+C:\WINDOWS\system32\services.exe
*C:\WINDOWS\system32\services.exe
+C:\WINDOWS\system32\sessmgr.exe
*C:\WINDOWS\system32\sessmgr.exe
+C:\WINDOWS\system32\sethc.exe
*C:\WINDOWS\system32\sethc.exe
+C:\WINDOWS\system32\setup.exe
*C:\WINDOWS\system32\setup.exe
+C:\WINDOWS\system32\setver.exe
*C:\WINDOWS\system32\setver.exe
+C:\WINDOWS\system32\sfc.exe
*C:\WINDOWS\system32\sfc.exe
+C:\WINDOWS\system32\shadow.exe
*C:\WINDOWS\system32\shadow.exe
+C:\WINDOWS\system32\share.exe
*C:\WINDOWS\system32\share.exe
+C:\WINDOWS\system32\shmgrate.exe
*C:\WINDOWS\system32\shmgrate.exe
+C:\WINDOWS\system32\shrpubw.exe
*C:\WINDOWS\system32\shrpubw.exe
+C:\WINDOWS\system32\shutdown.exe
*C:\WINDOWS\system32\shutdown.exe
+C:\WINDOWS\system32\sigverif.exe
*C:\WINDOWS\system32\sigverif.exe
+C:\WINDOWS\system32\skeys.exe
*C:\WINDOWS\system32\skeys.exe
+C:\WINDOWS\system32\slrundll.exe
*C:\WINDOWS\slrundll.exe
*C:\WINDOWS\system32\slrundll.exe
+C:\WINDOWS\system32\slserv.exe
*C:\WINDOWS\system32\slserv.exe
+C:\WINDOWS\system32\smbinst.exe
*C:\WINDOWS\system32\smbinst.exe
+C:\WINDOWS\system32\smlogsvc.exe
*C:\WINDOWS\system32\smlogsvc.exe
+C:\WINDOWS\system32\smss.exe
*C:\WINDOWS\system32\smss.exe
+C:\WINDOWS\system32\sndrec32.exe
*C:\WINDOWS\system32\sndrec32.exe
+C:\WINDOWS\system32\sndvol32.exe
*C:\WINDOWS\system32\sndvol32.exe
+C:\WINDOWS\system32\sol.exe
*C:\WINDOWS\system32\sol.exe
+C:\WINDOWS\system32\sort.exe
*C:\WINDOWS\system32\sort.exe
+C:\WINDOWS\system32\spdwnwxp.exe
*C:\WINDOWS\system32\spdwnwxp.exe
+C:\WINDOWS\system32\spider.exe
*C:\WINDOWS\system32\spider.exe
+C:\WINDOWS\system32\spnpinst.exe
*C:\WINDOWS\system32\spnpinst.exe
+C:\WINDOWS\system32\spoolsv.exe
*C:\WINDOWS\system32\spoolsv.exe
+C:\WINDOWS\system32\sprestrt.exe
*C:\WINDOWS\system32\sprestrt.exe
+C:\WINDOWS\system32\spupdsvc.exe
*C:\WINDOWS\system32\spupdsvc.exe
+C:\WINDOWS\system32\spupdwxp.exe
*C:\WINDOWS\system32\spupdwxp.exe
+C:\WINDOWS\system32\stimon.exe
*C:\WINDOWS\system32\stimon.exe
+C:\WINDOWS\system32\subst.exe
*C:\WINDOWS\system32\subst.exe
+C:\WINDOWS\system32\svchost.exe
*C:\WINDOWS\system32\svchost.exe
+C:\WINDOWS\system32\syncapp.exe
*C:\WINDOWS\system32\syncapp.exe
+C:\WINDOWS\system32\sysedit.exe
*C:\WINDOWS\system32\sysedit.exe
+C:\WINDOWS\system32\syskey.exe
*C:\WINDOWS\system32\syskey.exe
+C:\WINDOWS\system32\sysocmgr.exe
*C:\WINDOWS\system32\sysocmgr.exe
+C:\WINDOWS\system32\systray.exe
*C:\WINDOWS\system32\systray.exe
+C:\WINDOWS\system32\taskman.exe
*C:\WINDOWS\TASKMAN.EXE
*C:\WINDOWS\system32\taskman.exe
+C:\WINDOWS\system32\taskmgr.exe
*C:\WINDOWS\system32\taskmgr.exe
+C:\WINDOWS\system32\tcleanup.exe
*C:\WINDOWS\system32\tcleanup.exe
+C:\WINDOWS\system32\tcmsetup.exe
*C:\WINDOWS\system32\tcmsetup.exe
+C:\WINDOWS\system32\tcpsvcs.exe
*C:\WINDOWS\system32\tcpsvcs.exe
+C:\WINDOWS\system32\telnet.exe
*C:\WINDOWS\system32\telnet.exe
+C:\WINDOWS\system32\tftp.exe
*C:\WINDOWS\system32\tftp.exe
+C:\WINDOWS\system32\tosmreg.exe
*C:\WINDOWS\system32\tosmreg.exe
+C:\WINDOWS\system32\tourstart.exe
*C:\WINDOWS\system32\tourstart.exe
+C:\WINDOWS\system32\TPWRDEL.exe
*C:\WINDOWS\system32\TPWRDEL.exe
+C:\WINDOWS\system32\TPWRTRAY.EXE
*C:\WINDOWS\system32\TPWRTRAY.EXE
+C:\WINDOWS\system32\tracert.exe
*C:\WINDOWS\system32\tracert.exe
+C:\WINDOWS\system32\tracert6.exe
*C:\WINDOWS\system32\tracert6.exe
+C:\WINDOWS\system32\tscon.exe
*C:\WINDOWS\system32\tscon.exe
+C:\WINDOWS\system32\tscupgrd.exe
*C:\WINDOWS\system32\tscupgrd.exe
+C:\WINDOWS\system32\tsdiscon.exe
*C:\WINDOWS\system32\tsdiscon.exe
+C:\WINDOWS\system32\tskill.exe
*C:\WINDOWS\system32\tskill.exe
+C:\WINDOWS\system32\tsshutdn.exe
*C:\WINDOWS\system32\tsshutdn.exe
+C:\WINDOWS\system32\tutildel.exe
*C:\WINDOWS\system32\tutildel.exe
+C:\WINDOWS\system32\tvicon.exe
*C:\WINDOWS\system32\tvicon.exe
+C:\WINDOWS\system32\TWarnMsg.exe
*C:\WINDOWS\system32\TWarnMsg.exe
+C:\WINDOWS\system32\UnAudio.exe
*C:\WINDOWS\system32\UnAudio.exe
+C:\WINDOWS\system32\unlodctr.exe
*C:\WINDOWS\system32\unlodctr.exe
+C:\WINDOWS\system32\updcrl.exe
*C:\WINDOWS\system32\updcrl.exe
+C:\WINDOWS\system32\upnpcont.exe
*C:\WINDOWS\system32\upnpcont.exe
+C:\WINDOWS\system32\ups.exe
*C:\WINDOWS\system32\ups.exe
+C:\WINDOWS\system32\user.exe
*C:\WINDOWS\system32\user.exe
+C:\WINDOWS\system32\userinit.exe
*C:\WINDOWS\system32\userinit.exe
+C:\WINDOWS\system32\usrmlnka.exe
*C:\WINDOWS\system32\usrmlnka.exe
+C:\WINDOWS\system32\usrprbda.exe
*C:\WINDOWS\system32\usrprbda.exe
+C:\WINDOWS\system32\usrshuta.exe
*C:\WINDOWS\system32\usrshuta.exe
+C:\WINDOWS\system32\utilman.exe
*C:\WINDOWS\system32\utilman.exe
+C:\WINDOWS\system32\ventura-hot_246765.exe
*C:\WINDOWS\system32\ventura-hot_246765.exe
+C:\WINDOWS\system32\verifier.exe
*C:\WINDOWS\system32\verifier.exe
+C:\WINDOWS\system32\videoico.exe
*C:\WINDOWS\system32\videoico.exe
+C:\WINDOWS\system32\vssadmin.exe
*C:\WINDOWS\system32\vssadmin.exe
+C:\WINDOWS\system32\vssvc.exe
*C:\WINDOWS\system32\vssvc.exe
+C:\WINDOWS\system32\w32tm.exe
*C:\WINDOWS\system32\w32tm.exe
+C:\WINDOWS\system32\wextract.exe
*C:\WINDOWS\system32\wextract.exe
+C:\WINDOWS\system32\wiaacmgr.exe
*C:\WINDOWS\system32\wiaacmgr.exe
+C:\WINDOWS\system32\winchat.exe
*C:\WINDOWS\system32\winchat.exe
+C:\WINDOWS\system32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
*C:\WINDOWS\system32\winhlp32.exe
+C:\WINDOWS\system32\winlogon.exe
*C:\WINDOWS\system32\winlogon.exe
+C:\WINDOWS\system32\winmine.exe
*C:\WINDOWS\system32\winmine.exe
+C:\WINDOWS\system32\winmsd.exe
*C:\WINDOWS\system32\winmsd.exe
+C:\WINDOWS\system32\winspool.exe
*C:\WINDOWS\system32\winspool.exe
+C:\WINDOWS\system32\winupdt.exe
*C:\WINDOWS\system32\winupdt.exe
+C:\WINDOWS\system32\winver.exe
*C:\WINDOWS\system32\winver.exe
+C:\WINDOWS\system32\WISPTIS.EXE
*C:\WINDOWS\system32\WISPTIS.EXE
+C:\WINDOWS\system32\wjview.exe
*C:\WINDOWS\system32\wjview.exe
+C:\WINDOWS\system32\wmpstub.exe
*C:\WINDOWS\system32\wmpstub.exe
+C:\WINDOWS\system32\wowdeb.exe
*C:\WINDOWS\system32\wowdeb.exe
+C:\WINDOWS\system32\wowexec.exe
*C:\WINDOWS\system32\wowexec.exe
+C:\WINDOWS\system32\wpabaln.exe
*C:\WINDOWS\system32\wpabaln.exe
+C:\WINDOWS\system32\wpnpinst.exe
*C:\WINDOWS\system32\wpnpinst.exe
+C:\WINDOWS\system32\write.exe
*C:\WINDOWS\system32\write.exe
+C:\WINDOWS\system32\wscntfy.exe
*C:\WINDOWS\system32\wscntfy.exe
+C:\WINDOWS\system32\wscript.exe
*C:\WINDOWS\system32\wscript.exe
+C:\WINDOWS\system32\wuauclt.exe
*C:\WINDOWS\system32\wuauclt.exe
+C:\WINDOWS\system32\wuauclt1.exe
*C:\WINDOWS\system32\wuauclt1.exe
+C:\WINDOWS\system32\wupdmgr.exe
*C:\WINDOWS\system32\wupdmgr.exe
+C:\WINDOWS\system32\xcopy.exe
*C:\WINDOWS\system32\xcopy.exe
+C:\WINDOWS\system32\xpsp1hfm.exe
*C:\WINDOWS\system32\xpsp1hfm.exe
+C:\WINDOWS\system32\usrlogon.cmd
*C:\WINDOWS\system32\usrlogon.cmd
+C:\WINDOWS\system32\pubprn.vbs
*C:\WINDOWS\system32\pubprn.vbs
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+592=\SystemRoot\System32\smss.exe
+640=\??\C:\WINDOWS\system32\csrss.exe
+668=\??\C:\WINDOWS\System32\winlogon.exe
+712=C:\WINDOWS\system32\services.exe
+724=C:\WINDOWS\system32\lsass.exe
+864=C:\WINDOWS\system32\svchost.exe
+912=C:\WINDOWS\system32\svchost.exe
+952=C:\WINDOWS\System32\svchost.exe
+996=C:\WINDOWS\System32\svchost.exe
+1128=C:\WINDOWS\System32\svchost.exe
+1388=C:\WINDOWS\Explorer.EXE
+1608=C:\WINDOWS\system32\spoolsv.exe
+1708=C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
+1724=C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
+1736=C:\WINDOWS\System32\cisvc.exe
+1792=C:\Program Files\ewido\security suite\ewidoctrl.exe
+1932=C:\WINDOWS\System32\MsPMSPSv.exe
+1248=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
+1288=C:\Program Files\Common Files\Real\Update_OB\realsched.exe
+1292=C:\Program Files\QuickTime\qttask.exe
+1324=C:\Program Files\iTunes\iTunesHelper.exe
+764=C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
+1416=C:\Program Files\WinZip\WZQKPICK.EXE
+1816=C:\WINDOWS\System32\alg.exe
+1840=C:\Program Files\iPod\bin\iPodService.exe
+3336=C:\WINDOWS\System32\cidaemon.exe
+3032=C:\Program Files\Internet Explorer\iexplore.exe
+3180=C:\WINDOWS\NOTEPAD.EXE
+2184=C:\Documents and Settings\Karen\Desktop\StartDreck\StartDreck.exe
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Hi Karen -

I suspect a hardware issue, but let's try to rule out a virus. See if you can keep it awake long enough to do this:


Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan
 

·
Registered
Joined
·
13 Posts
Discussion Starter #5
Toshi*ba

Sorry, but it won't stay alive long enough to run this test. I think I just need a new laptop. I can use this one as a doorstop.
 

·
Premium Member
Joined
·
14,311 Posts
Post this in the hardware section of the forum. It's most likely a hardware issue as tetonbob has mentioned.

One thing to add though. You said there was no warm air blowing out. Look at the bottom or the sides of the laptop. Are their ventilation holes there? There should be a fan or two spinning to keep things cooler inside. It might be the fan...but to help troubleshoot this more, post it in the hardware forum.

Post back once more to acknowledge that you've read this and we will close the topic up.
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top