Jump to content

msquare

Members
  • Posts

    8
  • Joined

  • Last visited

Everything posted by msquare

  1. It looks like its svchost.exe netsvcs that is the offending process. What next?
  2. The computer is running better, but svchost.exe is still writing hundreds of thousands of entries into my registry. See the attached file from Process Monitor. I seem to have four versions of that file. ProcessMonitor.html
  3. Looks like the last log got cut off. Here is a new one. ComboFix2.txt
  4. I ran all 7 tests. The logs are attached. Can you advise what I should do next? RKreport0_S_08022013_004059.txt Addition.txt AdwCleanerS1.txt ESET-Log.txt FRST.txt JRT.txt system-log.txt
  5. ***DDS Log DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_16Run by msquare at 23:42:56 on 2013-08-01Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1940 [GMT -7:00].AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files (x86)\Fingerprint Sensor\ATService.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\system32\Ati2evxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\Ati2evxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\WLTRYSVC.EXEC:\Windows\system32\WLANExt.exeC:\Windows\System32\bcmwltry.exeC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_0c642403\AESTSr64.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files (x86)\Dokan\DokanLibrary\mounter.exeC:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exeC:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exeC:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exeC:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exeC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exeC:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exeC:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exeC:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exeC:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\wbem\unsecapp.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\DellTPad\Apoint.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Windows\System32\WLTRAY.EXEC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Users\msquare\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exeC:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher GUI.exeC:\Program Files (x86)\AVG\AVG2013\avgui.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\DellTPad\Apntex.exeC:\Program Files\DellTPad\HidFind.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Java\jre6\bin\jucheck.exeC:\Windows\SysWOW64\explorer.exeC:\Users\msquare\Desktop\Procmon.exeC:\Users\msquare\AppData\Local\Temp\Procmon64.exeC:\Windows\system32\msiexec.exeC:\Users\msquare\AppData\Local\Temp\UNINSTALL.EXEC:\Users\msquare\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\msquare\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\msquare\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\msquare\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\msquare\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\msquare\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Users\msquare\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\msquare\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [Google Update] "C:\Users\msquare\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [spotify Web Helper] "C:\Users\msquare\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"mRun: [DT ACR] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -ACRmRun: [startupDelayer] "C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYmRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTCP: NameServer = 192.168.1.1 4.2.2.2TCP: Interfaces\{09495D77-510A-421D-A003-13C3CCCE8E40} : DHCPNameServer = 209.183.54.151 209.183.54.151TCP: Interfaces\{7D0EDF02-4562-48E4-931E-A89A19153927} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{8BD0921E-FFBB-4E1D-8088-84C025A6CA47} : DHCPNameServer = 192.168.42.129TCP: Interfaces\{C86FE04F-360D-493D-9D99-838BE486094F} : DHCPNameServer = 192.168.1.1 4.2.2.2Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dllLSA: Notification Packages = scecli DPPWDFLTLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkgx64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllx64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hidex64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exex64-Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"x64-Run: [broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exex64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exex64-mPolicies-Explorer: NoActiveDesktop = dword:1x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0x64-mPolicies-System: EnableLUA = dword:0x64-mPolicies-System: EnableUIADesktopToggle = dword:0x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmx64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\msquare\AppData\Roaming\Mozilla\Firefox\Profiles\a04mtmlg.default\FF - prefs.js: keyword.URL - FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dllFF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dllFF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dllFF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dllFF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dllFF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dllFF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dllFF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dllFF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dllFF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dllFF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dllFF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dllFF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dllFF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dllFF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dllFF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dllFF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dllFF - component: C:\Users\msquare\AppData\Roaming\Mozilla\Firefox\Profiles\a04mtmlg.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dllFF - component: C:\Users\msquare\AppData\Roaming\Mozilla\Firefox\Profiles\a04mtmlg.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dllFF - component: C:\Users\msquare\AppData\Roaming\Mozilla\Firefox\Profiles\a04mtmlg.default\extensions\firefox@kidzui.com\platform\WINNT_x86-msvc\components\WinKiosk.dllFF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.1\npsitesafety.dllFF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dllFF - plugin: C:\Users\msquare\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: C:\Users\msquare\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dllFF - plugin: C:\Users\msquare\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\msquare\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Users\msquare\AppData\Roaming\Mozilla\plugins\npo1d.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dllFF - ExtSQL: !HIDDEN! 2009-10-22 15:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF - ExtSQL: !HIDDEN! 2009-10-22 15:21; otis@digitalpersona.com; C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExtFF - ExtSQL: !HIDDEN! 2010-07-09 22:05; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-22 53488]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-5-14 45856]R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_0c642403\AESTSr64.exe [2009-10-19 86016]R2 ATService;AuthenTec Fingerprint Service;C:\Program Files (x86)\Fingerprint Sensor\ATService.exe [2008-5-5 1798904]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]R2 Dokan;Dokan;C:\Windows\System32\drivers\dokan.sys [2011-1-10 120408]R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-1-10 14848]R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-10-22 90112]R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-3-13 65536]R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-5-16 206120]R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2009-11-8 11576]R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-5-16 185640]R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-8-1 1616048]R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-10-19 541696]R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-10-22 36392]R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-19 239104]R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2009-3-6 159840]R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2009-3-8 319840]S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);C:\Windows\System32\drivers\swnc8u80.sys [2008-1-10 196608]S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);C:\Windows\System32\drivers\swumx80.sys [2008-1-10 191744]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-22 89920].=============== File Associations ===============.FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*.=============== Created Last 30 ================..==================== Find3M ====================.2013-08-02 01:50:13 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys2013-06-24 07:41:42 78185248 ----a-w- C:\Windows\System32\mrt.exe2013-06-18 04:18:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-06-18 04:18:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-06-04 02:03:07 2775040 ----a-w- C:\Windows\System32\win32k.sys2013-06-01 04:19:22 619008 ----a-w- C:\Windows\System32\qedit.dll2013-06-01 04:06:08 505344 ----a-w- C:\Windows\SysWow64\qedit.dll2013-05-08 04:50:00 1423720 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-05-08 04:18:16 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL2013-05-08 04:04:52 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL2013-05-05 21:36:54 17818624 ----a-w- C:\Windows\System32\mshtml.dll2013-05-05 21:16:13 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-05-05 19:25:43 12324864 ----a-w- C:\Windows\SysWow64\mshtml.dll2013-05-05 19:12:55 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb.============= FINISH: 23:43:38.90 =============== *** Attach log .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3Install Date: 10/22/2009 9:48:07 AMSystem Uptime: 8/1/2013 10:51:58 PM (1 hours ago).Motherboard: Dell Inc. | | 0H282KProcessor: Intel® Core2 Duo CPU T5800 @ 2.00GHz | Microprocessor | 2000/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 283 GiB total, 83.306 GiB free.D: is FIXED (NTFS) - 15 GiB total, 7.999 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0028Manufacturer: MicrosoftName: Microsoft ISATAP Adapter #4PNP Device ID: ROOT\*ISATAP\0028Service: tunnel.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Microsoft ISATAP AdapterDevice ID: ROOT\*ISATAP\0031Manufacturer: MicrosoftName: Microsoft ISATAP Adapter #3PNP Device ID: ROOT\*ISATAP\0031Service: tunnel.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: Officejet 4500 G510n-zDevice ID: ROOT\IMAGE\0000Manufacturer: HPName: Officejet 4500 G510n-zPNP Device ID: ROOT\IMAGE\0000Service: StillCam.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet 4500 G510n-zDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Officejet 4500 G510n-zPNP Device ID: ROOT\MULTIFUNCTION\0000Service: .==== System Restore Points ===================..==== Installed Programs ======================.3ivx MPEG-4 5.0.3 (remove only)4500_G510nz_Help4500G510nz4500G510nz_Software_Min64 Bit HP CIO Components InstallerAcer eDisplay ManagementAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.4.6Advanced Audio FX EngineApple Application SupportApple Mobile Device SupportApple Software UpdateATI Catalyst Control CenterAuthenTec Fingerprint SystemAVG 2013BonjourBufferChmCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews CommonCatalyst Control Center Graphics Previews VistaCatalyst Control Center Localization Chinese StandardCatalyst Control Center Localization Chinese TraditionalCatalyst Control Center Localization DanishCatalyst Control Center Localization DutchCatalyst Control Center Localization FinnishCatalyst Control Center Localization FrenchCatalyst Control Center Localization GermanCatalyst Control Center Localization ItalianCatalyst Control Center Localization JapaneseCatalyst Control Center Localization KoreanCatalyst Control Center Localization NorwegianCatalyst Control Center Localization PortugueseCatalyst Control Center Localization RussianCatalyst Control Center Localization SpanishCatalyst Control Center Localization Swedishccc-core-staticccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCleanerCompatibility Pack for the 2007 Office systemDell Edoc ViewerDell TouchpadDell Video ChatDell Webcam CentralDell Wireless WLAN Card UtilityDestinationsDeviceDiscoveryDigitalPersona Personal 3.1.0DocMgrDocProcDokan Library 0.6.0Driver InstallerFaxFlickr Uploadr 3.2.1Google ChromeGoogle Talk (remove only)GoToMeeting 4.5.0.457GPBaseService2Holdem ManagerHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Customer Participation Program 13.0HP Document Manager 2.0HP Imaging Device Functions 13.0HP Officejet 4500 G510n-zHP Smart Web Printing 4.5HP Solution Center 13.0HP UpdateHPProductAssistantHPSSupplyIntegrated Webcam Driver (1.06.03.0309) ITECIRiTunesJava 6 Update 13 (64-bit)Java 6 Update 16KeePass Password Safe 2.15KidzuiLink Shell ExtensionLive! Cam Avatar CreatorMagic ISO Maker v5.5 (build 0281)Malwarebytes Anti-Malware version 1.75.0.1300MarketResearchMicrosoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Office PowerPoint Viewer 2007 (English)Microsoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WorksMotorola Driver InstallationMozilla Firefox 20.0.1 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Network64Nokia Connectivity Adapter Cable DKU-5OCR Software by I.R.I.S. 13.0Octoshape add-in for Adobe Flash PlayerOpenOffice.org 3.1Picasa 3Picasa UploaderPivot SoftwarePokerStarsPostgreSQL 8.3QuickSetQuickTimeRoxio Creator AudioRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Express Labeler 3Roxio Update ManagerSamsung ML-1710 SeriesScanSDKSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Shop for HP SuppliesSkinsSmartWebPrintingSolutionCenterSpotifyStartup Delayer v2.5 (build 138)StatusStrongVPN Client version 1.1The Rosetta Stonethinkorswim from TD AMERITRADEToolboxTrayAppUpdate for Microsoft .NET Framework 3.5 SP1 (KB2836940)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Verizon Download ManagerVisual C++ 8.0 Runtime Setup Package (x64)Visual Studio 2008 x64 RedistributablesVisual Studio 2010 x64 RedistributablesVLC media player 1.0.3vLiteVoiceOver KitWebRegWIDCOMM Bluetooth Software 6.1.0.4402WinRAR archiver.==== End Of File ===========================
  6. Hello. My laptop started acting up recently, with CPU & disk utilization hovering around 80% and spiking to 100% at times. This is causing my computer to heat up a lot and is virtually unusable and unresponsive. I ran Malware Bytes to no success as it didn't identify anything. I also ran Process Monitor to try to understand what the culprit is. I can see two suspicious processes that are spinning up thousands of times a minute: - wmiprvse.exe - thousands of file events - svchost.exe - thousands of registry events Can you help me figure out what may be infecting my computer? I'll post the logs in the next reply. Thanks. M
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.