WmiPrvSE.exe utilizing +50% of CPU constantly

[richardaharley]

Hi there.

I basically have the same problem as discussed in this topic: http://forums.malwarebytes.org/index.php?showtopic=122829

WmiPrvSE.exe seems to be slowing my computer down significantly and constantly. I have been looking at various forums on the internet to resolve this problem. I tried one whereby I stop the Windows Management Instrumentation service, consequently stopping Security Center and IP helper services. Then by starting up both Security Center and IP Helper individually the problem of encountered with WmiPrsvSE.exe appearing and hogging my CPU disappears, with CPU usage dropping from 90-100% to 10-20%. This seems like a temporary fix though, as the process is required after every reboot.

Any guidance as in the forum mentioned above to alleviate this problem would be greatly appreciated.

Thanks,

Richard.

[Firefox]

Hello and

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

• 
  When done, DDS will open two (2) logs:
  

1. DDS.txt
   
2. Attach.txt
   

• Save both reports to your desktop
  
• Please include the following logs in your next reply: DDS.txt and Attach.txt
  You can ignore the note about zipping the Attach.txt file in most cases.
  

[David H. Lipman]

richardaharley, are you running Windows Gadgets ?

There are some SideBar Gadgets that seem to spike CPU utilization.

Google dork

[richardaharley]

Hi firefox, thank you for such a quick response! Ok here are the logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.21.2

Run by Rich at 7:25:41 on 2013-06-11

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1641.402 [GMT 10:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{113F7C50-2239-4F75-A338-2F5157AD67B1} : DHCPNameServer = 192.168.42.129

TCP: Interfaces\{6FC5C929-4FB6-400B-A71C-89B4185D2038} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{6FC5C929-4FB6-400B-A71C-89B4185D2038}\36963736F63726 : DHCPNameServer = 64.59.160.13 64.59.161.68

TCP: Interfaces\{6FC5C929-4FB6-400B-A71C-89B4185D2038}\746505C4 : DHCPNameServer = 199.60.111.18

TCP: Interfaces\{6FC5C929-4FB6-400B-A71C-89B4185D2038}\C696E6B6379737 : DHCPNameServer = 192.168.1.10 192.168.0.10

TCP: Interfaces\{6FC5C929-4FB6-400B-A71C-89B4185D2038}\D4F6B6160284F65737560275966696 : DHCPNameServer = 64.59.160.13 64.59.161.68

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-16 79488]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-16 40064]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-20 283200]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-10-7 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-6-30 204288]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-10-22 106144]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-28 30520]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-11 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-11 701512]

R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-10-22 158880]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-18 115216]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-10-22 30368]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-29 31088]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-11 25928]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-2-21 251496]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-21 685160]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-10-7 47232]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-10-22 36000]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-10-22 330912]

S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-10-22 110240]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-10-22 167584]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-10-22 68256]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-10-22 280992]

S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-10-22 521376]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-14 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-14 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-14 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-22 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2013-06-10 21:13:16 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-06-10 21:01:29 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6F7AE11E-88D6-4EA4-A230-C32B3B5D43B8}\mpengine.dll

2013-06-10 20:57:37 -------- d-sh--w- C:\$RECYCLE.BIN

2013-06-10 19:48:43 98816 ----a-w- C:\Windows\sed.exe

2013-06-10 19:48:43 256000 ----a-w- C:\Windows\PEV.exe

2013-06-10 19:48:43 208896 ----a-w- C:\Windows\MBR.exe

2013-06-10 19:41:50 -------- d-----w- C:\Users\Rich\AppData\Roaming\Foxit Software

2013-06-10 19:41:50 -------- d-----w- C:\Program Files (x86)\Foxit Software

2013-06-10 18:49:28 171 ----a-w- C:\Windows\DeleteOnReboot.bat

2013-06-10 17:41:23 -------- d-----w- C:\Users\Rich\AppData\Roaming\Malwarebytes

2013-06-10 17:40:00 -------- d-----w- C:\ProgramData\Malwarebytes

2013-06-10 17:39:49 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-06-10 17:39:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-06-10 07:55:15 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-06-10 07:55:15 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-06-10 07:55:14 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2013-06-10 07:55:14 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-06-10 07:55:13 1448448 ----a-w- C:\Windows\System32\lsasrv.dll

2013-06-10 07:55:12 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-06-10 07:55:11 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-06-10 07:55:07 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2013-06-10 07:55:06 366592 ----a-w- C:\Windows\System32\qdvd.dll

2013-06-09 18:40:49 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-06-06 16:40:17 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2013-05-27 04:50:12 -------- d-----w- C:\Program Files\iPod

2013-05-27 04:50:01 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-05-27 04:50:01 -------- d-----w- C:\Program Files\iTunes

2013-05-27 04:50:01 -------- d-----w- C:\Program Files (x86)\iTunes

2013-05-21 02:20:32 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5A2DB1D2-21C6-4624-ABCF-CF85487217F4}\gapaengine.dll

2013-05-20 02:47:14 -------- d-----w- C:\Users\Rich\AppData\Local\{218CFEF5-C3A1-4303-AE3B-772A5AFE8721}

2013-05-17 08:37:07 -------- d-----w- C:\Users\Rich\AppData\Local\{0F75B63A-F434-4573-A869-ED1683056BA1}

2013-05-16 20:34:57 -------- d-----w- C:\Users\Rich\AppData\Local\{3B5496CE-F047-4C8E-A6DB-BFD91D31EFB9}

2013-05-16 20:03:33 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-05-16 20:03:32 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-05-16 20:03:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-16 08:09:09 -------- d-----w- C:\Users\Rich\AppData\Local\{3724CDDF-CC1E-42F1-AA43-AA29CB9C7979}

2013-05-15 03:05:14 17613192 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-05-15 02:46:12 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-15 02:46:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-15 02:42:25 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-15 02:42:25 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-05-15 02:42:25 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-05-15 02:42:23 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-05-15 02:42:23 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-05-15 02:42:21 78680 ----a-w- C:\Windows\System32\mcupdate_AuthenticAMD.dll

2013-05-15 02:42:18 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-05-13 08:44:17 -------- d-----w- C:\SearchProtect

.

==================== Find3M ====================

.

2013-05-15 04:07:27 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-15 04:07:25 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-11 14:22:56 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll

2013-04-09 05:13:52 110264 ----a-w- C:\Windows\System32\pdfcmon.dll

2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-04-02 14:09:52 4550656 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-18 01:54:15 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll

2013-03-18 01:54:12 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll

.

============= FINISH: 7:27:17.67 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 20/02/2013 10:57:29 AM

System Uptime: 11/06/2013 6:53:37 AM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 3387

Processor: AMD E-300 APU with Radeon HD Graphics | Socket FT1 | 780/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 279 GiB total, 28.183 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 1.647 GiB free.

E: is FIXED (FAT32) - 4 GiB total, 1.098 GiB free.

F: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: Atheros AR3012 Bluetooth 4.0 + HS Adapter

Device ID: USB\VID_0CF3&PID_311D\ALASKA_DAY_2006

Manufacturer: Atheros Communications

Name: Atheros AR3012 Bluetooth 4.0 + HS Adapter

PNP Device ID: USB\VID_0CF3&PID_311D\ALASKA_DAY_2006

Service: BTHUSB

.

==== System Restore Points ===================

.

RP69: 23/05/2013 5:41:04 AM - Windows Update

RP70: 27/05/2013 1:17:24 PM - Windows Update

RP71: 1/06/2013 3:34:39 AM - Windows Update

RP72: 4/06/2013 6:16:36 PM - Windows Update

RP73: 7/06/2013 2:42:57 AM - Revo Uninstaller's restore point - FirstRowSportApp

RP74: 8/06/2013 3:23:21 AM - Windows Update

RP75: 10/06/2013 5:47:04 AM - Revo Uninstaller's restore point - GenuTax Standard

RP76: 10/06/2013 5:55:26 PM - Windows Update

RP77: 10/06/2013 6:44:18 PM - Windows Modules Installer

RP78: 11/06/2013 5:23:33 AM - Revo Uninstaller's restore point - Adobe Reader X (10.1.7) MUI

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Shockwave Player 11.5

Agatha Christie - Peril at End House

AMD APP SDK Runtime

AMD Media Foundation Decoders

AMD VISION Engine Control Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Bluetooth Suite (64)

Atheros Driver Installation Program

ATI Catalyst Install Manager

µTorrent

Bejeweled 3

Blackhawk Striker 2

Blasterball 3

Bonjour

Bounce Symphony

Cake Mania

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chronicles of Albian

Chuzzle Deluxe

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Cradle of Rome 2

CyberLink YouCam

D3DX10

DAEMON Tools Lite

ESU for Microsoft Windows 7 SP1

Evernote v. 4.6.4

Farm Frenzy

FATE

Final Drive: Nitro

Foxit Reader

Google Chrome

Google Earth

Google Update Helper

Governor of Poker 2 Premium Edition

Hewlett-Packard ACLM.NET v1.2.1.1

HP 3D DriveGuard

HP Auto

HP Client Services

HP CoolSense

HP Customer Experience Enhancements

HP Documentation

HP Games

HP Launch Box

HP On Screen Display

HP Power Manager

HP Quick Launch

HP QuickWeb

HP Setup

HP Setup Manager

HP Software Framework

HP Support Assistant

IDT Audio

iTunes

Java 7 Update 21

Java Auto Updater

Jewel Quest: The Sleepless Star - Collector's Edition

Junk Mail filter update

Mah Jong Medley

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

Mystery of Mortlake Mansion

Namco All-Stars: PAC-MAN

OpenOffice.org 3.4.1

PDFCreator

Penguins!

Picasa 3

Plants vs. Zombies - Game of the Year

Poker Superstars III

Polar Bowler

Polar Golfer

Realtek Ethernet Controller Driver

Realtek USB 2.0 Card Reader

Reason 5.0

Recovery Manager

Revo Uninstaller 1.94

Rosetta Stone Version 3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Sid Meier's Pirates!

Skype™ 6.3

Slingo Supreme

Synaptics TouchPad Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update Installer for WildTangent Games App

Vacation Quest - The Hawaiian Islands

Virtual Villagers 5 - New Believers

VLC media player 2.0.6

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

YTD Video Downloader 3.9.6

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

9/06/2013 2:32:52 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.

9/06/2013 2:32:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

8/06/2013 6:04:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.

8/06/2013 3:08:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPClientSvc service.

5/06/2013 4:21:11 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

5/06/2013 3:09:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ZAtheros Bt&Wlan Coex Agent service.

11/06/2013 6:10:30 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

10/06/2013 9:30:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SDRSVC service.

10/06/2013 5:30:31 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/06/2013 5:28:11 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

10/06/2013 5:28:08 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21

10/06/2013 5:28:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/06/2013 5:28:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/06/2013 5:28:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/06/2013 5:27:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/06/2013 5:27:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

10/06/2013 5:26:58 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

10/06/2013 5:23:26 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

10/06/2013 5:23:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/06/2013 5:23:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

10/06/2013 5:22:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

10/06/2013 5:21:56 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/06/2013 5:21:56 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/06/2013 5:21:56 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/06/2013 5:21:56 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/06/2013 5:21:56 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/06/2013 5:21:56 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

10/06/2013 5:21:56 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/06/2013 5:21:56 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/06/2013 5:21:56 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/06/2013 5:21:56 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

.

==== End Of File ===========================

[richardaharley]

David H. Lipman , thanks for your response too. No I am not using any Windows gadgets. I have uninstalled all of them.

[AdvancedSetup]

In your case it looks like there may be more going on here than this. The computer would appear to possibly be infected which may also be part of the issue here.

Please post you DDS logs again in this forum.

http://forums.malwarebytes.org/index.php?showforum=7

Thanks

[richardaharley]

Ok will do thanks...

[Firefox]

Thanks Ron, make sure you follow his instructions.... and just to add, you also have a hard drive controller error so running a hard drive diagnostic may be a good idea once the experts help you get it all sorted out.... The experts may be able to show you how to perform a diagnostics, either way once your get it all sorted out, we can help you with the diagnostics here....

5/06/2013 4:21:11 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.