Jump to content

Consistent CPU & Disk Utilization - wmiprvse.exe & svchost.exe


Recommended Posts

Hello.

 

My laptop started acting up recently, with CPU & disk utilization hovering around 80% and spiking to 100% at times.  This is causing my computer to heat up a lot and is virtually unusable and unresponsive.

 

I ran Malware Bytes to no success as it didn't identify anything.  I also ran Process Monitor to try to understand what the culprit is.  I can see two suspicious processes that are spinning up thousands of times a minute:

 

- wmiprvse.exe - thousands of file events

- svchost.exe - thousands of registry events

 

Can you help me figure out what may be infecting my computer?  I'll post the logs in the next reply.

 

Thanks.

 

M

Link to post
Share on other sites

***DDS Log

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16450  BrowserJavaVersion: 1.6.0_16
Run by msquare at 23:42:56 on 2013-08-01
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4093.1940 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Fingerprint Sensor\ATService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_0c642403\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Users\msquare\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher GUI.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\SysWOW64\explorer.exe
C:\Users\msquare\Desktop\Procmon.exe
C:\Users\msquare\AppData\Local\Temp\Procmon64.exe
C:\Windows\system32\msiexec.exe
C:\Users\msquare\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\msquare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\msquare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\msquare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\msquare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\msquare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\msquare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\msquare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\msquare\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\msquare\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [spotify Web Helper] "C:\Users\msquare\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
mRun: [DT ACR] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -ACR
mRun: [startupDelayer] "C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher GUI.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{09495D77-510A-421D-A003-13C3CCCE8E40} : DHCPNameServer = 209.183.54.151 209.183.54.151
TCP: Interfaces\{7D0EDF02-4562-48E4-931E-A89A19153927} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{8BD0921E-FFBB-4E1D-8088-84C025A6CA47} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{C86FE04F-360D-493D-9D99-838BE486094F} : DHCPNameServer = 192.168.1.1 4.2.2.2
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll
LSA: Notification Packages =  scecli DPPWDFLT
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe
x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\msquare\AppData\Roaming\Mozilla\Firefox\Profiles\a04mtmlg.default\
FF - prefs.js: keyword.URL - 
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Users\msquare\AppData\Roaming\Mozilla\Firefox\Profiles\a04mtmlg.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: C:\Users\msquare\AppData\Roaming\Mozilla\Firefox\Profiles\a04mtmlg.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: C:\Users\msquare\AppData\Roaming\Mozilla\Firefox\Profiles\a04mtmlg.default\extensions\firefox@kidzui.com\platform\WINNT_x86-msvc\components\WinKiosk.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.1\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Users\msquare\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\msquare\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Users\msquare\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\msquare\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\msquare\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: !HIDDEN! 2009-10-22 15:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2009-10-22 15:21; otis@digitalpersona.com; C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF - ExtSQL: !HIDDEN! 2010-07-09 22:05; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-10-22 53488]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-5-14 45856]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_0c642403\AESTSr64.exe [2009-10-19 86016]
R2 ATService;AuthenTec Fingerprint Service;C:\Program Files (x86)\Fingerprint Sensor\ATService.exe [2008-5-5 1798904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 Dokan;Dokan;C:\Windows\System32\drivers\dokan.sys [2011-1-10 120408]
R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-1-10 14848]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-10-22 90112]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-3-13 65536]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-5-16 206120]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2009-11-8 11576]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-5-16 185640]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [2013-8-1 1616048]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-10-19 541696]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-10-22 36392]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-10-19 239104]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2009-3-6 159840]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2009-3-8 319840]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);C:\Windows\System32\drivers\swnc8u80.sys [2008-1-10 196608]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);C:\Windows\System32\drivers\swumx80.sys [2008-1-10 191744]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-22 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-08-02 01:50:13 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-06-24 07:41:42 78185248 ----a-w- C:\Windows\System32\mrt.exe
2013-06-18 04:18:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-18 04:18:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-04 02:03:07 2775040 ----a-w- C:\Windows\System32\win32k.sys
2013-06-01 04:19:22 619008 ----a-w- C:\Windows\System32\qedit.dll
2013-06-01 04:06:08 505344 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-08 04:50:00 1423720 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-08 04:18:16 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-08 04:04:52 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-05 21:36:54 17818624 ----a-w- C:\Windows\System32\mshtml.dll
2013-05-05 21:16:13 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-05 19:25:43 12324864 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-05-05 19:12:55 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 23:43:38.90 ===============
 
 
*** Attach log
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume3
Install Date: 10/22/2009 9:48:07 AM
System Uptime: 8/1/2013 10:51:58 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0H282K
Processor: Intel® Core2 Duo CPU     T5800  @ 2.00GHz | Microprocessor | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 83.306 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 7.999 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0028
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0028
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0031
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0031
Service: tunnel
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 4500 G510n-z
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.3 (remove only)
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
64 Bit HP CIO Components Installer
Acer eDisplay Management
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.6
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
AuthenTec Fingerprint System
AVG 2013
Bonjour
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCleaner
Compatibility Pack for the 2007 Office system
Dell Edoc Viewer
Dell Touchpad
Dell Video Chat
Dell Webcam Central
Dell Wireless WLAN Card Utility
Destinations
DeviceDiscovery
DigitalPersona Personal 3.1.0
DocMgr
DocProc
Dokan Library 0.6.0
Driver Installer
Fax
Flickr Uploadr 3.2.1
Google Chrome
Google Talk (remove only)
GoToMeeting 4.5.0.457
GPBaseService2
Holdem Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
Integrated Webcam Driver (1.06.03.0309)  
ITECIR
iTunes
Java 6 Update 13 (64-bit)
Java 6 Update 16
KeePass Password Safe 2.15
Kidzui
Link Shell Extension
Live! Cam Avatar Creator
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Motorola Driver Installation
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network64
Nokia Connectivity Adapter Cable DKU-5
OCR Software by I.R.I.S. 13.0
Octoshape add-in for Adobe Flash Player
OpenOffice.org 3.1
Picasa 3
Picasa Uploader
Pivot Software
PokerStars
PostgreSQL 8.3
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Samsung ML-1710 Series
Scan
SDK
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Shop for HP Supplies
Skins
SmartWebPrinting
SolutionCenter
Spotify
Startup Delayer v2.5 (build 138)
Status
StrongVPN Client version 1.1
The Rosetta Stone
thinkorswim from TD AMERITRADE
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Verizon Download Manager
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 1.0.3
vLite
VoiceOver Kit
WebReg
WIDCOMM Bluetooth Software 6.1.0.4402
WinRAR archiver
.
==== End Of File ===========================
 
Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.
Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.
Please enable your system to show hidden files: How to see hidden files in Windows

P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

  • Root Admin

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 

 

Link to post
Share on other sites

  • Root Admin

How is the computer running now?

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Then run this

 

Next, download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


 

Link to post
Share on other sites

  • Root Admin

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 

 

If nothing is found there either then it may simply be startup items, etc.   How much actual CPU is it using after the computer has been up and running for at least 5 minutes?

 

 

Actually that seems probably normal.  svchost.exe is responsible for running the majority of items on the computer in an automated fashion of sorts.
Please start an elevated command prompt and run the following command from DOS and it will show you everything that is running under that service.

tasklist /svc /fi "imagename eq svchost.exe"

You can also download this tool to see what all is running under it svchost viewer

What is svchost.exe And Why Is It Running?

Figuring out why my SVCHOST.EXE is at 100% CPU without complicated tools in Windows 7
 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.