TechSpot

CPU pegged at 100%; HijackThis log file attached

Resolved
By jsboehm
Apr 15, 2011
Topic Status:
Not open for further replies.
  1. CPU is staying pegged at 100% even with no applications running causing the machine to crawl. Biggest memory hogs are spoolsv.exe, mcshield.exe, and several svchost.exe's. McSvHost.exe, svchost, and taskmgr.exe (plus firefox.exe right now) are the primary CPU % images.

    Attached is the HijackThis log file - any ideas would be much appreciated!

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll be glad to help with the problem but we don't 'screen' for malware with HijackThis.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    You can uninstall the version of HJT as it's outdated. You can also remove the log. Later in the process, I'll give you the current version to run at the appropriate time.

    You have the McAfee Security Suite. It runs a lot of processes> all the 'Mc' processes. Spoolsv.exe is part of the printer process. Having several svchost.exe processes running are normal. I usually have 7-0. taskmgr.exe will run in the CPU column whenever you have it open.

    But of course, malware can hide behind almost any process- which it why we dont 'screen'.
  3. jsboehm

    jsboehm TS Rookie Topic Starter

    8 Step process complete - logs embedded

    Thank you for your help - very much appreciated.

    I have run the process you pointed me to - below are the logs. I have noticed that sometimes when I reboot the CPU % fluctuates more normally while other times it is pegged at 100%. In either case, the machine remains pretty slow - but certainly worse when the CPU is pegged.

    Malwarebytes Anti-Malware Log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6374

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    4/16/2011 10:15:49 AM
    mbam-log-2011-04-16 (10-15-49).txt

    Scan type: Quick scan
    Objects scanned: 162766
    Time elapsed: 10 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER Log

    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-04-16 10:24:18
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2080AT_PL rev.008300A1
    Running: 35qt31ie.exe; Driver: C:\DOCUME~1\LISABO~1\LOCALS~1\Temp\ugtdipow.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF73610E0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF73610F4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7361120]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7361176]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF73610CC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF73610A4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF73610B8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF736110A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF736114C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7361136]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF73611A0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF736118C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7361160]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip socketlock.sys
    AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp socketlock.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp socketlock.sys
    AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp socketlock.sys
    AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----

    DDS Log - DDS.txt

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Lisa Boehm at 10:28:21.89 on Sat 04/16/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.435 [GMT -4:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Documents and Settings\Lisa Boehm\My Documents\Downloads\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://news.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110221160842.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [SmartDefrag] "c:\program files\iobit\iobit smartdefrag\IObit SmartDefrag.exe" /StartUp
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-explorer: NoPopUpsOnBoot = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: turbotax.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\lisabo~1\applic~1\mozilla\firefox\profiles\srnaji3f.default\
    FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
    FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Adblock Plus Pop-up Addon: adblockpopups@jessehakanen.net - %profile%\extensions\adblockpopups@jessehakanen.net
    FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: HTTPS-Everywhere: https-everywhere@eff.org - %profile%\extensions\https-everywhere@eff.org
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-8-6 386840]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-23 84072]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-23 271480]
    R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-23 271480]
    R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-23 171168]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-23 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-23 141792]
    R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2011-2-21 3712]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-8-6 152960]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-8-6 52104]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-23 313288]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-23 88544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-23 55840]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-23 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-23 84264]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-8-6 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-8-6 40552]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-04-15 20:49:03 -------- d-----w- c:\program files\Trend Micro
    2011-04-13 02:18:22 1409 ----a-w- c:\windows\QTFont.for
    .
    ==================== Find3M ====================
    .
    2011-03-20 01:50:45 49 ----a-w- c:\windows\wpd99.drv
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-21 20:39:08 3712 ----a-w- c:\windows\system32\socketlock.sys
    2011-02-21 20:22:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-21 20:22:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    .
    ============= FINISH: 10:30:53.07 ===============

    DDS Log - Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/7/2006 7:22:35 PM
    System Uptime: 4/16/2011 9:59:27 AM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30AE
    Processor: AMD Turion(tm) 64 Mobile Technology ML-32 | U23 | 1790/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 42.326 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_30A4103C&REV_10\4&FCF0450&0&30A4
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_30A4103C&REV_10\4&FCF0450&0&30A4
    Service: RTL8023xp
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Officejet 4500 G510n-z
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet 4500 G510n-z
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1658: 1/16/2011 8:59:43 AM - System Checkpoint
    RP1659: 1/17/2011 9:59:42 AM - System Checkpoint
    RP1660: 1/18/2011 10:00:47 AM - System Checkpoint
    RP1661: 1/19/2011 10:45:15 AM - System Checkpoint
    RP1662: 1/20/2011 11:08:31 AM - System Checkpoint
    RP1663: 1/21/2011 11:45:17 AM - System Checkpoint
    RP1664: 1/22/2011 11:46:20 AM - System Checkpoint
    RP1665: 1/23/2011 12:46:20 PM - System Checkpoint
    RP1666: 1/24/2011 1:45:14 PM - System Checkpoint
    RP1667: 1/25/2011 2:46:20 PM - System Checkpoint
    RP1668: 1/26/2011 3:52:24 PM - System Checkpoint
    RP1669: 1/27/2011 4:20:27 PM - System Checkpoint
    RP1670: 1/28/2011 5:42:25 PM - System Checkpoint
    RP1671: 1/29/2011 6:21:32 PM - System Checkpoint
    RP1672: 1/30/2011 7:50:11 PM - System Checkpoint
    RP1673: 1/31/2011 8:20:28 PM - System Checkpoint
    RP1674: 2/1/2011 9:20:29 PM - System Checkpoint
    RP1675: 2/2/2011 10:21:33 PM - System Checkpoint
    RP1676: 2/3/2011 11:20:40 PM - System Checkpoint
    RP1677: 2/4/2011 11:47:47 PM - System Checkpoint
    RP1678: 2/6/2011 12:21:45 AM - System Checkpoint
    RP1679: 2/7/2011 1:20:40 AM - System Checkpoint
    RP1680: 2/8/2011 1:51:57 AM - System Checkpoint
    RP1681: 2/9/2011 2:51:56 AM - System Checkpoint
    RP1682: 2/10/2011 3:00:33 AM - Software Distribution Service 3.0
    RP1683: 2/11/2011 3:29:56 AM - System Checkpoint
    RP1684: 2/12/2011 4:29:58 AM - System Checkpoint
    RP1685: 2/13/2011 5:29:55 AM - System Checkpoint
    RP1686: 2/14/2011 6:29:55 AM - System Checkpoint
    RP1687: 2/15/2011 7:29:56 AM - System Checkpoint
    RP1688: 2/16/2011 8:29:56 AM - System Checkpoint
    RP1689: 2/17/2011 9:31:00 AM - System Checkpoint
    RP1690: 2/18/2011 10:29:58 AM - System Checkpoint
    RP1691: 2/19/2011 11:29:55 AM - System Checkpoint
    RP1692: 2/20/2011 12:29:55 PM - System Checkpoint
    RP1693: 2/20/2011 8:59:59 PM - Restore Operation
    RP1694: 2/21/2011 3:19:50 PM - Removed Java(TM) 6 Update 10
    RP1695: 2/21/2011 3:22:38 PM - Installed Java(TM) 6 Update 24
    RP1696: 2/21/2011 3:28:53 PM - Removed Adobe Reader 9.4.2.
    RP1697: 2/21/2011 3:30:20 PM - Installed Adobe Reader X (10.0.1).
    RP1698: 2/21/2011 3:42:04 PM - Installed Alt-Tab Task Switcher Powertoy for Windows XP
    RP1699: 2/21/2011 4:02:02 PM - Removed Acrobat.com
    RP1700: 2/21/2011 4:19:18 PM - Installed WOT for Internet Explorer
    RP1701: 2/21/2011 4:31:00 PM - Software Distribution Service 3.0
    RP1702: 2/21/2011 4:36:19 PM - Software Distribution Service 3.0
    RP1703: 2/21/2011 5:07:18 PM - Software Distribution Service 3.0
    RP1704: 2/21/2011 5:27:42 PM - Software Distribution Service 3.0
    RP1705: 2/21/2011 5:52:01 PM - Software Distribution Service 3.0
    RP1706: 2/21/2011 8:50:51 PM - Software Distribution Service 3.0
    RP1707: 2/22/2011 9:09:31 AM - Printer Driver HP Officejet 4500 G510n-z fax Installed
    RP1708: 2/23/2011 9:33:55 AM - System Checkpoint
    RP1709: 2/24/2011 10:33:55 AM - System Checkpoint
    RP1710: 2/25/2011 11:33:57 AM - System Checkpoint
    RP1711: 2/26/2011 12:33:55 PM - System Checkpoint
    RP1712: 2/27/2011 1:33:56 PM - System Checkpoint
    RP1713: 2/28/2011 2:50:28 PM - System Checkpoint
    RP1714: 3/1/2011 3:00:19 AM - Software Distribution Service 3.0
    RP1715: 3/2/2011 3:22:56 AM - System Checkpoint
    RP1716: 3/3/2011 4:49:56 AM - System Checkpoint
    RP1717: 3/5/2011 2:00:48 PM - System Checkpoint
    RP1718: 3/6/2011 3:06:36 PM - System Checkpoint
    RP1719: 3/7/2011 3:22:52 PM - System Checkpoint
    RP1720: 3/9/2011 3:00:30 AM - Software Distribution Service 3.0
    RP1721: 3/11/2011 11:08:00 AM - System Checkpoint
    RP1722: 3/12/2011 11:35:09 AM - System Checkpoint
    RP1723: 3/13/2011 1:22:53 PM - System Checkpoint
    RP1724: 3/14/2011 1:28:31 PM - System Checkpoint
    RP1725: 3/19/2011 12:49:20 PM - System Checkpoint
    RP1726: 3/20/2011 1:31:14 PM - System Checkpoint
    RP1727: 3/21/2011 2:31:23 PM - System Checkpoint
    RP1728: 3/22/2011 2:31:53 PM - System Checkpoint
    RP1729: 3/23/2011 3:31:28 PM - System Checkpoint
    RP1730: 3/24/2011 3:00:19 AM - Software Distribution Service 3.0
    RP1731: 3/25/2011 3:17:26 AM - System Checkpoint
    RP1732: 3/26/2011 4:47:55 AM - System Checkpoint
    RP1733: 3/27/2011 5:07:53 AM - System Checkpoint
    RP1734: 3/29/2011 1:57:08 PM - System Checkpoint
    RP1735: 3/30/2011 2:39:36 PM - System Checkpoint
    RP1736: 3/31/2011 4:14:12 PM - System Checkpoint
    RP1737: 4/1/2011 4:17:58 PM - System Checkpoint
    RP1738: 4/2/2011 5:20:20 PM - System Checkpoint
    RP1739: 4/4/2011 9:41:04 AM - System Checkpoint
    RP1740: 4/5/2011 10:08:45 AM - System Checkpoint
    RP1741: 4/7/2011 12:18:22 PM - System Checkpoint
    RP1742: 4/8/2011 12:47:45 PM - System Checkpoint
    RP1743: 4/9/2011 1:48:56 PM - System Checkpoint
    RP1744: 4/11/2011 11:30:56 AM - System Checkpoint
    RP1745: 4/12/2011 11:48:19 AM - System Checkpoint
    RP1746: 4/13/2011 2:12:31 PM - System Checkpoint
    RP1747: 4/14/2011 3:30:14 PM - System Checkpoint
    RP1748: 4/15/2011 3:00:53 AM - Software Distribution Service 3.0
    RP1749: 4/16/2011 8:12:16 AM - System Checkpoint
    RP1750: 4/16/2011 9:06:41 AM - Removed Zone Deluxe Games
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    4500_G510nz_Help
    4500G510nz
    4500G510nz_Software_Min
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.0.1)
    Adobe Shockwave Player 11.5
    Advanced SystemCare 3
    AiO_Scan
    Alt-Tab Task Switcher Powertoy for Windows XP
    AnswerWorks 5.0 English Runtime
    Athlon 64 Processor Driver
    ATI Control Panel
    ATI Display Driver
    BufferChm
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant AC-Link Audio
    Copy
    CreativeProjects
    CreativeProjectsTemplates
    CueTour
    Destinations
    DeviceDiscovery
    DocMgr
    DocProc
    DocumentViewer
    Fax
    GlobeReader
    GPBaseService2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB954550-v5)
    HP Customer Participation Program 13.0
    HP Document Manager 2.0
    HP Help and Support
    HP Image Zone 4.2
    HP Imaging Device Functions 13.0
    HP Officejet 4500 G510n-z
    HP PSC & OfficeJet 4.2
    HP Smart Web Printing 4.5
    HP Solution Center 13.0
    HP Update
    HP User Guides 0008
    HP Wireless Assistant 1.01 C1
    HPProductAssistant
    HpSdpAppCoreApp
    HPSSupply
    HPSystemDiagnostics
    InstantShare
    InterVideo WinDVD
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    LightScribe 1.4.44.1
    Malwarebytes' Anti-Malware
    MarketResearch
    McAfee AntiVirus Plus
    McAfee Virtual Technician
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 6.1
    Microsoft IntelliType Pro 6.1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access 2003
    Microsoft Office Standard Edition 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Mozilla Firefox (3.6.16)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee autoProducer 4.0 - SE
    Network
    OCR Software by I.R.I.S. 13.0
    Pdf995
    PhotoGallery
    PrintScreen
    QFolder
    Quicken 2009
    QuickProjects
    QuickTime
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923689)
    Shop for HP Supplies
    SkinsHP1
    Skype Toolbars
    Skype™ 5.1
    Smart Defrag
    SmartFTP
    SmartFTP Client 2.0
    SmartFTP Client 2.0 Setup Files (remove only)
    SmartWebPrinting
    Soft Data Fax Modem with SmartCP
    SolutionCenter
    Sonic Audio Module
    Sonic Copy Module
    Sonic Data Module
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic Update Manager
    SpeedFan (remove only)
    SpywareBlaster 4.4
    Status
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515 drivers.
    TIxx21
    Toolbox
    TrayApp
    TurboTax Deluxe 2007
    Tweak UI
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB971029)
    WebFldrs XP
    WebReg
    WhoCrashed 2.10
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinZip
    WOT for Internet Explorer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/16/2011 9:45:29 AM, error: Service Control Manager [7034] - The HP WMI Interface service terminated unexpectedly. It has done this 1 time(s).
    4/16/2011 9:45:28 AM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/16/2011 9:45:28 AM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/16/2011 9:45:28 AM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/16/2011 9:45:28 AM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    4/16/2011 9:45:26 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    4/16/2011 9:06:46 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    4/15/2011 9:34:15 AM, error: Service Control Manager [7031] - The McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    4/15/2011 9:29:44 AM, error: Service Control Manager [7022] - The HP Network Devices Support service hung on starting.
    4/11/2011 10:42:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eabfiltr
    .
    ==== End Of File ===========================
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, I see some of the excess svchost.ese entries. They are all legitimate, but do not need to start on boot and run in the background: A hint: HP puts a lot of processes on startup for their printers and Digital Imaging. They also set the Services to start automatically. I will have you change that> some I can do with script after you run Combofix- don't do anything on them yet:
    ===============================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ======================================
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===================================
    Comment:
    I recommend that you unintall Advanced SystemCare 3 and the IObit Toolbar if you have it. Neither the program nor it's home site itself will show up Green in the WOT accessments.
  5. jsboehm

    jsboehm TS Rookie Topic Starter

    Eset & ComboFix logs attached

    Bobbye,

    Thanks for your continued help. Here are the Eset and ComboFix logs - both appeared to run without finding any issues.

    I also uninstalled Advanced SystemCare 3, but couldn't find IObit toolbar?

    Eset Log

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6427
    # api_version=3.0.2
    # EOSSerial=69241de3cc294c499aa1bae39849bbe4
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-04-17 04:05:55
    # local_time=2011-04-17 12:05:55 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 19667 19667 0 0
    # compatibility_mode=5121 16777189 100 75 9648515 32160730 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=95157
    # found=0
    # cleaned=0
    # scan_time=6547

    ComboFix Log

    ComboFix 11-04-16.03 - Lisa Boehm 04/17/2011 10:26:26.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.432 [GMT -4:00]
    Running from: c:\documents and settings\Lisa Boehm\My Documents\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-17 to 2011-04-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-15 20:49 . 2011-04-15 20:49 -------- d-----w- c:\program files\Trend Micro
    2011-04-13 02:18 . 2011-04-13 02:18 1409 ----a-w- c:\windows\QTFont.for
    2011-03-26 17:51 . 2011-03-26 17:51 -------- d-----w- c:\documents and settings\Lisa Boehm\Application Data\HP
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-07 05:33 . 2004-08-04 08:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:37 . 2004-08-04 08:00 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2004-08-04 08:00 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-22 23:06 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-02-22 23:06 . 2004-08-04 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-22 23:06 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-22 11:41 . 2004-08-04 08:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-02-21 20:39 . 2011-02-21 20:39 3712 ----a-w- c:\windows\system32\socketlock.sys
    2011-02-21 20:22 . 2007-05-20 20:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-21 20:22 . 2010-06-12 18:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-17 13:18 . 2004-08-04 08:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2004-08-04 08:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2009-12-03 00:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56 . 2004-08-04 08:00 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-09 13:53 . 2004-08-04 08:00 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2004-08-04 08:00 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2004-08-04 08:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-02 07:58 . 2004-08-04 08:00 2067456 ----a-w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2004-08-04 08:00 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 2004-08-04 08:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2010-10-14 02:28 . 2011-02-21 21:08 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
    "SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-07-09 2712920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoPopUpsOnBoot"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-11-10 17:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
    2005-08-01 22:26 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-05-08 21:24 54840 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    2007-02-05 23:52 849280 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-02-19 18:10 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
    2006-11-22 01:08 813912 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
    2004-10-14 21:54 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-02-01 04:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2005-06-19 20:50 729178 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqfxt08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\Hp\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/23/2010 2:42 PM 84072]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/23/2010 2:41 PM 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/23/2010 2:42 PM 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/23/2010 2:42 PM 141792]
    R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2/21/2011 4:39 PM 3712]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/23/2010 2:42 PM 313288]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/23/2010 2:42 PM 88544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/23/2010 2:42 PM 55840]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/23/2010 2:42 PM 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/23/2010 2:42 PM 84264]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 4:00 AM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-11 c:\windows\Tasks\SmartDefrag.job
    - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2011-02-21 23:08]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://news.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: turbotax.com
    FF - ProfilePath - c:\documents and settings\Lisa Boehm\Application Data\Mozilla\Firefox\Profiles\srnaji3f.default\
    FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: Adblock Plus Pop-up Addon: adblockpopups@jessehakanen.net - %profile%\extensions\adblockpopups@jessehakanen.net
    FF - Ext: Element Hiding Helper for Adblock Plus: elemhidehelper@adblockplus.org - %profile%\extensions\elemhidehelper@adblockplus.org
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    FF - Ext: HTTPS-Everywhere: https-everywhere@eff.org - %profile%\extensions\https-everywhere@eff.org
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-04-17 10:38
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1008)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(3196)
    c:\windows\system32\WININET.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-04-17 10:45:12
    ComboFix-quarantined-files.txt 2011-04-17 14:45
    ComboFix2.txt 2011-02-21 20:10
    .
    Pre-Run: 45,382,434,816 bytes free
    Post-Run: 45,368,414,208 bytes free
    .
    - - End Of File - - A5B8F7010FB831B87F561BE16DDAB54B

    CPU is fluctuating more normally now, although the machine is still dragging.

    thanks
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The most important thing I see is this:
    You have put the entire internet zone into the Trusted Sites! Security is lower in the zone. Nothing needs to be in the Trusted Zone!

    Open Internet Options> Security tab> Trusted sites> Sites> Highlight and remove each of these domains. The internet has it's own zone and should not be included anywhere else.
    ===============================
    To check the CPU use:
    Prepare the system for shutdown- but don't shut down> right click on the Taskbar> Task Manager> Double click on the top frame of the CPU column. The only processes you should see are:
    System
    System Idle
    taskmgr

    Together they should add up to 100%. You can ignore an occasional 1-2% use. You will need to determine what is using the CPU.
    --------------------------------
    Are you sure you're referring to the CPU and not Memory? Because Firefox is still a huge memory eater! I stopped loading tabs for my homepage to see if this would cut it down. I've been up about 3 hours and FF is up to 200,000K in Memory, but nothing in the CPU. But the tabs or addons could be increasing FF.
    ================================
    As previously explained, all the processes you mentioned are legitimate. But I'd like you to try something:
    To remove entries from the Startup Menu using the msconfig utility:
    • Click on Start> Run> type in msconfig> enter>
      [​IMG]
    • Click on Selective Startup
    • Choose the Startup tab:
      [​IMG]
      All images courtesy NetSquirrel
    • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
    • Uncheck the following processes: (Note: Advise doing about 3 at a time with reboot in between) And note my entry about the nag message on reboot:
    Click on Apply> OK when finished.
    NOTE:When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.

    There are 18 separate processes running for the HP Digital Imaging alone.> None need to be running unless you are actively using the program. When you want to use it, access from File> Print or All Programs.

    There may be entries in the programs themselves or in Services to change if removing from boot, but I'd like you to see if these makes any significant difference in the speed.

    Consider replacing McAfee when the subscription expires.
  7. jsboehm

    jsboehm TS Rookie Topic Starter

    Updated

    Bobbye,

    Thanks for the further ideas. I have:
    - Removed everything from the trusted zone in internet options in Internet Explorer
    - Removed the startup items you recommended (and also the HP Digital Imaging Monitor as I usually ended up killing that out of the taskbar after startup anyway) - although most of them were already unchecked. At this point the only startup items are atiptaxx, HP Wireless Assistant, mcagent, IObit SmartDefrag, AdobeARM and taskswitch. There are also about 100 Services listed - the vast majority from Microsoft, one from HP (HP WMI interface), Ati Hotkey Poller, and about a dozen others. I can enumerate those for you if that would help.

    I wasn't 100% on the instructions for checking CPU use. When you say prepare for shutdown, do you simply mean exit all programs? If so, once I do that there are still quite a few processes running, but the only ones using CPU are the three you list - the other images are all using varying amount of memory, but not CPU.

    I've just performed all these steps so I'm not sure on performance yet. I have noticed that the CPU is not pegged at 100% much anymore (I keep task manager minimized in the system tray so I can visually see how much CPU is being used at any time). I will just try using the system over the next day or two and then post again with any differences I see.

    In terms of antivirus, what do you recommend instead of McAfee?

    Thank you
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    'Preparing for shutdown' means what you should normally do when you want to shut down the computer. This doesn't mean how you may leave it if, for instance you have a laptop and can close it, leaving processes up while it 'sleeps. It means you close any active Windows you have open, including the browser, any programs you are actively running and your email if you keep it open but minimized on the Taskbar.

    This is when you would log off and shut the system down. At this point, only the 3 processes I mentioned should show any significant activity in the CPU column. A suggestion for you: leaving the Task Manager open for you to watch it is not a good idea for 2 reasons:
    1. As long as you do this, the taskmgr process will use the CPU.
    2. It's an unnecessary 'watch process' for you and along the way, you're going to become unnecessarily obsessed with spikes and numbers.

    If you have the system set up well and security in place, you don't need to watch what's it doing every minute!
    ========================================
    I've already listed what you can take off of the Startup menu using msconfig:
    =================================
    This is pretty silly, don't you think? Why let it start in the first place?
    =================================
    You say the following are still checked on Startup:
    Note: Yes=Needs to start on boot. No=Does not need to start on boot
    1. atiptaxx.exe> ATI Desktop Control Panel. Gives user access to some apps. Convenience item only. No
    2. McAfee entries inc. others you may see:
      [o]. McAgent.exe> a red M icon in the Windows Notification Area No
      [o]. MCUpdateExe> auto update and upgrade. Yes
      [o]. mcvsshld.exe> McAfee VirusScan On-lineVirus Scan On Line : Yes
      [o]. McVsRte.exe> McAfee.com VirusScan Online Realtime Engine Yes
      [o]. MCMNHDLR.EXE> VSO Check Task> part of McAfee's SecurityCenter and Virusscan Online.Yes
      [o]. McRegWiz.exe> McAfee Registration Wizard : No
    3. hpWirelessAssistant> Filename: HPWAMain.exe> No
    4. IObit SmartDefrag> Choose from All Programs only as needed. No
    5. AdobeARM> Adobe Reader and Acrobat Manager, is an autoupdate utility No
    6. taskswitch> switch between the application that are running by using the Alt+Tab keys. "This program is a non-essential system process". Convenience only. No
    ==========================================
    Have layered Security:
    [o]Antivirus :(only one):Both of the following programs are free and known to be good:
    [o]Avira-AntiVir-Personal-Free-Antivirus
    [o]Avast Free Version
    [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
    [o]Comodo
    [o]Zone Alarm
    Antimalware: I recommend all of the following:
    [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
    [o]Spybot Search & Destroy

    When you have finished, I'll have you remove the cleaning tools.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.