1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: CPU usage 100% explorer.exe culprit

Discussion in 'Windows XP' started by prophet1, Nov 19, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. prophet1

    prophet1 Thread Starter

    Joined:
    Oct 21, 2007
    Messages:
    70
    Hi guys

    Couple of days ago computer started slowing with CPU usage constantly running at 100% when no apps running. Task manager shows explorer.exe process taking up between 50% and 90% CPU usage constantly.

    Ran malwarebytes - Nothing found
    Scanned using avast - Nothing found
    Did a system restore to 1 November 2012 - No change

    Any suggestions in how to tackle this issue would be most appreciated.

    (Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz, x86 Family 15 Model 2 Stepping 9
    Processor Count: 1
    RAM: 1271 Mb
    Graphics Card: Intel(R) 82845G/GL/GE/PE/GV Graphics Controller, 64 Mb
    Hard Drives: C: Total - 76308 MB, Free - 51331 MB; F: Total - 152625 MB, Free - 75877 MB;
    Motherboard: MICRO-STAR INTERNATIONAL CO., LTD, MS-6577
    Antivirus: avast! Antivirus, Updated: Yes, On-Demand Scanner: Enabled)
     
  2. blues_harp28

    blues_harp28 Trusted Advisor Spam Fighter

    Joined:
    Jan 9, 2005
    Messages:
    18,503
  3. prophet1

    prophet1 Thread Starter

    Joined:
    Oct 21, 2007
    Messages:
    70
    Thanks for responding. Logfile as requested below.

    Process PID CPU Private Bytes Working Set Description Company Name
    System Idle Process 0 < 0.01 0 K 16 K
    SYSTEM 4 0 K 236 K
    Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
    smss.exe 604 172 K 412 K Windows NT Session Manager Microsoft Corporation
    csrss.exe 688 1.41 1,704 K 4,372 K Client Server Runtime Process Microsoft Corporation
    winlogon.exe 940 6,092 K 816 K Windows NT Logon Application Microsoft Corporation
    services.exe 984 4.23 1,868 K 5,016 K Services and Controller app Microsoft Corporation
    svchost.exe 1144 3,012 K 4,980 K Generic Host Process for Win32 Services Microsoft Corporation
    GoogleUpdate.exe 2924 17,552 K 19,948 K Google Installer Google Inc.
    wmiprvse.exe 1092 2,636 K 5,352 K WMI Microsoft Corporation
    svchost.exe 1188 1,872 K 4,688 K Generic Host Process for Win32 Services Microsoft Corporation
    svchost.exe 1228 16,868 K 25,104 K Generic Host Process for Win32 Services Microsoft Corporation
    wuauclt.exe 3436 2,476 K 4,716 K Windows Update Microsoft Corporation
    GoogleUpdate.exe 3504 3,952 K 5,712 K Google Installer Google Inc.
    svchost.exe 1260 2,344 K 3,380 K Generic Host Process for Win32 Services Microsoft Corporation
    svchost.exe 1436 1,960 K 4,324 K Generic Host Process for Win32 Services Microsoft Corporation
    svchost.exe 1736 3,440 K 7,524 K Generic Host Process for Win32 Services Microsoft Corporation
    AvastSvc.exe 1896 22,364 K 28,412 K avast! Service AVAST Software
    brsvc01a.exe 1948 340 K 1,360 K brsvc01a brother Industries Ltd
    brss01a.exe 1972 460 K 2,140 K brss01a.exe brother Industries Ltd
    spoolsv.exe 1980 3,596 K 5,656 K Spooler SubSystem App Microsoft Corporation
    svchost.exe 152 1,320 K 3,900 K Generic Host Process for Win32 Services Microsoft Corporation
    BecHelperService.exe 252 1,416 K 5,804 K
    svchost.exe 400 2,408 K 3,792 K Generic Host Process for Win32 Services Microsoft Corporation
    FsUsbExService.Exe 840 1,148 K 3,188 K FsUsbDevice Teruten
    jqs.exe 880 2,512 K 1,892 K Java(TM) Quick Starter Service Oracle Corporation
    prio_svc.exe 1248 624 K 1,848 K
    svchost.exe 1336 2,636 K 4,676 K Generic Host Process for Win32 Services Microsoft Corporation
    alg.exe 2896 1,424 K 4,076 K Application Layer Gateway Service Microsoft Corporation
    svchost.exe 3372 1,780 K 3,932 K Generic Host Process for Win32 Services Microsoft Corporation
    lsass.exe 996 3,876 K 1,852 K LSA Shell (Export Version) Microsoft Corporation
    explorer.exe 1748 81.69 19,592 K 30,256 K Windows Explorer Microsoft Corporation
    igfxtray.exe 1764 1,700 K 4,400 K igfxTray Module Intel Corporation
    hkcmd.exe 2072 1,820 K 4,456 K hkcmd Module Intel Corporation
    SOUNDMAN.EXE 2120 2,108 K 3,468 K Realtek Sound Manager Realtek Semiconductor Corp.
    jusched.exe 2188 1,332 K 4,636 K Java(TM) Update Scheduler Sun Microsystems, Inc.
    jucheck.exe 1640 5,384 K 9,756 K Java(TM) Update Checker Sun Microsystems, Inc.
    AvastUI.exe 2240 6,976 K 4,964 K avast! Antivirus AVAST Software
    rundll32.exe 2260 2,516 K 4,072 K Run a DLL as an App Microsoft Corporation
    KiesTrayAgent.exe 2284 5.63 4,836 K 10,724 K Kies TrayAgent Application Samsung Electronics Co., Ltd.
    ctfmon.exe 2296 1,216 K 4,404 K CTF Loader Microsoft Corporation
    NPSAgent.exe 2424 2,376 K 4,884 K NPSAgent Samsung Electronics Co., Ltd.
    acrotray.exe 2560 968 K 3,204 K AcroTray Adobe Systems Inc.
    HPOstr05.exe 2596 5,752 K 8,500 K Main Executable Hewlett-Packard Co.
    hpovdx05.exe 3164 5,848 K 9,076 K VDI Manager Hewlett-Packard Co.
    stickies.exe 2616 3,768 K 8,472 K Stickies 7.1d Zhorn Software
    Wilog.exe 3516 4.23 87,200 K 101,232 K 3Connect 3Connect
    firefox.exe 4064 1.41 201,648 K 207,256 K Firefox Mozilla Corporation
    procexp.exe 2692 1.41 12,480 K 18,180 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
     
  4. blues_harp28

    blues_harp28 Trusted Advisor Spam Fighter

    Joined:
    Jan 9, 2005
    Messages:
    18,503
    Post a Hjt log - Hijack this 2.04
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

    Also post the uninstall log from Hjt log
    Start HiJackThis.
    At the bottom right - Other Stuff
    Click on Config > Misc Tools.
    Click > Open Uninstall Manager.
    Click > Save List.
    Save the uninstall list file on your desktop.
    It will then open in Notepad.
    Click Edit > Select All > Edit > Copy-and-Paste the uninstall list in the reply box.
     
  5. prophet1

    prophet1 Thread Starter

    Joined:
    Oct 21, 2007
    Messages:
    70
    As requested, HJT logfile & uninstall log

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 22:30:16, on 19/11/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    C:\Program Files\Stickies\stickies.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Prio\prio_svc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\bin\HPOVDX05.EXE
    C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //mailurl:mailto:[email protected]
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE -a
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
    O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    O4 - HKUS\S-1-5-19\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'Default user')
    O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP OfficeJet Startup.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\HPOstr05.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C8146DF5-FFF9-4DC8-8646-36E42D87B393}: NameServer = 217.171.132.1 217.171.132.1
    O20 - AppInit_DLLs: prio.dll
    O20 - Winlogon Notify: RailNotification - Invalid registry found
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: BecHelperService - Unknown owner - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Prio Service (prio_svc) - Unknown owner - C:\Program Files\Prio\prio_svc.exe

    --
    End of file - 8213 bytes


    3Connect
    Adobe Acrobat 6.0 Professional
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop 7.0
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Audacity 2.0.2
    avast! Free Antivirus
    Bullzip PDF Printer 8.4.0.1425
    CCleaner
    Compatibility Pack for the 2007 Office system
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    Hotfix for Windows XP (KB2756822)
    HP OfficeJet Series 600 (Remove Only)
    Huawei modem
    ImgBurn
    Intel(R) Extreme Graphics Driver
    Java 7 Update 7
    K-Lite Codec Pack 9.2.0 (Full)
    LAME v3.99.3 (for Windows)
    LibreOffice 3.6
    LibreOffice 3.6 Help Pack (English)
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Service Pack 1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Extended
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 16.0.2 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    PhotoScape
    Prio
    Realtek AC'97 Audio
    Samsung Kies
    Samsung Kies
    Samsung New PC Studio
    Samsung New PC Studio
    SAMSUNG USB Driver for Mobile Phones
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2731847)
    Stickies 7.1d
    swMSM
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    VLC media player 2.0.3
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
     
  6. blues_harp28

    blues_harp28 Trusted Advisor Spam Fighter

    Joined:
    Jan 9, 2005
    Messages:
    18,503
    Start > Run > Type
    msconfig

    Under the Start Up Tab.
    Untick all entries Except

    C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

    Apply > Ok > Reboot your Pc.

    The System Configuration Utility box appear on retstart - saying changes have been made.
    Tick the box on the lower left and then OK.

    Any entry can be re-enabled using msconfig - if it needs to be
    http://netsquirrel.com/msconfig/index.html
    -----
    Update Java
    http://www.java.com/en/download/index.jsp
    Adobe Reader.
    http://get.adobe.com/reader/
    -----
    You are missing out on important Windows Updates.
    Right click My Computer > Properties > Automatic Updates.
    Tick - Automatic [recommended]
    Apply > Ok.

    You can later - once all updates are installed - choose.
    Tick - 'Notify me but don't automatically download or install them'
     
  7. prophet1

    prophet1 Thread Starter

    Joined:
    Oct 21, 2007
    Messages:
    70
    All done as instructed. Automatic update found only one important update which has now been installed.

    However, CPU usage continues to run at 100% with explorer.exe continuing to use between 70 and 90%.

    From my submissions so far is there a diagnosis of the issue?
     
  8. blues_harp28

    blues_harp28 Trusted Advisor Spam Fighter

    Joined:
    Jan 9, 2005
    Messages:
    18,503
    Download SuperAntiSpyware to your desktop.
    Download the Free version.
    SuperAntiSpyware

    Once downloaded to your desktop.
    Close all open browser windows.

    SuperAntiSpyware
    Click on the install icon - allow it to update during the install process.
    Select the Quick Scan option.
    Click Scan your Computer.
    Any infections or problems will be highlighted in red.
    After the scan is finished.
    Click Continue.
    Check that everything is listed.
    Click Remove Threats.
    Click OK - then click Finish
    You may be prompted to restart to finish the removal process.
    If Yes - restart your Pc.

    Start SuperAntiSpyware again.
    Click View Scan Logs.
    Highlight the scan log entry.
    Click - View Selected Log.
    The scan log will appear in Notepad.
    Copy and paste in your next post.
     
  9. prophet1

    prophet1 Thread Starter

    Joined:
    Oct 21, 2007
    Messages:
    70
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/20/2012 at 03:27 PM

    Application Version : 5.6.1014

    Core Rules Database Version : 9616
    Trace Rules Database Version: 7428

    Scan type : Quick Scan
    Total Scan Time : 00:05:38

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 437
    Memory threats detected : 0
    Registry items scanned : 31996
    Registry threats detected : 0
    File items scanned : 6481
    File threats detected : 0
     
  10. prophet1

    prophet1 Thread Starter

    Joined:
    Oct 21, 2007
    Messages:
    70
    Hi Blues

    It would appear (from all the scan results) that there is no malicious activity causing this problem.

    As the explorer.exe process is doing "work" on something is there any way of analysing what it is actually doing "work" on?
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,146
    First Name:
    Derek
    lets see if these show anything

    Download to Desktop: DDS by sUBs from one of the below locations

    http://download.bleepingcomputer.com/sUBs/dds.com
    http://download.bleepingcomputer.com/sUBs/dds.exe

    double click DDS to run it
    Make sure there is a check mark in DDS txt
    place a check mark in the attach.txt box and then press start

    Do not select any other options unless specifically told to

    When complete, DDS.txt will openand attach.txt will be minimized on your taskbar, click on it to open it

    Save both reports to your desktop.
    DDS.txt
    Attach.txt

    post the contents of both logs back here.

    and then
    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  12. blues_harp28

    blues_harp28 Trusted Advisor Spam Fighter

    Joined:
    Jan 9, 2005
    Messages:
    18,503
    Thanks Derek for stepping in (y)
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,146
    First Name:
    Derek
    I am not sure that I can do any more than you, but it looks worthwhile to check for rootkits & other hidden malware with those symptoms before delving into other possibilities
     
  14. prophet1

    prophet1 Thread Starter

    Joined:
    Oct 21, 2007
    Messages:
    70
    Thanks for the assistance guys.

    dvk01
    Will follow your instructions when I get home later today.
     
  15. prophet1

    prophet1 Thread Starter

    Joined:
    Oct 21, 2007
    Messages:
    70
    Find the two reports below.

    Will now run tdss killer and post log after.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 19/09/2012 21:21:35
    System Uptime: 21/11/2012 15:12:34 (0 hours ago)
    .
    Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6577
    Processor: Intel(R) Pentium(R) 4 CPU 2.60GHz | Socket 478 | 2600/100mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 75 GiB total, 52.111 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 149 GiB total, 74.083 GiB free.
    I: is CDROM (CDFS)
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP41: 23/10/2012 17:43:29 - System Checkpoint
    RP42: 24/10/2012 18:17:42 - System Checkpoint
    RP43: 25/10/2012 21:32:57 - System Checkpoint
    RP44: 26/10/2012 21:52:13 - System Checkpoint
    RP45: 28/10/2012 12:21:07 - System Checkpoint
    RP46: 29/10/2012 08:34:06 - Installed Compatibility Pack for the 2007 Office system
    RP47: 30/10/2012 09:04:49 - System Checkpoint
    RP48: 30/10/2012 23:42:57 - Software Distribution Service 3.0
    RP49: 01/11/2012 09:26:14 - System Checkpoint
    RP50: 02/11/2012 12:14:18 - System Checkpoint
    RP51: 03/11/2012 13:04:23 - System Checkpoint
    RP52: 04/11/2012 14:04:23 - System Checkpoint
    RP53: 05/11/2012 14:20:18 - System Checkpoint
    RP54: 06/11/2012 17:35:23 - System Checkpoint
    RP55: 07/11/2012 18:05:47 - System Checkpoint
    RP56: 08/11/2012 18:34:48 - System Checkpoint
    RP57: 09/11/2012 19:15:30 - System Checkpoint
    RP58: 10/11/2012 21:45:33 - System Checkpoint
    RP59: 11/11/2012 22:04:08 - System Checkpoint
    RP60: 12/11/2012 22:56:30 - System Checkpoint
    RP61: 14/11/2012 10:41:46 - System Checkpoint
    RP62: 15/11/2012 01:16:47 - Software Distribution Service 3.0
    RP63: 16/11/2012 08:42:47 - System Checkpoint
    RP64: 17/11/2012 22:34:33 - System Checkpoint
    RP65: 18/11/2012 23:16:16 - System Checkpoint
    RP66: 19/11/2012 09:34:23 - Removed Google Earth Plug-in.
    RP67: 19/11/2012 09:43:03 - Restore Operation
    RP68: 19/11/2012 22:26:40 - Installed HiJackThis
    RP69: 20/11/2012 00:05:21 - Software Distribution Service 3.0
    RP70: 20/11/2012 09:21:59 - Software Distribution Service 3.0
    RP71: 20/11/2012 10:33:57 - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    3Connect
    Adobe Acrobat 6.0 Professional
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop 7.0
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Audacity 2.0.2
    avast! Free Antivirus
    Bullzip PDF Printer 8.4.0.1425
    CCleaner
    Compatibility Pack for the 2007 Office system
    Google Chrome
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
    Hotfix for Windows XP (KB2756822)
    HP OfficeJet Series 600 (Remove Only)
    Huawei modem
    ImgBurn
    Intel(R) Extreme Graphics Driver
    Java 7 Update 7
    Java Auto Updater
    K-Lite Codec Pack 9.2.0 (Full)
    LAME v3.99.3 (for Windows)
    LibreOffice 3.6
    LibreOffice 3.6 Help Pack (English)
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Service Pack 1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Office File Validation Add-In
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 17.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    PhotoScape
    Realtek AC'97 Audio
    Samsung Kies
    Samsung New PC Studio
    SAMSUNG USB Driver for Mobile Phones
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2761226)
    Stickies 7.1d
    SUPERAntiSpyware
    swMSM
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    VLC media player 2.0.3
    WebFldrs XP
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    20/11/2012 00:59:33, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2729450).
    14/11/2012 10:10:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    14/11/2012 10:10:09, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    14/11/2012 09:03:27, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
    14/11/2012 09:03:27, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
    Run by User at 15:23:16 on 2012-11-21
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.602 [GMT 1:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k bthsvcs
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.co.uk/
    uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe" //mailurl:mailto:[email protected]
    BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
    dRun: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1353406989031
    TCP: Interfaces\{C8146DF5-FFF9-4DC8-8646-36E42D87B393} : NameServer = 217.171.132.1 217.171.132.1
    Notify: igfxcui - igfxsrvc.dll
    Notify: RailNotification - <no file>
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\wft2wd82.default\
    FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/do/mypage.pl?prf=ea2cc97e8378563fc855308c0fce798f
    FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: 2012-09-29 20:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\user\application data\mozilla\firefox\profiles\wft2wd82.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2012-09-30 12:53; {d9babd10-47de-11df-9879-0800200c9a66}; c:\documents and settings\user\application data\mozilla\firefox\profiles\wft2wd82.default\extensions\{d9babd10-47de-11df-9879-0800200c9a66}.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-9-19 738504]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-9-19 21256]
    .
    =============== Created Last 30 ================
    .
    2012-11-20 22:39:03 19424 ----a-w- c:\program files\mozilla firefox\xpcom.dll
    2012-11-20 22:39:03 15103456 ----a-w- c:\program files\mozilla firefox\xul.dll
    2012-11-20 22:39:02 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
    2012-11-20 22:39:02 270816 ----a-w- c:\program files\mozilla firefox\updater.exe
    2012-11-20 22:39:02 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
    2012-11-20 22:39:01 91104 ----a-w- c:\program files\mozilla firefox\smime3.dll
    2012-11-20 22:39:01 890008 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
    2012-11-20 22:39:01 155104 ----a-w- c:\program files\mozilla firefox\softokn3.dll
    2012-11-20 22:39:01 145376 ----a-w- c:\program files\mozilla firefox\ssl3.dll
    2012-11-20 22:39:00 20960 ----a-w- c:\program files\mozilla firefox\plds4.dll
    2012-11-20 22:39:00 16864 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
    2012-11-20 14:21:06 -------- d-----w- c:\documents and settings\user\application data\SUPERAntiSpyware.com
    2012-11-20 14:20:47 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-11-20 14:20:47 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2012-11-20 09:19:01 -------- d-----w- c:\windows\pss
    2012-11-19 21:26:44 388096 ----a-r- c:\documents and settings\user\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-11-19 21:26:42 -------- d-----w- c:\program files\Trend Micro
    2012-11-19 14:28:32 -------- d-----w- c:\program files\Prio
    2012-11-19 08:55:54 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-11-19 08:55:54 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-11-01 14:29:30 -------- d-----w- c:\documents and settings\user\local settings\application data\Mirillis
    2012-11-01 14:29:30 -------- d-----w- c:\documents and settings\user\application data\Mirillis
    2012-11-01 14:29:30 -------- d-----w- c:\documents and settings\all users\application data\Mirillis
    2012-11-01 14:29:04 -------- d-----w- c:\program files\Mirillis
    2012-10-29 07:33:51 -------- d-----w- c:\program files\MSECache
    .
    ==================== Find3M ====================
    .
    2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-22 08:43:24 1875328 ----a-w- c:\windows\system32\win32k.sys
    2012-10-14 07:36:05 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-14 07:36:04 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
    2012-10-02 06:42:40 587 ----a-w- c:\windows\uninstallstickies.bat
    2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-29 09:16:39 67156 ----a-w- c:\windows\Huawei ModemsUninstall.exe
    2012-09-20 04:35:36 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys
    2012-09-20 04:35:36 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
    2012-09-19 13:31:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-09-19 13:31:46 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-09-19 13:31:46 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-09-19 13:31:46 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2012-08-28 15:13:45 920064 ----a-w- c:\windows\system32\wininet.dll
    2012-08-28 15:13:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-08-28 15:13:44 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-28 12:07:41 385024 ----a-w- c:\windows\system32\html.iec
    2012-08-24 13:52:39 178176 ----a-w- c:\windows\system32\wintrust.dll
    .
    ============= FINISH: 15:25:22.21 ===============
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1077411

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice