Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

svchost.exe hogging resources


  • Please log in to reply

#1
ttbcs

ttbcs

    Member

  • Member
  • PipPip
  • 67 posts

I was given a vista machine and it seems to be running between 50 - 90 percent cpu all the time, even when nothing is open. Any help would be appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2016 01
Ran by Household (administrator) on HOUSEHOLD-PC (20-06-2016 18:45:43)
Running from C:\Users\Household\Downloads
Loaded Profiles: Household (Available Profiles: Household)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerResearchParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
(RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_TATIPKE.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [562688 2015-02-11] (McAfee, Inc.)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6825888 2016-06-06] (SUPERAntiSpyware)
HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIPKE.EXE [380400 2014-11-13] (SEIKO EPSON CORPORATION)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1105F29B-937E-45C4-80D2-8C13A3BB1992}: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{A05FB141-A447-48C4-919E-847EBD221EFD}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-3298834333-971083110-3924135021-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=EIE9HP&PC=UP68
HKU\S-1-5-21-3298834333-971083110-3924135021-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=EIE9HP&PC=UP68
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-3298834333-971083110-3924135021-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-03-03] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-18] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll [2004-02-20] ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Extension: DownThemAll! - C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-04-21]
FF Extension: FlashGot - C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-04-21]
FF Extension: Greasemonkey - C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-06-20]
FF Extension: Tab Mix Plus - C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-06-20]
FF Extension: Tamper Data - C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2016-06-20]
FF Extension: Private Tab - C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459\Extensions\[email protected] [2016-04-21]
FF Extension: Flashblock - C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-06-15]
FF Extension: Adblock Plus - C:\Users\Household\AppData\Roaming\Mozilla\Firefox\Profiles\wiiuh2f4.default-1461280926459\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-02-28] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2016-04-21]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2016-04-28] [not signed]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-07-13] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-04]
CHR Extension: (Google Drive) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (SiteAdvisor) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-06]
CHR Extension: (Google Docs Offline) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Ghostery) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Household\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2016-02-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [595968 2016-06-04] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2016-02-12] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [690408 2015-03-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [476680 2015-02-27] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [334576 2015-03-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [254904 2016-03-18] (RaMMicHaeL)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61848 2015-02-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1339776 2005-05-06] (Intel Corporation)
R3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [618880 2006-03-02] (Intel Corporation)
R3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [47360 2005-05-06] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [304928 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [260248 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371648 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [380496 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217584 2015-02-17] (McAfee, Inc.)
R3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [36880 2005-05-06] (Intel Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1206560 2012-11-12] (Ralink Technology Corp.)
R3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 TarFltr; C:\Windows\System32\Drivers\UsbFltr.sys [45440 2007-04-11] (Razer USA Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-20 18:47 - 2016-06-20 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-06-20 18:45 - 2016-06-20 18:48 - 00016015 _____ C:\Users\Household\Downloads\FRST.txt
2016-06-20 18:45 - 2016-06-20 18:45 - 00000000 ____D C:\FRST
2016-06-20 18:38 - 2016-06-20 18:38 - 00140232 _____ C:\Windows\Minidump\Mini062016-01.dmp
2016-06-20 18:37 - 2016-06-20 18:41 - 00136884 _____ C:\Windows\ntbtlog.txt
2016-06-20 18:37 - 2016-06-20 18:37 - 197354194 _____ C:\Windows\MEMORY.DMP
2016-06-20 18:34 - 2016-06-20 18:34 - 01738240 _____ (Farbar) C:\Users\Household\Downloads\FRST.exe
2016-06-20 15:14 - 2016-06-20 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-06-20 09:53 - 2016-06-20 09:53 - 00646811 _____ C:\Users\Household\Downloads\wisdom teeth forms.pdf
2016-06-20 09:48 - 2016-06-20 09:48 - 00646811 _____ C:\Users\Household\Downloads\submission.pdf
2016-06-18 13:43 - 2016-06-18 14:43 - 09717952 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2016-06-12 08:29 - 2016-06-12 08:29 - 00496242 _____ C:\Users\Household\Downloads\sam.pdf
2016-05-30 23:56 - 2016-05-30 23:56 - 00040960 _____ C:\Users\Household\Documents\yw recipe card 5.pub
2016-05-30 23:55 - 2016-05-30 23:55 - 00043008 _____ C:\Users\Household\Documents\yw recipe card 3.pub
2016-05-30 23:55 - 2016-05-30 23:55 - 00040960 _____ C:\Users\Household\Documents\yw recipe card 4.pub
2016-05-30 23:55 - 2016-05-30 23:55 - 00038400 _____ C:\Users\Household\Documents\yw recipe card 2.pub
2016-05-30 23:54 - 2016-05-30 23:54 - 00040960 _____ C:\Users\Household\Documents\yw recipe card.pub
2016-05-30 11:17 - 2016-05-30 11:17 - 00546451 _____ C:\Users\Household\Documents\Dulcie's cookbook - Copy.pdf
2016-05-28 21:22 - 2016-05-28 21:22 - 00001878 _____ C:\Users\Public\Desktop\Skype.lnk
2016-05-28 21:22 - 2016-05-28 21:22 - 00000000 ___RD C:\Program Files\Skype
2016-05-28 21:22 - 2016-05-28 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-05-28 21:22 - 2016-05-28 21:22 - 00000000 ____D C:\Program Files\Common Files\Skype

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-20 18:43 - 2016-04-21 17:46 - 00000000 ____D C:\Users\Household\AppData\Roaming\Skype
2016-06-20 18:43 - 2015-02-28 13:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-20 18:43 - 2015-02-28 12:37 - 00000680 _____ C:\Users\Household\AppData\Local\d3d9caps.dat
2016-06-20 18:42 - 2015-02-28 13:41 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-20 18:42 - 2006-11-02 06:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-20 18:42 - 2006-11-02 05:47 - 00004016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-20 18:42 - 2006-11-02 05:47 - 00004016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-20 18:41 - 2015-05-13 19:05 - 00000000 ____D C:\Program Files\CCleaner
2016-06-20 18:38 - 2015-12-15 10:50 - 00000000 ____D C:\Windows\Minidump
2016-06-20 18:28 - 2006-11-02 06:01 - 00032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-20 18:10 - 2016-02-01 14:57 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15d3b9003404d.job
2016-06-20 18:03 - 2015-09-19 11:58 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f30d1c797ba8.job
2016-06-20 18:03 - 2015-07-19 16:58 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0c27ec7feb10b.job
2016-06-20 18:03 - 2015-05-15 12:52 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08f48bd0bc09f.job
2016-06-20 18:02 - 2016-02-09 17:02 - 00000917 _____ C:\Windows\Tasks\EPSON XP-830 Series Update {B083E7F3-918A-4BDA-9290-2542E9357605}.job
2016-06-20 18:02 - 2015-12-06 11:58 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d130588c7d3ab.job
2016-06-20 17:57 - 2015-02-28 13:41 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-20 15:14 - 2015-05-13 19:39 - 00000000 ____D C:\ProgramData\Unchecky
2016-06-20 12:37 - 2015-05-13 17:12 - 00000000 ____D C:\Program Files\McAfee
2016-06-20 09:55 - 2015-08-03 20:58 - 00000000 ____D C:\Users\Household\Documents\CF
2016-06-18 14:43 - 2015-02-28 13:40 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-06-18 14:43 - 2015-02-28 13:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-18 13:48 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\inf
2016-06-15 15:22 - 2015-05-13 19:34 - 00000000 ____D C:\ProgramData\TEMP
2016-06-15 15:22 - 2015-05-13 19:34 - 00000000 ____D C:\Program Files\SpywareBlaster
2016-06-15 15:21 - 2015-05-13 19:41 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-13 08:59 - 2015-05-14 21:12 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-06-12 15:43 - 2016-04-21 16:49 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-06-12 15:43 - 2015-07-10 05:28 - 00000846 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-12 15:43 - 2015-05-14 21:12 - 00000858 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-06 23:01 - 2015-05-13 19:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-06-06 22:54 - 2006-11-02 03:33 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-01 11:04 - 2006-11-02 04:18 - 00000000 ____D C:\Windows\system32\NDF
2016-05-30 11:17 - 2016-01-23 20:43 - 00000000 ____D C:\Users\Household\AppData\Local\CutePDF Writer
2016-05-29 08:04 - 2015-05-13 19:29 - 00000000 ____D C:\Program Files\7-Zip
2016-05-28 21:22 - 2016-04-21 17:46 - 00000000 ____D C:\Users\Household\AppData\Local\Skype
2016-05-28 21:22 - 2016-04-21 17:45 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-02-28 12:37 - 2016-06-20 18:43 - 0000680 _____ () C:\Users\Household\AppData\Local\d3d9caps.dat
2015-05-13 20:15 - 2015-05-13 20:15 - 0004608 _____ () C:\Users\Household\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-04 20:23 - 2015-03-04 20:23 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-20 18:48

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-06-2016 01
Ran by Household (2016-06-20 18:49:02)
Running from C:\Users\Household\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2015-02-28 16:11:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3298834333-971083110-3924135021-500 - Administrator - Disabled)
Guest (S-1-5-21-3298834333-971083110-3924135021-501 - Limited - Enabled)
Household (S-1-5-21-3298834333-971083110-3924135021-1000 - Administrator - Enabled) => C:\Users\Household

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
Easy Photo Scan (HKLM\...\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}) (Version: 1.00.0006 - Seiko Epson Corporation)
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.62.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.43.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-830 Series Printer Uninstall (HKLM\...\EPSON XP-830 Series) (Version:  - Seiko Epson Corporation)
Epson XP-830 User’s Guide version 1.0 (HKLM\...\UsersGuideEpson XP-830 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth Pro (HKLM\...\{5BAA8884-F661-464B-B5B2-5C6C632BFC21}) (Version: 7.1.4.1529 - Google)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® 537EP V9x DF PCI Modem (HKLM\...\Intel® 537EP V9x DF PCI Modem) (Version:  - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee All Access – Total Protection (HKLM\...\MSC) (Version: 14.0.339 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.290 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (HKLM\...\{91CA0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 47.0 - Mozilla)
NETGEAR WNDA4100 (Version: 1.2.0.10 - NETGEAR) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
Skype™ 7.24 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
Software Updater (HKLM\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.1.7010 - Analog Devices)
SpywareBlaster 5.4 (HKLM\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
Unchecky v0.4.3 (HKLM\...\Unchecky) (Version: 0.4.3 - RaMMicHaeL)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0988E42E-8ADE-4FCC-8894-66C9B4BC87A0} - System32\Tasks\EPSON XP-830 Series Update {B083E7F3-918A-4BDA-9290-2542E9357605} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSPKE.EXE [2013-11-21] (SEIKO EPSON CORPORATION)
Task: {1EEBDBD3-FE4B-43F0-99D6-97AA29A1A179} - System32\Tasks\GoogleUpdateTaskMachineUA1d15d3b9003404d => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {494515F9-53DB-4B12-BB4E-73420787B83E} - System32\Tasks\GoogleUpdateTaskMachineUA1d08f48bd0bc09f => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {54BB4BBB-7F55-42F6-BA6A-4236C857ACAD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {694EB21A-FA8E-4936-B6AF-144FF0DFEE1C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8C569554-EF9E-463B-95A3-33796EBAE078} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {90A876AD-B256-4A9E-A5BF-444A5447FDAD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-18] (Adobe Systems Incorporated)
Task: {B98A0101-7F9C-4601-8F69-5245766C30CC} - System32\Tasks\GoogleUpdateTaskMachineUA1d0c27ec7feb10b => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {CBDCD817-D16A-4567-9A8B-A634ACEC7C9A} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f30d1c797ba8 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DCB8B20A-E0FC-4975-A7C5-5F243FAE8FA9} - System32\Tasks\GoogleUpdateTaskMachineUA1d130588c7d3ab => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DD982B3E-83DB-459E-99D1-33CCA7370DE4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-830 Series Update {B083E7F3-918A-4BDA-9290-2542E9357605}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSPKE.EXE:/EXE:{B083E7F3-918A-4BDA-9290-2542E9357605} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08f48bd0bc09f.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0c27ec7feb10b.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f30d1c797ba8.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d130588c7d3ab.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15d3b9003404d.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-01-23 20:41 - 2016-01-22 17:56 - 00089008 _____ () C:\Windows\System32\cpwmon2k.dll
2015-02-28 19:45 - 2009-04-10 23:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [134]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3298834333-971083110-3924135021-1000\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 03:23 - 2016-06-20 18:42 - 00001961 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 5 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3298834333-971083110-3924135021-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\img7.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{626759AC-27C3-4C21-89C2-F4004D7DC670}] => (Allow) LPort=80
FirewallRules: [{7641F1DC-E6C2-450C-B1BA-798034004E24}] => (Allow) LPort=80
FirewallRules: [{F8B55E44-442F-497A-B6A8-95DFC12B428A}] => (Allow) LPort=80
FirewallRules: [{79AF0892-0FB2-4AAC-B422-5C634173A917}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{89735289-0AD5-48D8-9D18-1B53A80A99D5}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{B99992E0-971F-43ED-8C4A-389AF3F5EDCE}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{EE50801C-798A-481D-B78D-D0E8F81FAA95}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2840BA4C-B9E3-434A-85D9-8DBB20A46A53}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9C5B75DD-4FF5-4589-9697-91557E34B8FF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3ACDCB2D-CD2A-44FF-8052-DF35C8E92A10}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0A985C31-1DD5-4F53-AAE8-7BF03DAA487D}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{98059D22-4A0A-4B21-A684-BC434214D8DF}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe

==================== Restore Points =========================

06-04-2016 16:59:49 Scheduled Checkpoint
20-04-2016 10:22:22 Windows Update
21-04-2016 17:40:58 Windows Update
21-04-2016 17:52:36 Removed HP Officejet 6500 E710n-z Help
21-04-2016 17:54:15 Removed HP Update.
21-04-2016 18:18:20 Removed HP Update.
21-04-2016 18:21:11 Removed HP Officejet 6500 E710n-z Help
21-04-2016 18:37:23 Removed Skype™ 7.3
26-04-2016 15:51:39 McAfee Vulnerability Scanner
28-04-2016 17:36:53 Scheduled Checkpoint
28-04-2016 18:08:39 Installed Epson Event Manager
29-04-2016 13:30:56 Scheduled Checkpoint
30-04-2016 12:05:35 Scheduled Checkpoint
02-05-2016 17:40:05 Scheduled Checkpoint
03-05-2016 13:06:02 Scheduled Checkpoint
09-05-2016 11:36:41 Scheduled Checkpoint
15-05-2016 14:46:37 Installed Epson Print CD
15-05-2016 17:06:03 McAfee Vulnerability Scanner
15-05-2016 17:06:50 Windows Update
16-05-2016 16:47:15 Scheduled Checkpoint
17-05-2016 18:44:59 Scheduled Checkpoint
18-05-2016 10:27:06 Scheduled Checkpoint
23-05-2016 13:09:08 McAfee Vulnerability Scanner
28-05-2016 21:18:36 McAfee Vulnerability Scanner
29-05-2016 20:49:19 Scheduled Checkpoint
30-05-2016 11:58:07 Scheduled Checkpoint
31-05-2016 08:47:08 Scheduled Checkpoint
04-06-2016 10:33:44 Scheduled Checkpoint
06-06-2016 21:54:26 Scheduled Checkpoint
08-06-2016 00:00:05 Scheduled Checkpoint
12-06-2016 12:11:50 Scheduled Checkpoint
12-06-2016 15:42:34 McAfee Vulnerability Scanner
12-06-2016 15:44:06 Windows Update
13-06-2016 09:57:40 Scheduled Checkpoint
14-06-2016 00:00:02 Scheduled Checkpoint
18-06-2016 17:08:47 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2016 06:44:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2016 06:43:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/20/2016 06:41:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application CCleaner.exe, version 5.10.0.5373, time stamp 0x55f9cdaf, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x72206469,
process id 0x464, application start time 0xCCleaner.exe0.

Error: (06/20/2016 06:39:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2016 06:39:44 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/20/2016 06:38:59 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/20/2016 06:31:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\HOUSEHOLD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\WIIUH2F4.DEFAULT-1461280926459\SAFEBROWSING-TO_DELETE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (06/20/2016 06:31:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\HOUSEHOLD\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\WIIUH2F4.DEFAULT-1461280926459\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (06/20/2016 06:30:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2016 06:29:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (06/20/2016 06:44:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (06/20/2016 06:40:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.


Error: (06/20/2016 06:40:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/20/2016 06:40:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.


Error: (06/20/2016 06:39:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.


Error: (06/20/2016 06:39:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.


Error: (06/20/2016 06:39:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: SAS Core Service110001Restart the service

Error: (06/20/2016 06:39:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.


Error: (06/20/2016 06:39:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068 = The dependency service or group failed to start.


Error: (06/20/2016 06:39:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: AFD
DfsC
i8042prt
mfehidk
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
SASDIFSV
SASKUTIL
Smb
spldr
tdx
Wanarpv6


CodeIntegrity:
===================================
  Date: 2016-06-20 18:40:07.687
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-15 15:33:34.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-15 15:33:34.279
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-15 15:33:33.669
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-15 15:33:33.013
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-15 15:33:32.341
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-15 15:33:31.732
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-15 15:33:30.529
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-15 15:33:29.872
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-15 15:33:29.216
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 76%
Total physical RAM: 2046.35 MB
Available physical RAM: 489.68 MB
Total Virtual: 4325.88 MB
Available Virtual: 2639.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:368.47 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 69205244)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
 

  • 0

#3
ttbcs

ttbcs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 55.85 0 K 12 K 0
mcshield.exe 30.45 193,852 K 187,448 K 2284 McAfee Scanner service McAfee, Inc. (Verified) McAfee
procexp.exe 6.09 22,796 K 31,048 K 5444 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
McVulCtr.exe 3.04 38,560 K 49,336 K 4172 McAfee Vulnerability Scanner McAfee, Inc. (Verified) McAfee
System 1.52 0 K 876 K 4
svchost.exe 1.52 85,116 K 78,512 K 1184 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
McAPExe.exe 0.76 3,472 K 1,532 K 2916 McAfee Access Protection McAfee, Inc. (Verified) McAfee
csrss.exe 0.76 2,796 K 4,556 K 696 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
Skype.exe < 0.01 63,376 K 11,024 K 3128 Skype Skype Technologies S.A. (Verified) Skype Software Sarl
explorer.exe < 0.01 28,836 K 20,680 K 2680 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 111,916 K 99,460 K 1232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
E_TATIPKE.EXE < 0.01 3,848 K 3,020 K 3136 EPSON Status Monitor 3 SEIKO EPSON CORPORATION (Verified) SEIKO EPSON CORPORATION
spoolsv.exe < 0.01 6,660 K 2,908 K 1812 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SUPERANTISPYWARE.EXE < 0.01 20,176 K 1,524 K 3120 SUPERAntiSpyware Application SUPERAntiSpyware (Verified) SUPERAntiSpyware.com
lsass.exe < 0.01 4,476 K 3,064 K 744 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
EEventManager.exe < 0.01 3,752 K 1,056 K 3112 EEventManager Application SEIKO EPSON CORPORATION (Verified) SEIKO EPSON CORPORATION
unchecky_bg.exe < 0.01 1,868 K 4,148 K 2456 Unchecky Background Process RaMMicHaeL (Verified) Reason Software Company Inc.
SASCore.exe < 0.01 1,980 K 332 K 1404 Core Service SUPERAntiSpyware.com (Verified) SUPERAntiSpyware.com
SearchIndexer.exe < 0.01 40,672 K 10,640 K 2436 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
FUFAXRCV.exe < 0.01 5,728 K 1,264 K 3096 Fax Reception SEIKO EPSON CORPORATION (Verified) SEIKO EPSON CORPORATION
FUFAXSTM.exe < 0.01 10,448 K 1,036 K 3104 Fax Transmission SEIKO EPSON CORPORATION (Verified) SEIKO EPSON CORPORATION
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs
WmiPrvSE.exe 3,000 K 5,512 K 4568 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 2,184 K 1,156 K 832 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,164 K 308 K 684 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
unchecky_svc.exe 2,564 K 464 K 2252 Unchecky Service RaMMicHaeL (Verified) Reason Software Company Inc.
taskeng.exe 8,648 K 2,292 K 344 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1,940 K 1,984 K 1936 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,184 K 3,588 K 956 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 16,780 K 7,244 K 1584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 14,876 K 6,380 K 1136 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,276 K 3,372 K 1016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,856 K 3,668 K 1412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,300 K 1,844 K 1340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 13,220 K 7,680 K 1840 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,752 K 41,132 K 2812 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,124 K 712 K 2160 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,524 K 868 K 2112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 520 K 388 K 2320 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
smss.exe 284 K 232 K 572 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SLsvc.exe 7,048 K 1,488 K 1364 Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
services.exe 2,372 K 3,436 K 732 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
rundll32.exe 2,576 K 18,956 K 2444 Windows host process (Rundll32) Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 1,600 K 5,696 K 2580 Notepad Microsoft Corporation (Verified) Microsoft Windows
mfevtps.exe 5,220 K 3,880 K 2080 McAfee Process Validation Service McAfee, Inc. (Verified) McAfee
mfevtps.exe 888 K 280 K 1396 McAfee Process Validation Service McAfee, Inc. (Verified) McAfee
mfemms.exe 1,244 K 808 K 1876 McAfee Management Service McAfee, Inc. (Verified) McAfee
mfefire.exe 3,308 K 1,352 K 2844 McAfee Core Firewall Service McAfee, Inc. (Verified) McAfee
mfefire.exe 676 K 244 K 2956 McAfee Core Firewall Service McAfee, Inc. (Verified) McAfee
McUICnt.exe 40,232 K 25,736 K 2980 McAfee McAfee, Inc. (Verified) McAfee
McSvHost.exe 34,224 K 18,388 K 3068 McAfee Service Host McAfee, Inc. (Verified) McAfee
McSACore.exe 21,052 K 4,608 K 616 SiteAdvisor McAfee, Inc. (Verified) McAfee
lsm.exe 1,740 K 1,384 K 752 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
GoogleCrashHandler.exe 2,368 K 732 K 512 Google Crash Handler Google Inc. (Verified) Google Inc
escsvc.exe 868 K 272 K 1676 Epson Scanner Service (32bit) Seiko Epson Corporation (Verified) SEIKO EPSON Corporation
EPCP.exe 6,408 K 7,800 K 1600 Epson Customer Research Participation SEIKO EPSON CORPORATION (Verified) SEIKO EPSON CORPORATION
dwm.exe 1,180 K 1,984 K 2604 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,904 K 2,348 K 640 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 10,948 K 7,352 K 1320 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 2,052 K 312 K 1508 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
 

Attached Files


  • 0

#4
ttbcs

ttbcs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

While doing the above steps the system seemed to be working. I'm not sure if the svchost.exe problem intermittent.


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,025 posts
  • MVP

Right now your McAfee is eating up your CPU time:

 

mcshield.exe 30.45 

 

Unless it's running a scan it's broken and need to be reinstalled.

 

Your hard drive is showing a lot of errors which is not surprising since it's a Seagate and they don't last long.  You might want to get a Western Digital (black if you can afford it, blue otherwise) and clone it before it dies.  HD errors will also slow the PC down.

 

Keep process explorer running and if you notice a slow down caused by an svchost.exe  hover over the svchost (hit the space bar to stop it jumping around) and it will tell you which services are riding on that particular svchost.


  • 0

#6
ttbcs

ttbcs

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts

Thank you for your help. I will look into getting a new hard drive. I believe McAfee was running a scan. If there aren't any infection then I'll just proceed with buying a hard drive to replace this one.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP