Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe using 100% cpu!


  • Please log in to reply
4 replies to this topic

#1 siper

siper

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 23 November 2013 - 11:25 AM

For the past couple of weeks, my computer shoots up to 100% for no reason. It looks to be coming from netsvcs, but I don't know how/why.

I'm following the steps described by Broni here:
http://www.bleepingcomputer.com/forums/t/504128/netsvcs-has-cpu-at-100/

And will report back with the logs momentarily. Any ideas in the meantime?

 



BC AdBot (Login to Remove)

 


#2 siper

siper
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 23 November 2013 - 11:41 AM

Ok, here are the results. I ran these after I restarted my computer to STOP the computer from running at 100%. I hope that's alright:

 

Security Check:

 Results of screen317's Security Check version 0.99.77  
   x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Adobe Flash Player 11.9.900.117  
 Google Chrome 31.0.1650.48  
 Google Chrome 31.0.1650.57  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 

 

Farbar:

Farbar Service Scanner Version: 23-11-2013
Ran by Todd (administrator) on 23-11-2013 at 08:30:13
Running from "C:\Users\Todd\Downloads"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll
[2013-08-22 05:25] - [2013-08-22 05:25] - 0029184 ____A (Microsoft Corporation) 6E2271ED0C3E95B8E29F3752B91B9E84
 
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-11-15 20:42] - [2013-11-15 20:42] - 2551640 ____A (Microsoft Corporation) 6617F44D2432C529B2249A0498B6B40A
 
C:\Windows\System32\dnsrslvr.dll
[2013-11-15 20:42] - [2013-11-15 20:42] - 0255488 ____A (Microsoft Corporation) 5BAF7714E68F93515A937A3FA8587EF9
 
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2013-11-14 08:09] - [2013-10-12 13:48] - 0828416 ____A (Microsoft Corporation) 6468B696C65775D51A06615830E0E79D
 
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-11-15 20:42] - [2013-11-15 20:42] - 3532288 ____A (Microsoft Corporation) 86D0BF4F792053A50D6EE43DFA5837A5
 
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\ipnathlp.dll
[2013-11-15 20:42] - [2013-11-15 20:42] - 0433664 ____A (Microsoft Corporation) F4414F57DF2CECB8FC969AA43A6B0D50
 
C:\Windows\System32\iphlpsvc.dll
[2013-11-15 20:42] - [2013-11-15 20:42] - 0903168 ____A (Microsoft Corporation) DFC4050D58565ADBEE793A8D4AEBDAE6
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 

 

**** End of log ****
 
MiniToolBox:

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Todd (administrator) on 23-11-2013 at 08:31:11
Running from "C:\Users\Todd\Downloads"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================
 
 
127.0.0.1       activate.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       adobeereg.com
127.0.0.1       practivate.adobe.com
127.0.0.1       ereg.adobe.com
127.0.0.1       www.adobeereg.com
127.0.0.1       activate.wip3.adobe.com
127.0.0.1       wip3.adobe.com
127.0.0.1       3dns-3.adobe.com
127.0.0.1       3dns-2.adobe.com
127.0.0.1       adobe-dns.adobe.com
127.0.0.1       adobe-dns-2.adobe.com
127.0.0.1       adobe-dns-3.adobe.com
127.0.0.1       ereg.wip3.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       192.150.18.108
 
========================= IP Configuration: ================================
 
Intel® 82579V Gigabit Network Connection = Ethernet (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="ethernet_3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : SENTINELPRIME
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® 82579V Gigabit Network Connection
   Physical Address. . . . . . . . . : 30-85-A9-95-93-06
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::6c12:ca0c:d2ab:614c%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.129(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Saturday, November 23, 2013 8:28:00 AM
   Lease Expires . . . . . . . . . . : Sunday, November 24, 2013 8:28:00 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 254838185
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-F3-2E-B1-30-85-A9-95-93-06
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  my.router
Address:  192.168.1.1
 
Name:    google.com
Addresses:  2607:f8b0:4010:801::1006
 74.125.239.46
 74.125.239.33
 74.125.239.38
 74.125.239.40
 74.125.239.36
 74.125.239.41
 74.125.239.37
 74.125.239.35
 74.125.239.34
 74.125.239.32
 74.125.239.39
 
 
Pinging google.com [74.125.239.39] with 32 bytes of data:
Reply from 74.125.239.39: bytes=32 time=14ms TTL=55
Reply from 74.125.239.39: bytes=32 time=18ms TTL=55
 
Ping statistics for 74.125.239.39:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 14ms, Maximum = 18ms, Average = 16ms
Server:  my.router
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  98.138.253.109
 98.139.183.24
 206.190.36.45
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=90ms TTL=48
Reply from 206.190.36.45: bytes=32 time=82ms TTL=48
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 82ms, Maximum = 90ms, Average = 86ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  3...30 85 a9 95 93 06 ......Intel® 82579V Gigabit Network Connection
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.129     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.129    266
    192.168.1.129  255.255.255.255         On-link     192.168.1.129    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.129    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.129    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.129    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  3    266 fe80::/64                On-link
  3    266 fe80::6c12:ca0c:d2ab:614c/128
                                    On-link
  1    306 ff00::/8                 On-link
  3    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [270848] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [84480] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30208] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [338432] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/23/2013 07:44:51 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (11/23/2013 07:44:44 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (11/23/2013 07:43:51 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (11/23/2013 07:43:44 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (11/23/2013 07:42:51 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (11/23/2013 07:42:44 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (11/23/2013 07:41:51 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (11/23/2013 07:41:44 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (11/23/2013 07:40:51 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
Error: (11/23/2013 07:40:44 AM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0x80070002, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.
 
 
System errors:
=============
Error: (11/23/2013 08:31:14 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 17 time(s).
 
Error: (11/23/2013 08:31:14 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%2
 
Error: (11/23/2013 08:31:09 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 16 time(s).
 
Error: (11/23/2013 08:31:09 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%2
 
Error: (11/23/2013 08:31:06 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 15 time(s).
 
Error: (11/23/2013 08:31:06 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%2
 
Error: (11/23/2013 08:29:55 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 14 time(s).
 
Error: (11/23/2013 08:29:55 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%2
 
Error: (11/23/2013 08:29:32 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 13 time(s).
 
Error: (11/23/2013 08:29:32 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (11/23/2013 07:44:51 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
 
Error: (11/23/2013 07:44:44 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
 
Error: (11/23/2013 07:43:51 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
 
Error: (11/23/2013 07:43:44 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
 
Error: (11/23/2013 07:42:51 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
 
Error: (11/23/2013 07:42:44 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
 
Error: (11/23/2013 07:41:51 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
 
Error: (11/23/2013 07:41:44 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
 
Error: (11/23/2013 07:40:51 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
 
Error: (11/23/2013 07:40:44 AM) (Source: Windows Search Service)(User: )
Description: 40x80070002Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-11-08 05:22:06.570
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-11-08 05:22:05.457
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-11-06 17:29:32.817
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-11-05 18:39:54.179
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-11-05 18:39:53.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-11-05 18:39:51.539
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-10-19 06:53:38.895
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-10-19 06:53:38.895
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-10-19 06:53:38.848
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2013-10-19 06:53:38.817
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
µTorrent (Version: 3.3.2.30303)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.8)
Adobe AIR (Version: 3.9.0.1030)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Photoshop CC (Version: 14.0)
Adobe Photoshop Lightroom 5.2 64-bit (Version: 5.2.1)
Advanced SystemCare 6 (Version: 6.4)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Backblaze
Bonjour (Version: 3.0.0.10)
CameraHelperMsi (Version: 13.51.815.0)
Classic Shell (Version: 4.0.0)
dBpoweramp DSP Effects
dBpoweramp Music Converter
Dolby Digital Live Pack (Version: 3.03)
Download Navigator (Version: 3.4.0)
Dropbox (Version: 2.4.6)
Epson Connect
Epson Customer Participation (Version: 1.0.0.0)
Epson Event Manager (Version: 2.50.0001)
Epson FAX Utility (Version: 1.20.00)
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 845 Series Printer Uninstall
EpsonNet Print (Version: 2.4j)
erLT (Version: 1.20.138.34)
Freemake Video Converter version 4.1.0 (Version: 4.1.0)
Google Chrome (Version: 30.0.1599.101)
Google Chrome (Version: 31.0.1650.57)
Google Drive (Version: 1.12.5329.1887)
Google Talk Plugin (Version: 4.9.1.16010)
Google Update Helper (Version: 1.3.21.165)
IObit Unlocker (Version: 1.1)
iTunes (Version: 11.1.3.8)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Logitech SetPoint 6.61 (Version: 6.61.15)
Logitech Webcam Software (Version: 2.80)
LWS Facebook (Version: 13.50.854.0)
LWS Gallery (Version: 13.51.827.0)
LWS Help_main (Version: 13.51.828.0)
LWS Launcher (Version: 13.51.828.0)
LWS Motion Detection (Version: 13.51.815.0)
LWS Pictures And Video (Version: 13.51.815.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Webcam Software (Version: 13.51.815.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (Version: 11.0.51106.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106)
Nik Collection (Version: 1.1.0.7)
NVIDIA 3D Vision Driver 327.23 (Version: 327.23)
NVIDIA Control Panel 327.23 (Version: 327.23)
NVIDIA Graphics Driver 327.23 (Version: 327.23)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2723)
NVIDIA Update 1.14.17 (Version: 1.14.17)
NVIDIA Update Components (Version: 1.14.17)
PDF Settings CC (Version: 12.0)
Perfect Photo Suite 7.5 (Version: 7.5)
QuickTime (Version: 7.74.80.86)
REAPER (x64)
Sound Blaster Recon3D PCIe (Version: 1.01.19)
Sound Blaster Recon3D PCIe Extras (Version: 1.0)
Tablet Driver V5.02
Tag&Rename 3.7 (Version: 3.7)
Unlocker 1.9.2 (Version: 1.9.2)
VLC media player 2.1.0 (Version: 2.1.0)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 9%
Total physical RAM: 32721.83 MB
Available physical RAM: 29637.68 MB
Total Pagefile: 65489.83 MB
Available Pagefile: 62003.64 MB
Total Virtual: 4095.88 MB
Available Virtual: 3960.51 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:118.9 GB) (Free:59.73 GB) NTFS
2 Drive d: (RAPTOR) (Fixed) (Total:465.76 GB) (Free:401.14 GB) NTFS
3 Drive e: (MEDIA) (Fixed) (Total:931.51 GB) (Free:766.75 GB) NTFS
4 Drive f: (HOTSWAP) (Fixed) (Total:698.54 GB) (Free:689.86 GB) NTFS
5 Drive g: (TODD) (Fixed) (Total:931.51 GB) (Free:395.78 GB) NTFS
6 Drive h: (PHOTOGRAPHY) (Fixed) (Total:1863.01 GB) (Free:824.98 GB) NTFS
11 Drive n: (HP SimpleSave) (Fixed) (Total:930.86 GB) (Free:729.65 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\SENTINELPRIME
 
Administrator            Guest                    Todd                     
UpdatusUser              
 
 
**** End of log ****
 
MBAM:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.23.06
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16438
Todd :: SENTINELPRIME [administrator]
 
Protection: Disabled
 
11/23/2013 8:32:26 AM
mbam-log-2013-11-23 (08-32-26).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244480
Time elapsed: 1 minute(s), 38 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
MBAR:

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
 
Database version: v2013.11.23.06
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16438
Todd :: SENTINELPRIME [administrator]
 
11/23/2013 8:05:11 AM
mbar-log-2013-11-23 (08-05-11).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 270087
Time elapsed: 4 minute(s), 43 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
RKILL:

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
 
Database version: v2013.11.23.06
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16438
Todd :: SENTINELPRIME [administrator]
 
11/23/2013 8:05:11 AM
mbar-log-2013-11-23 (08-05-11).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 270087
Time elapsed: 4 minute(s), 43 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
That's it. Anything else I should report back with? Thanks for your help!
 


#3 siper

siper
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 26 November 2013 - 09:32 AM

Bump?



#4 ChelseaWoolf

ChelseaWoolf

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:08:10 PM

Posted 14 December 2013 - 12:32 PM

Have you tried a "clean" XP install and THEN the LATEST "WUA" before even attempting WU? I have and there is absolutely no problem.



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:10 PM

Posted 14 December 2013 - 03:43 PM

Use the Task Manager to see what programs are using your hdd.
 
1)  Right click on the Taskbar to open the Task Manager.
 
2)  Click on the Performance tab in Task Manager.
 
3)  Click on the Resource Monitor button, then click on the Disk tab.
 
4)  When the Process with Disk Activity opens you will be able to see which programs are accessing your hdd.   
 
Please use the Snipping Tool to copy the image of the Process with Disk Activity, you can find this tool in Accessories under All Programs.   After you have the image you will want to go to File and click on Save As, Pictures will open with this image, when it opens give it a name and click on save .
 
Using the Snipping Tool to copy an image. 
 
To open the Snipping tool click on the Start orb startorb_zps06e1f985.png, then type snipping tool in the search box.  Snipping Tool will appear above the search box, right click on it and choose Run as administrator.  
 
Before you open the Snipping Tool have the image you want to copy one the destop, then open the Snipping Tool.
 
A small white cross (+) will appear on the screen, move this to the lower left corner of the image you want to copy, press and hold the mouse and slowly move it to the right and upwards.  You will see a red rectangle form around the image, when you have the image isolated that you want, release the mouse.  
 
After you have the image you will go to File and click on Save As, Pictures will open with this image, when it opens give it a name then click on Save.    
 
You can post this image in your next post.  Just below the area where you write text in a post there is the Post button, to the right of this is More Reply Options
 
Post2_zpsf05c0430.png
 
When you click on More Relpy Options  you will see Attach Files and Browse, click on Browse, this will open Pictures on your computer, click on the image you made with the Snipping Tool, then click on Attach This File, then Add Reply.
 
BCreply1_zpsc36d42fc.png

Edited by dc3, 14 December 2013 - 03:48 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users